From 839daa85aaba5172b3dd2b3f882aa9639a09f13a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Bogus=C5=82awski?= Date: Mon, 21 Dec 2020 15:39:41 +0100 Subject: [PATCH] Added option to disable migrations (#13114) * Added option to disable migrations This patch introduces DISABLE_MIGRATIONS parameter in [repository] section of app.ini (by default set to false). If set to true it blocks access to repository migration feature. This mod hides also local repo import option in user editor if local repo importing or migrations is disabled. * Alter Example config DISABLE_MIGRATIONS set to false in example config to match its default value. * HTTP error 403 instead of 500 on denied access to migration * Parameter DISABLE_MIGRATIONS exposed via API Fixes: 04b04cf854bcb3ed7659442bcf79822bdebe29e9 Author-Change-Id: IB#1105130 --- custom/conf/app.example.ini | 2 ++ .../doc/advanced/config-cheat-sheet.en-us.md | 1 + integrations/api_settings_test.go | 5 +++-- modules/context/context.go | 1 + modules/cron/tasks_basic.go | 5 ++++- modules/setting/repository.go | 2 ++ modules/structs/settings.go | 5 +++-- routers/admin/users.go | 2 ++ routers/api/v1/repo/migrate.go | 5 +++++ routers/api/v1/settings/settings.go | 5 +++-- routers/repo/migrate.go | 16 ++++++++++++++++ templates/admin/user/edit.tmpl | 2 +- templates/base/head_navbar.tmpl | 8 +++++--- templates/swagger/v1_json.tmpl | 4 ++++ 14 files changed, 52 insertions(+), 11 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 1e77ff270658..b89bbf894e50 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -66,6 +66,8 @@ DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,re PREFIX_ARCHIVE_FILES = true ; Disable the creation of new mirrors. Pre-existing mirrors remain valid. DISABLE_MIRRORS = false +; Disable migrating feature. +DISABLE_MIGRATIONS = false ; The default branch name of new repositories DEFAULT_BRANCH = master ; Allow adoption of unadopted repositories diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index e30e740f7f18..d482523f797b 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -74,6 +74,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects**: Comma separated list of default repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list. - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository. - `DISABLE_MIRRORS`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid. +- `DISABLE_MIGRATIONS`: **false**: Disable migrating feature. - `DEFAULT_BRANCH`: **master**: Default branch name of all repositories. - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories diff --git a/integrations/api_settings_test.go b/integrations/api_settings_test.go index 60dbf7a9dc0f..19a005387696 100644 --- a/integrations/api_settings_test.go +++ b/integrations/api_settings_test.go @@ -43,8 +43,9 @@ func TestAPIExposedSettings(t *testing.T) { DecodeJSON(t, resp, &repo) assert.EqualValues(t, &api.GeneralRepoSettings{ - MirrorsDisabled: setting.Repository.DisableMirrors, - HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MirrorsDisabled: setting.Repository.DisableMirrors, + HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MigrationsDisabled: setting.Repository.DisableMigrations, }, repo) attachment := new(api.GeneralAttachmentSettings) diff --git a/modules/context/context.go b/modules/context/context.go index 1405860e07d8..c6597cf024b3 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -343,6 +343,7 @@ func Contexter() macaron.Handler { ctx.Data["EnableSwagger"] = setting.API.EnableSwagger ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations c.Map(ctx) } diff --git a/modules/cron/tasks_basic.go b/modules/cron/tasks_basic.go index 4da21fc7d9dd..a45704e88939 100644 --- a/modules/cron/tasks_basic.go +++ b/modules/cron/tasks_basic.go @@ -11,6 +11,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/migrations" repository_service "code.gitea.io/gitea/modules/repository" + "code.gitea.io/gitea/modules/setting" mirror_service "code.gitea.io/gitea/services/mirror" ) @@ -115,5 +116,7 @@ func initBasicTasks() { registerArchiveCleanup() registerSyncExternalUsers() registerDeletedBranchesCleanup() - registerUpdateMigrationPosterID() + if !setting.Repository.DisableMigrations { + registerUpdateMigrationPosterID() + } } diff --git a/modules/setting/repository.go b/modules/setting/repository.go index 328a09454b42..139512bf008c 100644 --- a/modules/setting/repository.go +++ b/modules/setting/repository.go @@ -42,6 +42,7 @@ var ( DefaultRepoUnits []string PrefixArchiveFiles bool DisableMirrors bool + DisableMigrations bool DefaultBranch string AllowAdoptionOfUnadoptedRepositories bool AllowDeleteOfUnadoptedRepositories bool @@ -152,6 +153,7 @@ var ( DefaultRepoUnits: []string{}, PrefixArchiveFiles: true, DisableMirrors: false, + DisableMigrations: false, DefaultBranch: "master", // Repository editor settings diff --git a/modules/structs/settings.go b/modules/structs/settings.go index 0cb7b3284158..5fd916affe91 100644 --- a/modules/structs/settings.go +++ b/modules/structs/settings.go @@ -6,8 +6,9 @@ package structs // GeneralRepoSettings contains global repository settings exposed by API type GeneralRepoSettings struct { - MirrorsDisabled bool `json:"mirrors_disabled"` - HTTPGitDisabled bool `json:"http_git_disabled"` + MirrorsDisabled bool `json:"mirrors_disabled"` + HTTPGitDisabled bool `json:"http_git_disabled"` + MigrationsDisabled bool `json:"migrations_disabled"` } // GeneralUISettings contains global ui settings exposed by API diff --git a/routers/admin/users.go b/routers/admin/users.go index 4382ee3877f4..06c391b8e075 100644 --- a/routers/admin/users.go +++ b/routers/admin/users.go @@ -191,6 +191,7 @@ func EditUser(ctx *context.Context) { ctx.Data["PageIsAdmin"] = true ctx.Data["PageIsAdminUsers"] = true ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations prepareUserInfo(ctx) if ctx.Written() { @@ -205,6 +206,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) { ctx.Data["Title"] = ctx.Tr("admin.users.edit_account") ctx.Data["PageIsAdmin"] = true ctx.Data["PageIsAdminUsers"] = true + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations u := prepareUserInfo(ctx) if ctx.Written() { diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go index 511e91f94e1a..ab480c29aaf2 100644 --- a/routers/api/v1/repo/migrate.go +++ b/routers/api/v1/repo/migrate.go @@ -119,6 +119,11 @@ func Migrate(ctx *context.APIContext, form api.MigrateRepoOptions) { return } + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigrationsGlobalDisabled", fmt.Errorf("the site administrator has disabled migrations")) + return + } + var opts = migrations.MigrateOptions{ CloneAddr: remoteAddr, RepoName: form.RepoName, diff --git a/routers/api/v1/settings/settings.go b/routers/api/v1/settings/settings.go index c94a3141e2f8..6095988404b0 100644 --- a/routers/api/v1/settings/settings.go +++ b/routers/api/v1/settings/settings.go @@ -57,8 +57,9 @@ func GetGeneralRepoSettings(ctx *context.APIContext) { // "200": // "$ref": "#/responses/GeneralRepoSettings" ctx.JSON(http.StatusOK, api.GeneralRepoSettings{ - MirrorsDisabled: setting.Repository.DisableMirrors, - HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MirrorsDisabled: setting.Repository.DisableMirrors, + HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MigrationsDisabled: setting.Repository.DisableMigrations, }) } diff --git a/routers/repo/migrate.go b/routers/repo/migrate.go index d843a043a7a5..a628fd2e2fd3 100644 --- a/routers/repo/migrate.go +++ b/routers/repo/migrate.go @@ -6,6 +6,7 @@ package repo import ( + "net/http" "strings" "code.gitea.io/gitea/models" @@ -25,6 +26,11 @@ const ( // Migrate render migration of repository page func Migrate(ctx *context.Context) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "Migrate: the site administrator has disabled migrations") + return + } + ctx.Data["Services"] = append([]structs.GitServiceType{structs.PlainGitService}, structs.SupportedFullGitService...) serviceType := ctx.QueryInt("service_type") if serviceType == 0 { @@ -60,6 +66,11 @@ func Migrate(ctx *context.Context) { } func handleMigrateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form *auth.MigrateRepoForm) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigrateError: the site administrator has disabled migrations") + return + } + switch { case migrations.IsRateLimitError(err): ctx.RenderWithErr(ctx.Tr("form.visit_rate_limit"), tpl, form) @@ -107,6 +118,11 @@ func handleMigrateError(ctx *context.Context, owner *models.User, err error, nam // MigratePost response for migrating from external git repository func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigratePost: the site administrator has disabled migrations") + return + } + ctx.Data["Title"] = ctx.Tr("new_migrate") // Plain git should be first ctx.Data["service"] = structs.GitServiceType(form.Service) diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl index 7f1706e55a43..d6cbdd5f53f5 100644 --- a/templates/admin/user/edit.tmpl +++ b/templates/admin/user/edit.tmpl @@ -95,7 +95,7 @@ -
+