diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 1917f1f123e5d..576414d193571 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -652,6 +652,9 @@ PATH = ;; Default value for AllowCreateOrganization ;; Every new user will have rights set to create organizations depending on this setting ;DEFAULT_ALLOW_CREATE_ORGANIZATION = true +;; Default value for IsRestricted +;; Every new user will have restricted permissions depending on this setting +;DEFAULT_USER_IS_RESTRICTED = false ;; ;; Either "public", "limited" or "private", default is "public" ;; Limited is for users visible only to signed users diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 1ec516466244f..274c97543a25b 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -502,6 +502,7 @@ relation to port exhaustion. - `HCAPTCHA_SITEKEY`: **""**: Sign up at https://www.hcaptcha.com/ to get a sitekey for hcaptcha. - `DEFAULT_KEEP_EMAIL_PRIVATE`: **false**: By default set users to keep their email address private. - `DEFAULT_ALLOW_CREATE_ORGANIZATION`: **true**: Allow new users to create organizations by default. +- `DEFAULT_USER_IS_RESTRICTED`: **false**: Give new users restricted permissions by default - `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default. - `ALLOW_CROSS_REPOSITORY_DEPENDENCIES` : **true** Enable this to allow dependencies on issues from any repository where the user is granted access. - `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles. diff --git a/integrations/signup_test.go b/integrations/signup_test.go index 5208a42ce5918..66ff8ac2d72ff 100644 --- a/integrations/signup_test.go +++ b/integrations/signup_test.go @@ -10,6 +10,7 @@ import ( "strings" "testing" + "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/setting" "github.com/stretchr/testify/assert" "github.com/unknwon/i18n" @@ -33,6 +34,28 @@ func TestSignup(t *testing.T) { MakeRequest(t, req, http.StatusOK) } +func TestSignupAsRestricted(t *testing.T) { + defer prepareTestEnv(t)() + + setting.Service.EnableCaptcha = false + setting.Service.DefaultUserIsRestricted = true + + req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{ + "user_name": "restrictedUser", + "email": "restrictedUser@example.com", + "password": "examplePassword!1", + "retype": "examplePassword!1", + }) + MakeRequest(t, req, http.StatusFound) + + // should be able to view new user's page + req = NewRequest(t, "GET", "/restrictedUser") + MakeRequest(t, req, http.StatusOK) + + user2 := models.AssertExistsAndLoadBean(t, &models.User{Name: "restrictedUser"}).(*models.User) + assert.True(t, user2.IsRestricted) +} + func TestSignupEmail(t *testing.T) { defer prepareTestEnv(t)() diff --git a/modules/setting/service.go b/modules/setting/service.go index dbabfb8400ad0..a391926382c4c 100644 --- a/modules/setting/service.go +++ b/modules/setting/service.go @@ -49,6 +49,7 @@ var Service = struct { HcaptchaSitekey string DefaultKeepEmailPrivate bool DefaultAllowCreateOrganization bool + DefaultUserIsRestricted bool EnableTimetracking bool DefaultEnableTimetracking bool DefaultEnableDependencies bool @@ -134,6 +135,7 @@ func newService() { Service.HcaptchaSitekey = sec.Key("HCAPTCHA_SITEKEY").MustString("") Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool() Service.DefaultAllowCreateOrganization = sec.Key("DEFAULT_ALLOW_CREATE_ORGANIZATION").MustBool(true) + Service.DefaultUserIsRestricted = sec.Key("DEFAULT_USER_IS_RESTRICTED").MustBool(false) Service.EnableTimetracking = sec.Key("ENABLE_TIMETRACKING").MustBool(true) if Service.EnableTimetracking { Service.DefaultEnableTimetracking = sec.Key("DEFAULT_ENABLE_TIMETRACKING").MustBool(true) diff --git a/routers/web/user/auth.go b/routers/web/user/auth.go index 4095d2956e3a5..7a205853bd8e7 100644 --- a/routers/web/user/auth.go +++ b/routers/web/user/auth.go @@ -1204,10 +1204,11 @@ func SignUpPost(ctx *context.Context) { } u := &models.User{ - Name: form.UserName, - Email: form.Email, - Passwd: form.Password, - IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm), + Name: form.UserName, + Email: form.Email, + Passwd: form.Password, + IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm), + IsRestricted: setting.Service.DefaultUserIsRestricted, } if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) {