-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix the permission of team's Actions
unit issue
#24536
Conversation
The gitea/modules/setting/repository.go Lines 307 to 309 in 58caf42
Actually, I don't like the hard code way of |
done and tested |
close go-gitea#24449 The unit of `Actions` should be contorlled not only by `repository.DISABLED_REPO_UNITS` but also by `actions.ENABLED` in the `app.ini`. Previously, the permission of the team's `Actions` unit was not controlled by `actions.Enabled`. So, even if the user sets `actions.Enabled` to false, he can still select the permission of the `Actions` unit for the team. This PR makes the permissions of the team's `Actions` unit also controlled by `actions.Enabled`. Just append`TypeActions` into `DisabledRepoUnits` slice when initializing if `actions.Enabled` is false. ### Changes: If `Actions` is set disbaled in `app.ini`, like below: ```yaml [actions] ENABLED = false ``` 1. If user try to create/edit a team, will prompt user that `Actions` is disabled. ![image](https://user-images.githubusercontent.com/33891828/236370415-961082b2-82d2-4d9e-8025-83872ad08cbb.png) 2. `actions` is not displayed in the sidebar on the team details page ![image](https://user-images.githubusercontent.com/33891828/236371817-f39f9bc9-5926-4b88-b5e6-d93617fcfb07.png)
Backport #24536 by @sillyguodong close #24449 The unit of `Actions` should be contorlled not only by `repository.DISABLED_REPO_UNITS` but also by `actions.ENABLED` in the `app.ini`. Previously, the permission of the team's `Actions` unit was not controlled by `actions.Enabled`. So, even if the user sets `actions.Enabled` to false, he can still select the permission of the `Actions` unit for the team. This PR makes the permissions of the team's `Actions` unit also controlled by `actions.Enabled`. Just append`TypeActions` into `DisabledRepoUnits` slice when initializing if `actions.Enabled` is false. ### Changes: If `Actions` is set disbaled in `app.ini`, like below: ```yaml [actions] ENABLED = false ``` 1. If user try to create/edit a team, will prompt user that `Actions` is disbaled. ![image](https://user-images.githubusercontent.com/33891828/236370415-961082b2-82d2-4d9e-8025-83872ad08cbb.png) 2. `actions` is not displayed in the sidebar on the team details page ![image](https://user-images.githubusercontent.com/33891828/236371817-f39f9bc9-5926-4b88-b5e6-d93617fcfb07.png) Co-authored-by: sillyguodong <[email protected]>
* upstream/main: Add RPM registry (go-gitea#23380) Docs for Gitea Actions (go-gitea#24405) Update LDAP filters to include both username and email address (go-gitea#24547) Temporarily disable PATs until next release (go-gitea#24527) Replace placeholders in licenses (go-gitea#24354) Fix the permission of team's `Actions` unit issue (go-gitea#24536) Bump golang deps (go-gitea#24533) Fix mirrors repository disapeared on user dashboard (go-gitea#24520) Revert "Prevent a user with a different email from accepting the team invite" (go-gitea#24531) Fix form method/class (go-gitea#24535) Fix typo in rename branch dialog (go-gitea#24537) Check length of `LogIndexes` in case it is outdated (go-gitea#24516)
Regression of #24536. If the user doesn't explicitly disable Actions, it will be enabled. 1. Gitea will call `loadRepositoryFrom` before `loadActionsFrom`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/setting.go#L234-L237 2. In `loadRepositoryFrom`, `rootCfg.Section("actions").Key("ENABLED").MustBool(true)` will set `actions.ENABLED` with `true`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/repository.go#L313-L315 3. In `loadActionsFrom`, `rootCfg.Section("actions")` will get a section with Actions enabled. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/actions.go#L23-L26 Although the cause of the problem was using `true` by copy-paste mistake, it also surprised me that **`rootCfg.Section("actions").Key("ENABLED").MustBool(true)` doesn't only read, but also write.**
Regression of go-gitea#24536. If the user doesn't explicitly disable Actions, it will be enabled. 1. Gitea will call `loadRepositoryFrom` before `loadActionsFrom`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/setting.go#L234-L237 2. In `loadRepositoryFrom`, `rootCfg.Section("actions").Key("ENABLED").MustBool(true)` will set `actions.ENABLED` with `true`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/repository.go#L313-L315 3. In `loadActionsFrom`, `rootCfg.Section("actions")` will get a section with Actions enabled. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/actions.go#L23-L26 Although the cause of the problem was using `true` by copy-paste mistake, it also surprised me that **`rootCfg.Section("actions").Key("ENABLED").MustBool(true)` doesn't only read, but also write.**
Backport #24802 by @wolfogre Regression of #24536. If the user doesn't explicitly disable Actions, it will be enabled. 1. Gitea will call `loadRepositoryFrom` before `loadActionsFrom`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/setting.go#L234-L237 2. In `loadRepositoryFrom`, `rootCfg.Section("actions").Key("ENABLED").MustBool(true)` will set `actions.ENABLED` with `true`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/repository.go#L313-L315 3. In `loadActionsFrom`, `rootCfg.Section("actions")` will get a section with Actions enabled. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/actions.go#L23-L26 Although the cause of the problem was using `true` by copy-paste mistake, it also surprised me that **`rootCfg.Section("actions").Key("ENABLED").MustBool(true)` doesn't only read, but also write.** Co-authored-by: Jason Song <[email protected]>
Backport go-gitea#24802 by @wolfogre Regression of go-gitea#24536. If the user doesn't explicitly disable Actions, it will be enabled. 1. Gitea will call `loadRepositoryFrom` before `loadActionsFrom`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/setting.go#L234-L237 2. In `loadRepositoryFrom`, `rootCfg.Section("actions").Key("ENABLED").MustBool(true)` will set `actions.ENABLED` with `true`. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/repository.go#L313-L315 3. In `loadActionsFrom`, `rootCfg.Section("actions")` will get a section with Actions enabled. https://github.com/go-gitea/gitea/blob/25d4f95df25dae5226e96e813dde87b071d9155e/modules/setting/actions.go#L23-L26 Although the cause of the problem was using `true` by copy-paste mistake, it also surprised me that **`rootCfg.Section("actions").Key("ENABLED").MustBool(true)` doesn't only read, but also write.** Co-authored-by: Jason Song <[email protected]> (cherry picked from commit b369ed5)
close #24449
The unit of
Actions
should be contorlled not only byrepository.DISABLED_REPO_UNITS
but also byactions.ENABLED
in the
app.ini
.Previously, the permission of the team's
Actions
unit was not controlled byactions.Enabled
. So, even if the user setsactions.Enabled
to false, he can still select the permission of theActions
unit for the team.This PR makes the permissions of the team's
Actions
unit also controlled byactions.Enabled
. Just appendTypeActions
intoDisabledRepoUnits
slice when initializing ifactions.Enabled
is false.Changes:
If
Actions
is set disbaled inapp.ini
, like below:Actions
is disbaled.actions
is not displayed in the sidebar on the team details page