Added option to disable migrations (#13114)

* Added option to disable migrations

This patch introduces DISABLE_MIGRATIONS parameter in [repository]
section of app.ini (by default set to false). If set to true
it blocks access to repository migration feature.

This mod hides also local repo import option in user editor if
local repo importing or migrations is disabled.

* Alter Example config

DISABLE_MIGRATIONS set to false in example config to
match its default value.

* HTTP error 403 instead of 500 on denied access to migration

* Parameter DISABLE_MIGRATIONS exposed via API

Fixes: 04b04cf854bcb3ed7659442bcf79822bdebe29e9
Author-Change-Id: IB#1105130
This commit is contained in:
Paweł Bogusławski 2020-12-21 15:39:41 +01:00 committed by GitHub
parent 3a500cf8c4
commit 839daa85aa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 52 additions and 11 deletions

View file

@ -66,6 +66,8 @@ DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,re
PREFIX_ARCHIVE_FILES = true
; Disable the creation of new mirrors. Pre-existing mirrors remain valid.
DISABLE_MIRRORS = false
; Disable migrating feature.
DISABLE_MIGRATIONS = false
; The default branch name of new repositories
DEFAULT_BRANCH = master
; Allow adoption of unadopted repositories

View file

@ -74,6 +74,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects**: Comma separated list of default repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
- `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
- `DISABLE_MIRRORS`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
- `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
- `DEFAULT_BRANCH`: **master**: Default branch name of all repositories.
- `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
- `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories

View file

@ -43,8 +43,9 @@ func TestAPIExposedSettings(t *testing.T) {
DecodeJSON(t, resp, &repo)
assert.EqualValues(t, &api.GeneralRepoSettings{
MirrorsDisabled: setting.Repository.DisableMirrors,
HTTPGitDisabled: setting.Repository.DisableHTTPGit,
MirrorsDisabled: setting.Repository.DisableMirrors,
HTTPGitDisabled: setting.Repository.DisableHTTPGit,
MigrationsDisabled: setting.Repository.DisableMigrations,
}, repo)
attachment := new(api.GeneralAttachmentSettings)

View file

@ -343,6 +343,7 @@ func Contexter() macaron.Handler {
ctx.Data["EnableSwagger"] = setting.API.EnableSwagger
ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
c.Map(ctx)
}

View file

@ -11,6 +11,7 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/migrations"
repository_service "code.gitea.io/gitea/modules/repository"
"code.gitea.io/gitea/modules/setting"
mirror_service "code.gitea.io/gitea/services/mirror"
)
@ -115,5 +116,7 @@ func initBasicTasks() {
registerArchiveCleanup()
registerSyncExternalUsers()
registerDeletedBranchesCleanup()
registerUpdateMigrationPosterID()
if !setting.Repository.DisableMigrations {
registerUpdateMigrationPosterID()
}
}

View file

@ -42,6 +42,7 @@ var (
DefaultRepoUnits []string
PrefixArchiveFiles bool
DisableMirrors bool
DisableMigrations bool
DefaultBranch string
AllowAdoptionOfUnadoptedRepositories bool
AllowDeleteOfUnadoptedRepositories bool
@ -152,6 +153,7 @@ var (
DefaultRepoUnits: []string{},
PrefixArchiveFiles: true,
DisableMirrors: false,
DisableMigrations: false,
DefaultBranch: "master",
// Repository editor settings

View file

@ -6,8 +6,9 @@ package structs
// GeneralRepoSettings contains global repository settings exposed by API
type GeneralRepoSettings struct {
MirrorsDisabled bool `json:"mirrors_disabled"`
HTTPGitDisabled bool `json:"http_git_disabled"`
MirrorsDisabled bool `json:"mirrors_disabled"`
HTTPGitDisabled bool `json:"http_git_disabled"`
MigrationsDisabled bool `json:"migrations_disabled"`
}
// GeneralUISettings contains global ui settings exposed by API

View file

@ -191,6 +191,7 @@ func EditUser(ctx *context.Context) {
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminUsers"] = true
ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation
ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
prepareUserInfo(ctx)
if ctx.Written() {
@ -205,6 +206,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminUsers"] = true
ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
u := prepareUserInfo(ctx)
if ctx.Written() {

View file

@ -119,6 +119,11 @@ func Migrate(ctx *context.APIContext, form api.MigrateRepoOptions) {
return
}
if setting.Repository.DisableMigrations {
ctx.Error(http.StatusForbidden, "MigrationsGlobalDisabled", fmt.Errorf("the site administrator has disabled migrations"))
return
}
var opts = migrations.MigrateOptions{
CloneAddr: remoteAddr,
RepoName: form.RepoName,

View file

@ -57,8 +57,9 @@ func GetGeneralRepoSettings(ctx *context.APIContext) {
// "200":
// "$ref": "#/responses/GeneralRepoSettings"
ctx.JSON(http.StatusOK, api.GeneralRepoSettings{
MirrorsDisabled: setting.Repository.DisableMirrors,
HTTPGitDisabled: setting.Repository.DisableHTTPGit,
MirrorsDisabled: setting.Repository.DisableMirrors,
HTTPGitDisabled: setting.Repository.DisableHTTPGit,
MigrationsDisabled: setting.Repository.DisableMigrations,
})
}

View file

@ -6,6 +6,7 @@
package repo
import (
"net/http"
"strings"
"code.gitea.io/gitea/models"
@ -25,6 +26,11 @@ const (
// Migrate render migration of repository page
func Migrate(ctx *context.Context) {
if setting.Repository.DisableMigrations {
ctx.Error(http.StatusForbidden, "Migrate: the site administrator has disabled migrations")
return
}
ctx.Data["Services"] = append([]structs.GitServiceType{structs.PlainGitService}, structs.SupportedFullGitService...)
serviceType := ctx.QueryInt("service_type")
if serviceType == 0 {
@ -60,6 +66,11 @@ func Migrate(ctx *context.Context) {
}
func handleMigrateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form *auth.MigrateRepoForm) {
if setting.Repository.DisableMigrations {
ctx.Error(http.StatusForbidden, "MigrateError: the site administrator has disabled migrations")
return
}
switch {
case migrations.IsRateLimitError(err):
ctx.RenderWithErr(ctx.Tr("form.visit_rate_limit"), tpl, form)
@ -107,6 +118,11 @@ func handleMigrateError(ctx *context.Context, owner *models.User, err error, nam
// MigratePost response for migrating from external git repository
func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
if setting.Repository.DisableMigrations {
ctx.Error(http.StatusForbidden, "MigratePost: the site administrator has disabled migrations")
return
}
ctx.Data["Title"] = ctx.Tr("new_migrate")
// Plain git should be first
ctx.Data["service"] = structs.GitServiceType(form.Service)

View file

@ -95,7 +95,7 @@
<input name="allow_git_hook" type="checkbox" {{if .User.CanEditGitHook}}checked{{end}} {{if DisableGitHooks}}disabled{{end}}>
</div>
</div>
<div class="inline field">
<div class="inline field" {{if or (DisableImportLocal) (.DisableMigrations)}}hidden{{end}}>
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.users.allow_import_local"}}</strong></label>
<input name="allow_import_local" type="checkbox" {{if .User.CanImportLocal}}checked{{end}} {{if DisableImportLocal}}disabled{{end}}>

View file

@ -89,9 +89,11 @@
<a class="item" href="{{AppSubUrl}}/repo/create">
<span class="fitted">{{svg "octicon-plus"}}</span> {{.i18n.Tr "new_repo"}}
</a>
<a class="item" href="{{AppSubUrl}}/repo/migrate">
<span class="fitted">{{svg "octicon-repo-push"}}</span> {{.i18n.Tr "new_migrate"}}
</a>
{{if not .DisableMigrations}}
<a class="item" href="{{AppSubUrl}}/repo/migrate">
<span class="fitted">{{svg "octicon-repo-push"}}</span> {{.i18n.Tr "new_migrate"}}
</a>
{{end}}
{{if .SignedUser.CanCreateOrganization}}
<a class="item" href="{{AppSubUrl}}/org/create">
<span class="fitted">{{svg "octicon-organization"}}</span> {{.i18n.Tr "new_org"}}

View file

@ -13688,6 +13688,10 @@
"type": "boolean",
"x-go-name": "HTTPGitDisabled"
},
"migrations_disabled": {
"type": "boolean",
"x-go-name": "MigrationsDisabled"
},
"mirrors_disabled": {
"type": "boolean",
"x-go-name": "MirrorsDisabled"