Prevent git operations for inactive users (#13527)

* prevent git operations for inactive users * Some fixes * Deny push to the repositories which's owner is inactive * deny operations also when user is ProhibitLogin Co-authored-by: zeripath <art27@cantab.net>
author: Lunny Xiao <xiaolunwen@gmail.com> 2020-11-13 07:29:11 +0800
committer: GitHub <noreply@github.com> 2020-11-13 01:29:11 +0200
commit: ff7341b9946df665da0cd1453963733711ea7714 (patch)
tree: 10acf10152fb01d4cad4c5d47b4bc18bcd95ea35 /routers/repo/http.go
parent: ee7133d135e1bf746ccd558371edd4fcdf185e7f (diff)
download: gitea-ff7341b9946df665da0cd1453963733711ea7714.tar.gz
gitea-ff7341b9946df665da0cd1453963733711ea7714.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/routers/repo/http.go b/routers/repo/http.go
index c7523c7932..9e94d28eab 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -105,6 +105,10 @@ func HTTP(ctx *context.Context) {
 		ctx.NotFoundOrServerError("GetUserByName", models.IsErrUserNotExist, err)
 		return
 	}
+	if !owner.IsActive {
+		ctx.HandleText(http.StatusForbidden, "Repository cannot be accessed. You cannot push or open issues/pull-requests.")
+		return
+	}
 
 	repoExist := true
 	repo, err := models.GetRepositoryByName(owner.ID, reponame)
@@ -244,6 +248,11 @@ func HTTP(ctx *context.Context) {
 			}
 		}
 
+		if !authUser.IsActive || authUser.ProhibitLogin {
+			ctx.HandleText(http.StatusForbidden, "Your account is disabled.")
+			return
+		}
+
 		if repoExist {
 			perm, err := models.GetUserRepoPermission(repo, authUser)
 			if err != nil {
author	Lunny Xiao <xiaolunwen@gmail.com>	2020-11-13 07:29:11 +0800
committer	GitHub <noreply@github.com>	2020-11-13 01:29:11 +0200
commit	ff7341b9946df665da0cd1453963733711ea7714 (patch)
tree	10acf10152fb01d4cad4c5d47b4bc18bcd95ea35 /routers/repo/http.go
parent	ee7133d135e1bf746ccd558371edd4fcdf185e7f (diff)
download	gitea-ff7341b9946df665da0cd1453963733711ea7714.tar.gz gitea-ff7341b9946df665da0cd1453963733711ea7714.zip