diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2024-03-02 02:21:01 +0100 |
|---|---|---|
| committer | Earl Warren <contact@earl-warren.org> | 2024-03-06 05:10:45 +0100 |
| commit | ee6ff937c0782b9cdc7ae1bc62b7eda83982d40f (patch) | |
| tree | 6719a5a963d26c647559c1ba1fccaa327a37f5c9 /routers | |
| parent | Fix incorrect diff expander for deletion of last lines in a file (#29501) (diff) | |
| download | forgejo-ee6ff937c0782b9cdc7ae1bc62b7eda83982d40f.tar.xz forgejo-ee6ff937c0782b9cdc7ae1bc62b7eda83982d40f.zip | |
Allow options to disable user gpg keys configuration from the interface on app.ini (#29486)
Follow #29447
Fix #29454
Extract from #20549
(cherry picked from commit 9de5e39e25009bacc5ca201ed97e9cbb623e56e9)
Conflicts:
custom/conf/app.example.ini
docs/content/administration/config-cheat-sheet.en-us.md
docs/content/administration/config-cheat-sheet.zh-cn.md
trivial context conflict
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/user/gpg_key.go | 11 | ||||
| -rw-r--r-- | routers/web/user/setting/keys.go | 10 |
2 files changed, 21 insertions, 0 deletions
diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go index b8438cd2aa..dcf5da0b2e 100644 --- a/routers/api/v1/user/gpg_key.go +++ b/routers/api/v1/user/gpg_key.go @@ -10,6 +10,7 @@ import ( asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/db" + "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/routers/api/v1/utils" @@ -132,6 +133,11 @@ func GetGPGKey(ctx *context.APIContext) { // CreateUserGPGKey creates new GPG key to given user by ID. func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) { + if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) + return + } + token := asymkey_model.VerificationToken(ctx.Doer, 1) lastToken := asymkey_model.VerificationToken(ctx.Doer, 0) @@ -268,6 +274,11 @@ func DeleteGPGKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" + if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) + return + } + if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.ParamsInt64(":id")); err != nil { if asymkey_model.IsErrGPGKeyAccessDenied(err) { ctx.Error(http.StatusForbidden, "", "You do not have access to this key") diff --git a/routers/web/user/setting/keys.go b/routers/web/user/setting/keys.go index 0a12777e5e..cb01913bda 100644 --- a/routers/web/user/setting/keys.go +++ b/routers/web/user/setting/keys.go @@ -5,6 +5,7 @@ package setting import ( + "fmt" "net/http" asymkey_model "code.gitea.io/gitea/models/asymkey" @@ -77,6 +78,11 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "gpg": + if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) + return + } + token := asymkey_model.VerificationToken(ctx.Doer, 1) lastToken := asymkey_model.VerificationToken(ctx.Doer, 0) @@ -224,6 +230,10 @@ func KeysPost(ctx *context.Context) { func DeleteKey(ctx *context.Context) { switch ctx.FormString("type") { case "gpg": + if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) + return + } if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.FormInt64("id")); err != nil { ctx.Flash.Error("DeleteGPGKey: " + err.Error()) } else { |