Allow options to disable user gpg keys configuration from the interface on app.ini (#29486)

Follow #29447 Fix #29454 Extract from #20549 (cherry picked from commit 9de5e39e25009bacc5ca201ed97e9cbb623e56e9) Conflicts: custom/conf/app.example.ini docs/content/administration/config-cheat-sheet.en-us.md docs/content/administration/config-cheat-sheet.zh-cn.md trivial context conflict
2024-03-02 09:21:01 +08:00 · 2024-03-02 09:21:01 +08:00 · ee6ff937c0
commit ee6ff937c0
parent 85bf170ff0
7 changed files with 33 additions and 3 deletions
--- a/routers/api/v1/user/gpg_key.go
+++ b/routers/api/v1/user/gpg_key.go
@ -10,6 +10,7 @@ import (

 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
@ -132,6 +133,11 @@ func GetGPGKey(ctx *context.APIContext) {

 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
+	if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) {
+		ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))
+		return
+	}
+
 	token := asymkey_model.VerificationToken(ctx.Doer, 1)
 	lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)

@ -268,6 +274,11 @@ func DeleteGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

+	if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) {
+		ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))
+		return
+	}
+
 	if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.ParamsInt64(":id")); err != nil {
 		if asymkey_model.IsErrGPGKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")