Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow options to disable user deletion from the interface on app.ini #29275

Merged
merged 14 commits into from
Feb 23, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions custom/conf/app.example.ini
Original file line number Diff line number Diff line change
Expand Up @@ -2605,3 +2605,7 @@ LEVEL = Info
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; storage type
;STORAGE_TYPE = local

;[user]
lunny marked this conversation as resolved.
Show resolved Hide resolved
; Disabled modules from user settings, could be deletion now, more moudels can be defined in future
;SETTING_DISABLED_MODULES =
5 changes: 5 additions & 0 deletions docs/content/administration/config-cheat-sheet.en-us.md
Original file line number Diff line number Diff line change
Expand Up @@ -1416,6 +1416,11 @@ However, later updates removed those options, and now the only options are `gith
However, if you want to use actions from other git server, you can use a complete URL in `uses` field, it's supported by Gitea (but not GitHub).
Like `uses: https://gitea.com/actions/checkout@v4` or `uses: http://your-git-server/actions/checkout@v4`.

## User (`user`)

- `SETTING_DISABLED_MODULES`:**_empty_** Disabled modules from user settings, could be `deletion` and more moudels can be defined in future.
- `deletion`: User cannot remove himself from the website.

## Other (`other`)

- `SHOW_FOOTER_VERSION`: **true**: Show Gitea and Go version information in the footer.
Expand Down
5 changes: 5 additions & 0 deletions docs/content/administration/config-cheat-sheet.zh-cn.md
Original file line number Diff line number Diff line change
Expand Up @@ -1345,6 +1345,11 @@ PROXY_HOSTS = *.github.com
但是,如果您想要使用其他 Git 服务器中的操作,您可以在 `uses` 字段中使用完整的 URL,Gitea 支持此功能(GitHub 不支持)。
例如 `uses: https://gitea.com/actions/checkout@v4` 或 `uses: http://your-git-server/actions/checkout@v4`。

## User (`user`)

- `SETTING_DISABLED_MODULES`:**_empty_** 禁用的用户设置模块,当前允许为空或者 `deletion` 未来可以增加更多设置.
- `deletion`: 用户不能通过界面或者API删除他自己。

## 其他 (`other`)

- `SHOW_FOOTER_VERSION`: **true**: 在页面底部显示Gitea的版本。
Expand Down
1 change: 1 addition & 0 deletions modules/setting/setting.go
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ func loadCommonSettingsFrom(cfg ConfigProvider) error {
loadGitFrom(cfg)
loadMirrorFrom(cfg)
loadMarkupFrom(cfg)
loadUserFrom(cfg)
loadOtherFrom(cfg)
return nil
}
Expand Down
31 changes: 31 additions & 0 deletions modules/setting/user.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// Copyright 2024 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package setting

import (
"strings"

"code.gitea.io/gitea/modules/container"
)

const (
UserDeletionKey = "deletion"
)

// userSetting represents user settings
type userSetting struct {
content container.Set[string]
lunny marked this conversation as resolved.
Show resolved Hide resolved
}

func (s *userSetting) Enabled(module string) bool {
return !s.content.Contains(strings.ToLower(module))
lunny marked this conversation as resolved.
Show resolved Hide resolved
}

var User userSetting

func loadUserFrom(rootCfg ConfigProvider) {
sec := rootCfg.Section("user")
values := sec.Key("SETTING_DISABLED_MODULES").Strings(",")
User.content = container.SetOf(values...)
}
17 changes: 15 additions & 2 deletions routers/web/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,14 @@ func registerRoutes(m *web.Route) {
}
}

userSettingModuleEnabled := func(module string) func(ctx *context.Context) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems an over-engendering. It could be simply checked in user_setting.DeleteAccount, instead of bloating the "web.go", it has been much too large.

return func(ctx *context.Context) {
if !setting.User.Enabled(module) {
ctx.Error(http.StatusNotFound)
}
}
}

addWebhookAddRoutes := func() {
m.Get("/{type}/new", repo_setting.WebhooksNew)
m.Post("/gitea/new", web.Bind(forms.NewWebhookForm{}), repo_setting.GiteaHooksNewPost)
Expand Down Expand Up @@ -565,7 +573,7 @@ func registerRoutes(m *web.Route) {
m.Combo("").Get(user_setting.Account).Post(web.Bind(forms.ChangePasswordForm{}), user_setting.AccountPost)
m.Post("/email", web.Bind(forms.AddEmailForm{}), user_setting.EmailPost)
m.Post("/email/delete", user_setting.DeleteEmail)
m.Post("/delete", user_setting.DeleteAccount)
m.Post("/delete", userSettingModuleEnabled(setting.UserDeletionKey), user_setting.DeleteAccount)
Copy link
Contributor

@wxiaoguang wxiaoguang Feb 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it need some test code for the DeleteAccount request?

})
m.Group("/appearance", func() {
m.Get("", user_setting.Appearance)
Expand Down Expand Up @@ -648,7 +656,12 @@ func registerRoutes(m *web.Route) {
})
addWebhookEditRoutes()
}, webhooksEnabled)
}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "AllThemes", setting.UI.Themes, "EnablePackages", setting.Packages.Enabled))
}, reqSignIn, ctxDataSet(
"PageIsUserSettings", true,
"AllThemes", setting.UI.Themes,
"EnablePackages", setting.Packages.Enabled,
"UserModules", &setting.User,
lunny marked this conversation as resolved.
Show resolved Hide resolved
))

m.Group("/user", func() {
m.Get("/activate", auth.Activate)
Expand Down
48 changes: 25 additions & 23 deletions templates/user/settings/account.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -128,30 +128,32 @@
{{end}}
</div>

<h4 class="ui top attached error header">
{{ctx.Locale.Tr "settings.delete_account"}}
</h4>
<div class="ui attached error segment">
<div class="ui red message">
<p class="text left">{{svg "octicon-alert"}} {{ctx.Locale.Tr "settings.delete_prompt" | Str2html}}</p>
{{if .UserDeleteWithComments}}
<p class="text left gt-font-semibold">{{ctx.Locale.Tr "settings.delete_with_all_comments" .UserDeleteWithCommentsMaxTime | Str2html}}</p>
{{end}}
</div>
<form class="ui form ignore-dirty" id="delete-form" action="{{AppSubUrl}}/user/settings/account/delete" method="post">
{{template "base/disable_form_autofill"}}
{{.CsrfTokenHtml}}
<div class="required field {{if .Err_Password}}error{{end}}">
<label for="password-confirmation">{{ctx.Locale.Tr "password"}}</label>
<input id="password-confirmation" name="password" type="password" autocomplete="off" required>
{{if $.UserModules.Enabled "deletion"}}
lunny marked this conversation as resolved.
Show resolved Hide resolved
<h4 class="ui top attached error header">
{{ctx.Locale.Tr "settings.delete_account"}}
</h4>
<div class="ui attached error segment">
<div class="ui red message">
<p class="text left">{{svg "octicon-alert"}} {{ctx.Locale.Tr "settings.delete_prompt" | Str2html}}</p>
{{if .UserDeleteWithComments}}
<p class="text left gt-font-semibold">{{ctx.Locale.Tr "settings.delete_with_all_comments" .UserDeleteWithCommentsMaxTime | Str2html}}</p>
{{end}}
</div>
<div class="field">
<button class="ui red button delete-button" data-modal-id="delete-account" data-type="form" data-form="#delete-form">
{{ctx.Locale.Tr "settings.confirm_delete_account"}}
</button>
</div>
</form>
</div>
<form class="ui form ignore-dirty" id="delete-form" action="{{AppSubUrl}}/user/settings/account/delete" method="post">
{{template "base/disable_form_autofill"}}
{{.CsrfTokenHtml}}
<div class="required field {{if .Err_Password}}error{{end}}">
<label for="password-confirmation">{{ctx.Locale.Tr "password"}}</label>
<input id="password-confirmation" name="password" type="password" autocomplete="off" required>
</div>
<div class="field">
<button class="ui red button delete-button" data-modal-id="delete-account" data-type="form" data-form="#delete-form">
{{ctx.Locale.Tr "settings.confirm_delete_account"}}
</button>
</div>
</form>
</div>
{{end}}
lunny marked this conversation as resolved.
Show resolved Hide resolved
</div>

<div class="ui g-modal-confirm delete modal" id="delete-email">
Expand Down
Loading