Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add configuration to restrict allowed user visibility modes #16271

Merged
merged 15 commits into from
Jun 27, 2021
Merged

Add configuration to restrict allowed user visibility modes #16271

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
40ba7d7
restructure CreateUser
6543 Jun 27, 2021
8a9589d
Service.AllowedUserVisibilityModes
6543 Jun 27, 2021
0bc0c97
validate user on update too
6543 Jun 27, 2021
6b49fc4
Apply to UI
6543 Jun 27, 2021
365ab6f
docu
6543 Jun 27, 2021
e2dd97e
init AllowedUserVisibilityModesMap for unit-tests if needed
6543 Jun 27, 2021
aad443d
fix lint
6543 Jun 27, 2021
4493a79
move from map too bool slice
6543 Jun 27, 2021
139433e
lint
6543 Jun 27, 2021
5882b72
dedub code
6543 Jun 27, 2021
ab9114a
init AllowedUserVisibilityModesSlice for unit-tests who need it
6543 Jun 27, 2021
580f4a3
Update modules/setting/service.go
6543 Jun 27, 2021
023ed7e
set default value at definition
6543 Jun 27, 2021
da94919
Merge branch 'main' into settings-lowest-allowed-user-visiblity
6543 Jun 27, 2021
bec0b55
Merge branch 'main' into settings-lowest-allowed-user-visiblity
zeripath Jun 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 25 additions & 14 deletions models/user.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -863,23 +863,34 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e
return err
}

// set system defaults
u.KeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate
u.Visibility = setting.Service.DefaultUserVisibilityMode
u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation
u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
u.MaxRepoCreation = -1
u.Theme = setting.UI.DefaultTheme

// overwrite defaults if set
if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {
u.Visibility = overwriteDefault[0].Visibility
}

sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return err
}

// validate data

isExist, err := isUserExist(sess, 0, u.Name)
if err != nil {
return err
} else if isExist {
return ErrUserAlreadyExist{u.Name}
}

if err = deleteUserRedirect(sess, u.Name); err != nil {
return err
}

u.Email = strings.ToLower(u.Email)
if err = ValidateEmail(u.Email); err != nil {
return err
Expand All @@ -892,6 +903,12 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e
return ErrEmailAlreadyUsed{u.Email}
}

if !setting.Service.AllowedUserVisibilityModesMap[u.Visibility] {
return fmt.Errorf("visibility Mode not allowed: %s", u.Visibility.String())
}

// prepare for database

u.LowerName = strings.ToLower(u.Name)
u.AvatarEmail = u.Email
if u.Rands, err = GetUserSalt(); err != nil {
Expand All @@ -901,16 +918,10 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e
return err
}

// set system defaults
u.KeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate
u.Visibility = setting.Service.DefaultUserVisibilityMode
u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation
u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
u.MaxRepoCreation = -1
u.Theme = setting.UI.DefaultTheme
// overwrite defaults if set
if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {
u.Visibility = overwriteDefault[0].Visibility
// save changes to database

if err = deleteUserRedirect(sess, u.Name); err != nil {
return err
}

if _, err = sess.Insert(u); err != nil {
Expand Down
12 changes: 12 additions & 0 deletions modules/setting/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ import (
var Service struct {
DefaultUserVisibility string
DefaultUserVisibilityMode structs.VisibleType
AllowedUserVisibilityModes []string
AllowedUserVisibilityModesMap map[structs.VisibleType]bool `ini:"-"`
6543 marked this conversation as resolved.
Show resolved Hide resolved
DefaultOrgVisibility string
DefaultOrgVisibilityMode structs.VisibleType
ActiveCodeLives int
Expand Down Expand Up @@ -122,6 +124,16 @@ func newService() {
Service.AutoWatchOnChanges = sec.Key("AUTO_WATCH_ON_CHANGES").MustBool(false)
Service.DefaultUserVisibility = sec.Key("DEFAULT_USER_VISIBILITY").In("public", structs.ExtractKeysFromMapString(structs.VisibilityModes))
Service.DefaultUserVisibilityMode = structs.VisibilityModes[Service.DefaultUserVisibility]
Service.AllowedUserVisibilityModes = sec.Key("AllowedUserVisibilityModes").Strings(",")
Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
for _, modes := range Service.AllowedUserVisibilityModes {
Service.AllowedUserVisibilityModesMap[structs.VisibilityModes[modes]] = true
}
if len(Service.AllowedUserVisibilityModesMap) == 0 {
Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
Service.AllowedUserVisibilityModesMap[structs.VisibleTypeLimited] = true
Service.AllowedUserVisibilityModesMap[structs.VisibleTypePrivate] = true
}
Service.DefaultOrgVisibility = sec.Key("DEFAULT_ORG_VISIBILITY").In("public", structs.ExtractKeysFromMapString(structs.VisibilityModes))
Service.DefaultOrgVisibilityMode = structs.VisibilityModes[Service.DefaultOrgVisibility]
Service.DefaultOrgMemberVisible = sec.Key("DEFAULT_ORG_MEMBER_VISIBLE").MustBool()
Expand Down