finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add setting to disable user features when user login type is not plain (#29615)

Browse source 
- Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported
user features when login type is not plain
- In general, this is necessary for SSO implementations to avoid
inconsistencies between the external account management and the linked
account
- Adds helper functions to encourage correct use

(cherry picked from commit 59d4aadba5c15d02f3b9f0e61abb7476870c20a5)

Conflicts:
	- docs/content/administration/config-cheat-sheet.en-us.md
          Removed.
	- modules/setting/admin.go
          Trivial resolution: pick the newly added struct member.
This commit is contained in:
Jack Hay 2024-03-29 11:05:41 -04:00 committed by Gergely Nagy
parent ee33869f84
commit e08f05b069
No known key found for this signature in database
8 changed files with 77 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

5
custom/conf/app.example.ini
View file

@ -1503,6 +1503,11 @@ LEVEL = Info
;; - manage_ssh_keys: a user cannot configure ssh keys
;; - manage_gpg_keys: a user cannot configure gpg keys
;USER_DISABLED_FEATURES =
;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
;; - deletion: a user cannot delete their own account
;; - manage_ssh_keys: a user cannot configure ssh keys
;; - manage_gpg_keys: a user cannot configure gpg keys
;;EXTERNAL_USER_DISABLE_FEATURES =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;