From 839daa85aaba5172b3dd2b3f882aa9639a09f13a Mon Sep 17 00:00:00 2001 From: Paweł Bogusławski Date: Mon, 21 Dec 2020 15:39:41 +0100 Subject: Added option to disable migrations (#13114) * Added option to disable migrations This patch introduces DISABLE_MIGRATIONS parameter in [repository] section of app.ini (by default set to false). If set to true it blocks access to repository migration feature. This mod hides also local repo import option in user editor if local repo importing or migrations is disabled. * Alter Example config DISABLE_MIGRATIONS set to false in example config to match its default value. * HTTP error 403 instead of 500 on denied access to migration * Parameter DISABLE_MIGRATIONS exposed via API Fixes: 04b04cf854bcb3ed7659442bcf79822bdebe29e9 Author-Change-Id: IB#1105130 --- routers/admin/users.go | 2 ++ routers/api/v1/repo/migrate.go | 5 +++++ routers/api/v1/settings/settings.go | 5 +++-- routers/repo/migrate.go | 16 ++++++++++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) (limited to 'routers') diff --git a/routers/admin/users.go b/routers/admin/users.go index 4382ee3877..06c391b8e0 100644 --- a/routers/admin/users.go +++ b/routers/admin/users.go @@ -191,6 +191,7 @@ func EditUser(ctx *context.Context) { ctx.Data["PageIsAdmin"] = true ctx.Data["PageIsAdminUsers"] = true ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations prepareUserInfo(ctx) if ctx.Written() { @@ -205,6 +206,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) { ctx.Data["Title"] = ctx.Tr("admin.users.edit_account") ctx.Data["PageIsAdmin"] = true ctx.Data["PageIsAdminUsers"] = true + ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations u := prepareUserInfo(ctx) if ctx.Written() { diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go index 511e91f94e..ab480c29aa 100644 --- a/routers/api/v1/repo/migrate.go +++ b/routers/api/v1/repo/migrate.go @@ -119,6 +119,11 @@ func Migrate(ctx *context.APIContext, form api.MigrateRepoOptions) { return } + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigrationsGlobalDisabled", fmt.Errorf("the site administrator has disabled migrations")) + return + } + var opts = migrations.MigrateOptions{ CloneAddr: remoteAddr, RepoName: form.RepoName, diff --git a/routers/api/v1/settings/settings.go b/routers/api/v1/settings/settings.go index c94a3141e2..6095988404 100644 --- a/routers/api/v1/settings/settings.go +++ b/routers/api/v1/settings/settings.go @@ -57,8 +57,9 @@ func GetGeneralRepoSettings(ctx *context.APIContext) { // "200": // "$ref": "#/responses/GeneralRepoSettings" ctx.JSON(http.StatusOK, api.GeneralRepoSettings{ - MirrorsDisabled: setting.Repository.DisableMirrors, - HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MirrorsDisabled: setting.Repository.DisableMirrors, + HTTPGitDisabled: setting.Repository.DisableHTTPGit, + MigrationsDisabled: setting.Repository.DisableMigrations, }) } diff --git a/routers/repo/migrate.go b/routers/repo/migrate.go index d843a043a7..a628fd2e2f 100644 --- a/routers/repo/migrate.go +++ b/routers/repo/migrate.go @@ -6,6 +6,7 @@ package repo import ( + "net/http" "strings" "code.gitea.io/gitea/models" @@ -25,6 +26,11 @@ const ( // Migrate render migration of repository page func Migrate(ctx *context.Context) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "Migrate: the site administrator has disabled migrations") + return + } + ctx.Data["Services"] = append([]structs.GitServiceType{structs.PlainGitService}, structs.SupportedFullGitService...) serviceType := ctx.QueryInt("service_type") if serviceType == 0 { @@ -60,6 +66,11 @@ func Migrate(ctx *context.Context) { } func handleMigrateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form *auth.MigrateRepoForm) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigrateError: the site administrator has disabled migrations") + return + } + switch { case migrations.IsRateLimitError(err): ctx.RenderWithErr(ctx.Tr("form.visit_rate_limit"), tpl, form) @@ -107,6 +118,11 @@ func handleMigrateError(ctx *context.Context, owner *models.User, err error, nam // MigratePost response for migrating from external git repository func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) { + if setting.Repository.DisableMigrations { + ctx.Error(http.StatusForbidden, "MigratePost: the site administrator has disabled migrations") + return + } + ctx.Data["Title"] = ctx.Tr("new_migrate") // Plain git should be first ctx.Data["service"] = structs.GitServiceType(form.Service) -- cgit v1.2.3