Skip to content

add configuration option to restrict users by default #16256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Jul 15, 2021
Merged

add configuration option to restrict users by default #16256

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
6ea9563
add configuration option to restrict users by default
rjnienaber Jun 26, 2021
0a27121
default IsRestricted permission only set on sign up
rjnienaber Jun 26, 2021
e23a876
fix formatting
rjnienaber Jul 4, 2021
0c05404
Apply suggestions from code review
6543 Jul 6, 2021
50cfd70
Merge branch 'main' into add-default-user-is-restricted
6543 Jul 6, 2021
607ccd4
ensure newly created user is set to restricted
rjnienaber Jul 6, 2021
32717a8
ensure imports are in the correct order
rjnienaber Jul 6, 2021
b718ea4
Merge branch 'main' into add-default-user-is-restricted
techknowlogick Jul 15, 2021
b395e4f
Merge branch 'main' into add-default-user-is-restricted
techknowlogick Jul 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions custom/conf/app.example.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -652,6 +652,9 @@ PATH =
;; Default value for AllowCreateOrganization
;; Every new user will have rights set to create organizations depending on this setting
;DEFAULT_ALLOW_CREATE_ORGANIZATION = true
;; Default value for IsRestricted
;; Every new user will have restricted permissions depending on this setting
;DEFAULT_USER_IS_RESTRICTED = false
;;
;; Either "public", "limited" or "private", default is "public"
;; Limited is for users visible only to signed users
Expand Down
1 change: 1 addition & 0 deletions docs/content/doc/advanced/config-cheat-sheet.en-us.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -502,6 +502,7 @@ relation to port exhaustion.
- `HCAPTCHA_SITEKEY`: **""**: Sign up at https://www.hcaptcha.com/ to get a sitekey for hcaptcha.
- `DEFAULT_KEEP_EMAIL_PRIVATE`: **false**: By default set users to keep their email address private.
- `DEFAULT_ALLOW_CREATE_ORGANIZATION`: **true**: Allow new users to create organizations by default.
- `DEFAULT_USER_IS_RESTRICTED`: **false**: Give new users restricted permissions by default
- `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
- `ALLOW_CROSS_REPOSITORY_DEPENDENCIES` : **true** Enable this to allow dependencies on issues from any repository where the user is granted access.
- `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
Expand Down
23 changes: 23 additions & 0 deletions integrations/signup_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"strings"
"testing"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/setting"
"github.com/stretchr/testify/assert"
"github.com/unknwon/i18n"
Expand All @@ -33,6 +34,28 @@ func TestSignup(t *testing.T) {
MakeRequest(t, req, http.StatusOK)
}

func TestSignupAsRestricted(t *testing.T) {
defer prepareTestEnv(t)()

setting.Service.EnableCaptcha = false
setting.Service.DefaultUserIsRestricted = true

req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
"user_name": "restrictedUser",
"email": "[email protected]",
"password": "examplePassword!1",
"retype": "examplePassword!1",
})
MakeRequest(t, req, http.StatusFound)

// should be able to view new user's page
req = NewRequest(t, "GET", "/restrictedUser")
MakeRequest(t, req, http.StatusOK)

user2 := models.AssertExistsAndLoadBean(t, &models.User{Name: "restrictedUser"}).(*models.User)
assert.True(t, user2.IsRestricted)
}

func TestSignupEmail(t *testing.T) {
defer prepareTestEnv(t)()

Expand Down
2 changes: 2 additions & 0 deletions modules/setting/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ var Service = struct {
HcaptchaSitekey string
DefaultKeepEmailPrivate bool
DefaultAllowCreateOrganization bool
DefaultUserIsRestricted bool
EnableTimetracking bool
DefaultEnableTimetracking bool
DefaultEnableDependencies bool
Expand Down Expand Up @@ -134,6 +135,7 @@ func newService() {
Service.HcaptchaSitekey = sec.Key("HCAPTCHA_SITEKEY").MustString("")
Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool()
Service.DefaultAllowCreateOrganization = sec.Key("DEFAULT_ALLOW_CREATE_ORGANIZATION").MustBool(true)
Service.DefaultUserIsRestricted = sec.Key("DEFAULT_USER_IS_RESTRICTED").MustBool(false)
Service.EnableTimetracking = sec.Key("ENABLE_TIMETRACKING").MustBool(true)
if Service.EnableTimetracking {
Service.DefaultEnableTimetracking = sec.Key("DEFAULT_ENABLE_TIMETRACKING").MustBool(true)
Expand Down
9 changes: 5 additions & 4 deletions routers/web/user/auth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1204,10 +1204,11 @@ func SignUpPost(ctx *context.Context) {
}

u := &models.User{
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
IsRestricted: setting.Service.DefaultUserIsRestricted,
}

if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) {
Expand Down