Add setting to disable user features when user login type is not plain (#29615)

- Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported user features when login type is not plain - In general, this is necessary for SSO implementations to avoid inconsistencies between the external account management and the linked account - Adds helper functions to encourage correct use (cherry picked from commit 59d4aadba5c15d02f3b9f0e61abb7476870c20a5) Conflicts: - docs/content/administration/config-cheat-sheet.en-us.md Removed. - modules/setting/admin.go Trivial resolution: pick the newly added struct member.
2025-05-31 20:02:09 +00:00 · 2024-03-29 11:05:41 -04:00 · 2024-03-29 11:05:41 -04:00 · e08f05b069
commit e08f05b069
parent ee33869f84
8 changed files with 77 additions and 13 deletions
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@ -244,7 +244,7 @@ func DeleteEmail(ctx *context.Context) {

 // DeleteAccount render user suicide page and response for delete user himself
 func DeleteAccount(ctx *context.Context) {
-	if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureDeletion) {
+	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureDeletion) {
 		ctx.Error(http.StatusNotFound)
 		return
 	}
@ -328,7 +328,7 @@ func loadAccountData(ctx *context.Context) {
 	ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference
 	ctx.Data["ActivationsPending"] = pendingActivation
 	ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm
-	ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures
+	ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer)

 	if setting.Service.UserDeleteWithCommentsMaxTime != 0 {
 		ctx.Data["UserDeleteWithCommentsMaxTime"] = setting.Service.UserDeleteWithCommentsMaxTime.String()