From 839daa85aaba5172b3dd2b3f882aa9639a09f13a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Bogus=C5=82awski?= Date: Mon, 21 Dec 2020 15:39:41 +0100 Subject: [PATCH] Added option to disable migrations (#13114) * Added option to disable migrations This patch introduces DISABLE_MIGRATIONS parameter in [repository] section of app.ini (by default set to false). If set to true it blocks access to repository migration feature. This mod hides also local repo import option in user editor if local repo importing or migrations is disabled. * Alter Example config DISABLE_MIGRATIONS set to false in example config to match its default value. * HTTP error 403 instead of 500 on denied access to migration * Parameter DISABLE_MIGRATIONS exposed via API Fixes: 04b04cf854bcb3ed7659442bcf79822bdebe29e9 Author-Change-Id: IB#1105130 --- custom/conf/app.example.ini | 2 ++ .../doc/advanced/config-cheat-sheet.en-us.md | 1 + integrations/api_settings_test.go | 5 +++-- modules/context/context.go | 1 + modules/cron/tasks_basic.go | 5 ++++- modules/setting/repository.go | 2 ++ modules/structs/settings.go | 5 +++-- routers/admin/users.go | 2 ++ routers/api/v1/repo/migrate.go | 5 +++++ routers/api/v1/settings/settings.go | 5 +++-- routers/repo/migrate.go | 16 ++++++++++++++++ templates/admin/user/edit.tmpl | 2 +- templates/base/head_navbar.tmpl | 8 +++++--- templates/swagger/v1_json.tmpl | 4 ++++ 14 files changed, 52 insertions(+), 11 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 1e77ff2706..b89bbf894e 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -66,6 +66,8 @@ DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,re PREFIX_ARCHIVE_FILES = true ; Disable the creation of new mirrors. Pre-existing mirrors remain valid. DISABLE_MIRRORS = false +; Disable migrating feature. +DISABLE_MIGRATIONS = false ; The default branch name of new repositories DEFAULT_BRANCH = master ; Allow adoption of unadopted repositories diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index e30e740f7f..d482523f79 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -74,6 +74,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects**: Comma separated list of default repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list. - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository. - `DISABLE_MIRRORS`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid. +- `DISABLE_MIGRATIONS`: **false**: Disable migrating feature. - `DEFAULT_BRANCH`: **master**: Default branch name of all repositories. - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories diff --git a/integrations/api_settings_test.go b/integrations/api_settings_test.go index 60dbf7a9dc..19a0053876 100644 --- a/integrations/api_settings_test.go +++ b/integrations/api_settings_test.go @@ -43,8 +43,9 @@ func TestAPIExposedSettings(t *testing.T) { DecodeJSON(t, resp, &repo) assert.EqualValues(t, &api.GeneralRepoSettings{ - MirrorsDisabled: setting.Repository.DisableMirrors, - HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MirrorsDisabled: setting.Repository.DisableMirrors, + HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MigrationsDisabled: setting.Repository.DisableMigrations, }, repo) attachment := new(api.GeneralAttachmentSettings) diff --git a/modules/context/context.go b/modules/context/context.go index 1405860e07..c6597cf024 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -343,6 +343,7 @@ func Contexter() macaron.Handler { ctx.Data["EnableSwagger"] = setting.API.EnableSwagger ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations c.Map(ctx) } diff --git a/modules/cron/tasks_basic.go b/modules/cron/tasks_basic.go index 4da21fc7d9..a45704e889 100644 --- a/modules/cron/tasks_basic.go +++ b/modules/cron/tasks_basic.go @@ -11,6 +11,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/migrations" repository_service "code.gitea.io/gitea/modules/repository" + "code.gitea.io/gitea/modules/setting" mirror_service "code.gitea.io/gitea/services/mirror" ) @@ -115,5 +116,7 @@ func initBasicTasks() { registerArchiveCleanup() registerSyncExternalUsers() registerDeletedBranchesCleanup() - registerUpdateMigrationPosterID() + if !setting.Repository.DisableMigrations { + registerUpdateMigrationPosterID() + } } diff --git a/modules/setting/repository.go b/modules/setting/repository.go index 328a09454b..139512bf00 100644 --- a/modules/setting/repository.go +++ b/modules/setting/repository.go @@ -42,6 +42,7 @@ var ( DefaultRepoUnits []string PrefixArchiveFiles bool DisableMirrors bool + DisableMigrations bool DefaultBranch string AllowAdoptionOfUnadoptedRepositories bool AllowDeleteOfUnadoptedRepositories bool @@ -152,6 +153,7 @@ var ( DefaultRepoUnits: []string{}, PrefixArchiveFiles: true, DisableMirrors: false, + DisableMigrations: false, DefaultBranch: "master", // Repository editor settings diff --git a/modules/structs/settings.go b/modules/structs/settings.go index 0cb7b32841..5fd916affe 100644 --- a/modules/structs/settings.go +++ b/modules/structs/settings.go @@ -6,8 +6,9 @@ package structs // GeneralRepoSettings contains global repository settings exposed by API type GeneralRepoSettings struct { - MirrorsDisabled bool `json:"mirrors_disabled"` - HTTPGitDisabled bool `json:"http_git_disabled"` + MirrorsDisabled bool `json:"mirrors_disabled"` + HTTPGitDisabled bool `json:"http_git_disabled"` + MigrationsDisabled bool `json:"migrations_disabled"` } // GeneralUISettings contains global ui settings exposed by API diff --git a/routers/admin/users.go b/routers/admin/users.go index 4382ee3877..06c391b8e0 100644 --- a/routers/admin/users.go +++ b/routers/admin/users.go @@ -191,6 +191,7 @@ func EditUser(ctx *context.Context) { ctx.Data["PageIsAdmin"] = true ctx.Data["PageIsAdminUsers"] = true ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations prepareUserInfo(ctx) if ctx.Written() { @@ -205,6 +206,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) { ctx.Data["Title"] = ctx.Tr("admin.users.edit_account") ctx.Data["PageIsAdmin"] = true ctx.Data["PageIsAdminUsers"] = true + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations u := prepareUserInfo(ctx) if ctx.Written() { diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go index 511e91f94e..ab480c29aa 100644 --- a/routers/api/v1/repo/migrate.go +++ b/routers/api/v1/repo/migrate.go @@ -119,6 +119,11 @@ func Migrate(ctx *context.APIContext, form api.MigrateRepoOptions) { return } + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigrationsGlobalDisabled", fmt.Errorf("the site administrator has disabled migrations")) + return + } + var opts = migrations.MigrateOptions{ CloneAddr: remoteAddr, RepoName: form.RepoName, diff --git a/routers/api/v1/settings/settings.go b/routers/api/v1/settings/settings.go index c94a3141e2..6095988404 100644 --- a/routers/api/v1/settings/settings.go +++ b/routers/api/v1/settings/settings.go @@ -57,8 +57,9 @@ func GetGeneralRepoSettings(ctx *context.APIContext) { // "200": // "$ref": "#/responses/GeneralRepoSettings" ctx.JSON(http.StatusOK, api.GeneralRepoSettings{ - MirrorsDisabled: setting.Repository.DisableMirrors, - HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MirrorsDisabled: setting.Repository.DisableMirrors, + HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MigrationsDisabled: setting.Repository.DisableMigrations, }) } diff --git a/routers/repo/migrate.go b/routers/repo/migrate.go index d843a043a7..a628fd2e2f 100644 --- a/routers/repo/migrate.go +++ b/routers/repo/migrate.go @@ -6,6 +6,7 @@ package repo import ( + "net/http" "strings" "code.gitea.io/gitea/models" @@ -25,6 +26,11 @@ const ( // Migrate render migration of repository page func Migrate(ctx *context.Context) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "Migrate: the site administrator has disabled migrations") + return + } + ctx.Data["Services"] = append([]structs.GitServiceType{structs.PlainGitService}, structs.SupportedFullGitService...) serviceType := ctx.QueryInt("service_type") if serviceType == 0 { @@ -60,6 +66,11 @@ func Migrate(ctx *context.Context) { } func handleMigrateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form *auth.MigrateRepoForm) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigrateError: the site administrator has disabled migrations") + return + } + switch { case migrations.IsRateLimitError(err): ctx.RenderWithErr(ctx.Tr("form.visit_rate_limit"), tpl, form) @@ -107,6 +118,11 @@ func handleMigrateError(ctx *context.Context, owner *models.User, err error, nam // MigratePost response for migrating from external git repository func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigratePost: the site administrator has disabled migrations") + return + } + ctx.Data["Title"] = ctx.Tr("new_migrate") // Plain git should be first ctx.Data["service"] = structs.GitServiceType(form.Service) diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl index 7f1706e55a..d6cbdd5f53 100644 --- a/templates/admin/user/edit.tmpl +++ b/templates/admin/user/edit.tmpl @@ -95,7 +95,7 @@ -
+
diff --git a/templates/base/head_navbar.tmpl b/templates/base/head_navbar.tmpl index 5ce07ff8c5..207c522ee8 100644 --- a/templates/base/head_navbar.tmpl +++ b/templates/base/head_navbar.tmpl @@ -89,9 +89,11 @@ {{svg "octicon-plus"}} {{.i18n.Tr "new_repo"}} - - {{svg "octicon-repo-push"}} {{.i18n.Tr "new_migrate"}} - + {{if not .DisableMigrations}} + + {{svg "octicon-repo-push"}} {{.i18n.Tr "new_migrate"}} + + {{end}} {{if .SignedUser.CanCreateOrganization}} {{svg "octicon-organization"}} {{.i18n.Tr "new_org"}} diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index aa31b3f078..bb3b6b4fed 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -13688,6 +13688,10 @@ "type": "boolean", "x-go-name": "HTTPGitDisabled" }, + "migrations_disabled": { + "type": "boolean", + "x-go-name": "MigrationsDisabled" + }, "mirrors_disabled": { "type": "boolean", "x-go-name": "MirrorsDisabled"