luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-25 11:22:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Restricted users (#6274)

Browse source 
* Restricted users (#4334): initial implementation

* Add User.IsRestricted & UI to edit it

* Pass user object instead of user id to places where IsRestricted flag matters

* Restricted users: maintain access rows for all referenced repos (incl public)

* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses

* Add basic repo access tests for restricted users

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Mention restricted users in the faq

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Remove unnecessary `org.IsOrganization()` call

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert to an `int64` keyed `accessMap`

* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* or even better: `map[int64]*userAccess`

* updateUserAccess(): use tighter syntax as suggested by lafriks

* even tighter

* Avoid extra loop

* Don't disclose limited orgs to unauthenticated users

* Don't assume block only applies to orgs

* Use an array of `VisibleType` for filtering

* fix yet another thinko

* Ok - no need for u

* Revert "Ok - no need for u"

This reverts commit 5c3e886aabd5acd997a3b35687d322439732c200.

Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
Manush Dodunekov 2020-01-13 19:33:46 +02:00 committed by Antoine GIRARD
parent 0b3aaa6196
commit 1751d5fcf2
31 changed files with 310 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/content/doc/help/faq.en-us.md
View file

@ -31,6 +31,7 @@ Also see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}})
* [Only allow certain email domains](#only-allow-certain-email-domains)
* [Only allow/block certain OpenID providers](#only-allow-block-certain-openid-providers)
* [Issue only users](#issue-only-users)
* [Restricted users](#restricted-users)
* [Enable Fail2ban](#enable-fail2ban)
* [Adding custom themes](#how-to-add-use-custom-themes)
* [SSHD vs built-in SSH](#sshd-vs-built-in-ssh)
@ -147,6 +148,14 @@ You can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` under `[openid]` in y
### Issue only users
The current way to achieve this is to create/modify a user with a max repo creation limit of 0.
### Restricted users
Restricted users are limited to a subset of the content based on their organization/team memberships and collaborations, ignoring the public flag on organizations/repos etc.__
Example use case: A company runs a Gitea instance that requires login. Most repos are public (accessible/browseable by all co-workers).
At some point, a customer or third party needs access to a specific repo and only that repo. Making such a customer account restricted and granting any needed access using team membership(s) and/or collaboration(s) is a simple way to achieve that without the need to make everything private.
### Enable Fail2ban
Use [Fail2Ban]({{ relref "doc/usage/fail2ban-setup.md" >}}) to monitor and stop automated login attempts or other malicious behavior based on log patterns