From 3ef6252e06a1f3981f8b7d1717bfc581418b1dc5 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 23 Feb 2024 15:24:04 +0800 Subject: [PATCH 1/2] Allow options to disable user deletion from the interface on app.ini (#29275) Extract from #20549 This PR added a new option on app.ini `[admin]USER_DISABLED_FEATURES` to allow the site administrator to disable users visiting deletion user interface or allow. This options are also potentially allowed to define more features in future PRs. --------- Co-authored-by: wxiaoguang --- custom/conf/app.example.ini | 3 +++ .../config-cheat-sheet.en-us.md | 2 ++ .../config-cheat-sheet.zh-cn.md | 2 ++ modules/setting/admin.go | 10 +++++++- routers/web/user/setting/account.go | 6 +++++ templates/user/settings/account.tmpl | 23 ++++++++++--------- 6 files changed, 34 insertions(+), 12 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index a360970593aee..5451537d02ccf 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -1474,6 +1474,9 @@ LEVEL = Info ;; ;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled ;DEFAULT_EMAIL_NOTIFICATIONS = enabled +;; Disabled features for users, could be "deletion", more features can be disabled in future +;; - deletion: a user cannot delete their own account +;USER_DISABLED_FEATURES = ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index 838e26b0f6b14..643932de6c1be 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -518,6 +518,8 @@ And the following unique queues: - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled - `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations. +- `USER_DISABLED_FEATURES`: **_empty_** Disabled features for users, could be `deletion` and more features can be added in future. + - `deletion`: User cannot delete their own account. ## Security (`security`) diff --git a/docs/content/administration/config-cheat-sheet.zh-cn.md b/docs/content/administration/config-cheat-sheet.zh-cn.md index 01906930cb9e0..5fe0a62215f54 100644 --- a/docs/content/administration/config-cheat-sheet.zh-cn.md +++ b/docs/content/administration/config-cheat-sheet.zh-cn.md @@ -497,6 +497,8 @@ Gitea 创建以下非唯一队列: - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**:用户电子邮件通知的默认配置(用户可配置)。选项:enabled、onmention、disabled - `DISABLE_REGULAR_ORG_CREATION`: **false**:禁止普通(非管理员)用户创建组织。 +- `USER_DISABLED_FEATURES`:**_empty_** 禁用的用户特性,当前允许为空或者 `deletion`, 未来可以增加更多设置。 + - `deletion`: 用户不能通过界面或者API删除他自己。 ## 安全性 (`security`) diff --git a/modules/setting/admin.go b/modules/setting/admin.go index 2d2dd26de94ae..48a2ea9744552 100644 --- a/modules/setting/admin.go +++ b/modules/setting/admin.go @@ -3,14 +3,22 @@ package setting +import "code.gitea.io/gitea/modules/container" + // Admin settings var Admin struct { DisableRegularOrgCreation bool DefaultEmailNotification string + UserDisabledFeatures container.Set[string] } func loadAdminFrom(rootCfg ConfigProvider) { - mustMapSetting(rootCfg, "admin", &Admin) sec := rootCfg.Section("admin") + Admin.DisableRegularOrgCreation = sec.Key("DISABLE_REGULAR_ORG_CREATION").MustBool(false) Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled") + Admin.UserDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...) } + +const ( + UserFeatureDeletion = "deletion" +) diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go index c7f194a3b52ce..659c3e29c1e25 100644 --- a/routers/web/user/setting/account.go +++ b/routers/web/user/setting/account.go @@ -233,6 +233,11 @@ func DeleteEmail(ctx *context.Context) { // DeleteAccount render user suicide page and response for delete user himself func DeleteAccount(ctx *context.Context) { + if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureDeletion) { + ctx.Error(http.StatusNotFound) + return + } + ctx.Data["Title"] = ctx.Tr("settings") ctx.Data["PageIsSettingsAccount"] = true @@ -299,6 +304,7 @@ func loadAccountData(ctx *context.Context) { ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference ctx.Data["ActivationsPending"] = pendingActivation ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm + ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures if setting.Service.UserDeleteWithCommentsMaxTime != 0 { ctx.Data["UserDeleteWithCommentsMaxTime"] = setting.Service.UserDeleteWithCommentsMaxTime.String() diff --git a/templates/user/settings/account.tmpl b/templates/user/settings/account.tmpl index bfcf423d67f5e..515e79d739f39 100644 --- a/templates/user/settings/account.tmpl +++ b/templates/user/settings/account.tmpl @@ -128,6 +128,7 @@ {{end}} + {{if not ($.UserDisabledFeatures.Contains "deletion")}}

{{ctx.Locale.Tr "settings.delete_account"}}

@@ -151,7 +152,18 @@ + + {{end}} - - {{template "user/settings/layout_footer" .}} From 7d0903bf90bce6d0ed2fa131ab028a55b8729b73 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 23 Feb 2024 19:09:18 +0800 Subject: [PATCH 2/2] Adjust changelog for v1.21.6 to move prs to correct labels (#29339) (#29343) When releasing, the releaser should read all the pull requests carefully and do some adjustments because some of pull requests' labels are not right when it's merged. And the changelog tool needs to be adjusted. If one pull request has both `bug` and `API`, it should mark it as `bug` but not `API`. Backport #29339 --- CHANGELOG.md | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f2c69888a20a..e119d0bec01f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,9 +9,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * SECURITY * Fix XSS vulnerabilities (#29336) * Use general token signing secret (#29205) (#29325) -* API - * Refactor issue template parsing and fix API endpoint (#29069) (#29140) - * Fix swift packages not resolving (#29095) (#29102) * ENHANCEMENTS * Refactor git version functions and check compatibility (#29155) (#29157) * Improve user experience for outdated comments (#29050) (#29086) @@ -19,7 +16,11 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * Wrap contained tags and branches again (#29021) (#29026) * Fix incorrect button CSS usages (#29015) (#29023) * Strip trailing newline in markdown code copy (#29019) (#29022) + * Implement some action notifier functions (#29173) (#29308) + * Load outdated comments when (un)resolving conversation on PR timeline (#29203) (#29221) * BUGFIXES + * Refactor issue template parsing and fix API endpoint (#29069) (#29140) + * Fix swift packages not resolving (#29095) (#29102) * Remove SSH workaround (#27893) (#29332) * Only log error when tag sync fails (#29295) (#29327) * Fix SSPI user creation (#28948) (#29323) @@ -44,18 +45,15 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * Avoid showing unnecessary JS errors when there are elements with different origin on the page (#29081) (#29089) * Fix gitea-origin-url with default ports (#29085) (#29088) * Fix orgmode link resolving (#29024) (#29076) - * Fix: Elasticsearch: Request Entity Too Large #28117 (#29062) (#29075) + * Fix Elasticsearh Request Entity Too Large #28117 (#29062) (#29075) * Do not render empty comments (#29039) (#29049) * Avoid sending update/delete release notice when it is draft (#29008) (#29025) -* DOCS - * Rm outdated docs from some languages (#27530) (#29208) -* MISC - * Implement some action notifier functions (#29173) (#29308) * Fix gitea-action user avatar broken on edited menu (#29190) (#29307) * Disallow merge when required checked are missing (#29143) (#29268) - * Convert visibility to number (#29226) (#29244) - * Load outdated comments when (un)resolving conversation on PR timeline (#29203) (#29221) * Fix incorrect link to swift doc and swift package-registry login command (#29096) (#29103) + * Convert visibility to number (#29226) (#29244) +* DOCS + * Remove outdated docs from some languages (#27530) (#29208) * Fix typos in the documentation (#29048) (#29056) * Explained where create issue/PR template (#29035) @@ -174,7 +172,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * Fix Chinese translation of config cheat sheet[API] (#28472) (#28473) * Retry SSH key verification with additional CRLF if it failed (#28392) (#28464) -## [1.21.2](https://github.com/go-gitea/gitea/releases/tag/1.21.2) - 2023-12-12 +## [1.21.2](https://github.com/go-gitea/gitea/releases/tag/v1.21.2) - 2023-12-12 * SECURITY * Rebuild with recently released golang version @@ -213,7 +211,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * Use full width for project boards (#28225) (#28245) * Enable system users search via the API (#28013) (#28018) -## [1.21.1](https://github.com/go-gitea/gitea/releases/tag/1.21.1) - 2023-11-26 +## [1.21.1](https://github.com/go-gitea/gitea/releases/tag/v1.21.1) - 2023-11-26 * SECURITY * Fix comment permissions (#28213) (#28216)