Browse Source

Disable custom Git Hooks globally via configuration file (#2450)

* Create option to disable githooks globally via configuration file

* Update comment in app.ini to align with @ethantkoenig's suggestion

Signed-off-by: Matti Ranta <matti@mdranta.net>
techknowlogick 2 years ago
parent
commit
9bdbfbf6f3
5 changed files with 9 additions and 2 deletions
  1. 2 0
      conf/app.ini
  2. 1 1
      models/user.go
  3. 2 0
      modules/setting/setting.go
  4. 3 0
      modules/templates/helper.go
  5. 1 1
      templates/admin/user/edit.tmpl

+ 2 - 0
conf/app.ini

@@ -206,6 +206,8 @@ REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
206 206
 MIN_PASSWORD_LENGTH = 6
207 207
 ; True when users are allowed to import local server paths
208 208
 IMPORT_LOCAL_PATHS = false
209
+; Prevent all users (including admin) from creating custom git hooks
210
+DISABLE_GIT_HOOKS = false
209 211
 
210 212
 [openid]
211 213
 ;

+ 1 - 1
models/user.go

@@ -237,7 +237,7 @@ func (u *User) CanCreateOrganization() bool {
237 237
 
238 238
 // CanEditGitHook returns true if user can edit Git hooks.
239 239
 func (u *User) CanEditGitHook() bool {
240
-	return u.IsAdmin || u.AllowGitHook
240
+	return !setting.DisableGitHooks && (u.IsAdmin || u.AllowGitHook)
241 241
 }
242 242
 
243 243
 // CanImportLocal returns true if user can migrate repository by local path.

+ 2 - 0
modules/setting/setting.go

@@ -124,6 +124,7 @@ var (
124 124
 	ReverseProxyAuthUser string
125 125
 	MinPasswordLength    int
126 126
 	ImportLocalPaths     bool
127
+	DisableGitHooks      bool
127 128
 
128 129
 	// Database settings
129 130
 	UseSQLite3    bool
@@ -817,6 +818,7 @@ func NewContext() {
817 818
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
818 819
 	MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
819 820
 	ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
821
+	DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false)
820 822
 	InternalToken = sec.Key("INTERNAL_TOKEN").String()
821 823
 	if len(InternalToken) == 0 {
822 824
 		secretBytes := make([]byte, 32)

+ 3 - 0
modules/templates/helper.go

@@ -155,6 +155,9 @@ func NewFuncMap() []template.FuncMap {
155 155
 			}
156 156
 			return out.String()
157 157
 		},
158
+		"DisableGitHooks": func() bool {
159
+			return setting.DisableGitHooks
160
+		},
158 161
 	}}
159 162
 }
160 163
 

+ 1 - 1
templates/admin/user/edit.tmpl

@@ -86,7 +86,7 @@
86 86
 				<div class="inline field">
87 87
 					<div class="ui checkbox">
88 88
 						<label><strong>{{.i18n.Tr "admin.users.allow_git_hook"}}</strong></label>
89
-						<input name="allow_git_hook" type="checkbox" {{if .User.CanEditGitHook}}checked{{end}}>
89
+						<input name="allow_git_hook" type="checkbox" {{if .User.CanEditGitHook}}checked{{end}} {{if DisableGitHooks}}disabled{{end}}>
90 90
 					</div>
91 91
 				</div>
92 92
 				<div class="inline field">