forked from gitea/gitea
1
0
Fork 0

Allow options to disable user deletion from the interface on app.ini (#29275)

Extract from #20549

This PR added a new option on app.ini `[admin]USER_DISABLED_FEATURES` to
allow the site administrator to disable users visiting deletion user
interface or allow.
This options are also potentially allowed to define more features in
future PRs.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
Lunny Xiao 2024-02-23 15:24:04 +08:00 committed by GitHub
parent 7fbdb60fc1
commit 3ef6252e06
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 34 additions and 12 deletions

View File

@ -1474,6 +1474,9 @@ LEVEL = Info
;; ;;
;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled ;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
;DEFAULT_EMAIL_NOTIFICATIONS = enabled ;DEFAULT_EMAIL_NOTIFICATIONS = enabled
;; Disabled features for users, could be "deletion", more features can be disabled in future
;; - deletion: a user cannot delete their own account
;USER_DISABLED_FEATURES =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

View File

@ -518,6 +518,8 @@ And the following unique queues:
- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
- `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations. - `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations.
- `USER_DISABLED_FEATURES`: **_empty_** Disabled features for users, could be `deletion` and more features can be added in future.
- `deletion`: User cannot delete their own account.
## Security (`security`) ## Security (`security`)

View File

@ -497,6 +497,8 @@ Gitea 创建以下非唯一队列:
- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**用户电子邮件通知的默认配置用户可配置。选项enabled、onmention、disabled - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**用户电子邮件通知的默认配置用户可配置。选项enabled、onmention、disabled
- `DISABLE_REGULAR_ORG_CREATION`: **false**:禁止普通(非管理员)用户创建组织。 - `DISABLE_REGULAR_ORG_CREATION`: **false**:禁止普通(非管理员)用户创建组织。
- `USER_DISABLED_FEATURES`:**_empty_** 禁用的用户特性,当前允许为空或者 `deletion` 未来可以增加更多设置。
- `deletion`: 用户不能通过界面或者API删除他自己。
## 安全性 (`security`) ## 安全性 (`security`)

View File

@ -3,14 +3,22 @@
package setting package setting
import "code.gitea.io/gitea/modules/container"
// Admin settings // Admin settings
var Admin struct { var Admin struct {
DisableRegularOrgCreation bool DisableRegularOrgCreation bool
DefaultEmailNotification string DefaultEmailNotification string
UserDisabledFeatures container.Set[string]
} }
func loadAdminFrom(rootCfg ConfigProvider) { func loadAdminFrom(rootCfg ConfigProvider) {
mustMapSetting(rootCfg, "admin", &Admin)
sec := rootCfg.Section("admin") sec := rootCfg.Section("admin")
Admin.DisableRegularOrgCreation = sec.Key("DISABLE_REGULAR_ORG_CREATION").MustBool(false)
Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled") Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled")
Admin.UserDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...)
} }
const (
UserFeatureDeletion = "deletion"
)

View File

@ -233,6 +233,11 @@ func DeleteEmail(ctx *context.Context) {
// DeleteAccount render user suicide page and response for delete user himself // DeleteAccount render user suicide page and response for delete user himself
func DeleteAccount(ctx *context.Context) { func DeleteAccount(ctx *context.Context) {
if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureDeletion) {
ctx.Error(http.StatusNotFound)
return
}
ctx.Data["Title"] = ctx.Tr("settings") ctx.Data["Title"] = ctx.Tr("settings")
ctx.Data["PageIsSettingsAccount"] = true ctx.Data["PageIsSettingsAccount"] = true
@ -299,6 +304,7 @@ func loadAccountData(ctx *context.Context) {
ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference
ctx.Data["ActivationsPending"] = pendingActivation ctx.Data["ActivationsPending"] = pendingActivation
ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm
ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures
if setting.Service.UserDeleteWithCommentsMaxTime != 0 { if setting.Service.UserDeleteWithCommentsMaxTime != 0 {
ctx.Data["UserDeleteWithCommentsMaxTime"] = setting.Service.UserDeleteWithCommentsMaxTime.String() ctx.Data["UserDeleteWithCommentsMaxTime"] = setting.Service.UserDeleteWithCommentsMaxTime.String()

View File

@ -128,6 +128,7 @@
{{end}} {{end}}
</div> </div>
{{if not ($.UserDisabledFeatures.Contains "deletion")}}
<h4 class="ui top attached error header"> <h4 class="ui top attached error header">
{{ctx.Locale.Tr "settings.delete_account"}} {{ctx.Locale.Tr "settings.delete_account"}}
</h4> </h4>
@ -151,7 +152,18 @@
</button> </button>
</div> </div>
</form> </form>
<div class="ui g-modal-confirm delete modal" id="delete-account">
<div class="header">
{{svg "octicon-trash"}}
{{ctx.Locale.Tr "settings.delete_account_title"}}
</div> </div>
<div class="content">
<p>{{ctx.Locale.Tr "settings.delete_account_desc"}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
</div>
{{end}}
</div> </div>
<div class="ui g-modal-confirm delete modal" id="delete-email"> <div class="ui g-modal-confirm delete modal" id="delete-email">
@ -165,15 +177,4 @@
{{template "base/modal_actions_confirm" .}} {{template "base/modal_actions_confirm" .}}
</div> </div>
<div class="ui g-modal-confirm delete modal" id="delete-account">
<div class="header">
{{svg "octicon-trash"}}
{{ctx.Locale.Tr "settings.delete_account_title"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "settings.delete_account_desc"}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
{{template "user/settings/layout_footer" .}} {{template "user/settings/layout_footer" .}}