Add configuration to restrict allowed user visibility modes

models/user.go

@@ -1064,7 +1064,7 @@ func checkDupEmail(e Engine, u *User) error {
 
 // validateUser check if user is valide to insert / update into database
 func validateUser(u *User) error {
-	if !setting.Service.AllowedUserVisibilityModesMap[u.Visibility] {
+	if !setting.Service.AllowedUserVisibilityModesSlice.IsAllowedVisibility(u.Visibility) {
 		return fmt.Errorf("visibility Mode not allowed: %s", u.Visibility.String())
 	}
 

models/user_mail_test.go

@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 
 	"github.com/stretchr/testify/assert"
@@ -168,8 +167,7 @@ func TestMakeEmailPrimary(t *testing.T) {
 
 func TestActivate(t *testing.T) {
 	assert.NoError(t, PrepareTestDatabase())
-	setting.Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
-	setting.Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, true, true}
 
 	email := &EmailAddress{
 		ID:    int64(1),

models/user_test.go

@@ -190,8 +190,7 @@ func TestDeleteUser(t *testing.T) {
 
 func TestEmailNotificationPreferences(t *testing.T) {
 	assert.NoError(t, PrepareTestDatabase())
-	setting.Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
-	setting.Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, true, true}
 
 	for _, test := range []struct {
 		expected string
@@ -312,8 +311,7 @@ func TestDisplayName(t *testing.T) {
 }
 
 func TestCreateUser(t *testing.T) {
-	setting.Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
-	setting.Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, true, true}
 
 	user := &User{
 		Name:               "GiteaBot",
@@ -330,8 +328,7 @@ func TestCreateUser(t *testing.T) {
 }
 
 func TestCreateUserInvalidEmail(t *testing.T) {
-	setting.Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
-	setting.Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, true, true}
 
 	user := &User{
 		Name:               "GiteaBot",
@@ -348,8 +345,7 @@ func TestCreateUserInvalidEmail(t *testing.T) {
 }
 
 func TestCreateUser_Issue5882(t *testing.T) {
-	setting.Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
-	setting.Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, true, true}
 
 	// Init settings
 	_ = setting.Admin
@@ -490,8 +486,7 @@ func TestUpdateUser(t *testing.T) {
 	user = AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
 	assert.True(t, user.KeepActivityPrivate)
 
-	setting.Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
-	setting.Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, false, false}
 	user.KeepActivityPrivate = false
 	user.Visibility = structs.VisibleTypePrivate
 	assert.Error(t, UpdateUser(user))

modules/setting/service.go

@@ -18,7 +18,7 @@ var Service struct {
 	DefaultUserVisibility                   string
 	DefaultUserVisibilityMode               structs.VisibleType
 	AllowedUserVisibilityModes              []string
-	AllowedUserVisibilityModesMap           map[structs.VisibleType]bool `ini:"-"`
+	AllowedUserVisibilityModesSlice         AllowedVisibility `ini:"-"`
 	DefaultOrgVisibility                    string
 	DefaultOrgVisibilityMode                structs.VisibleType
 	ActiveCodeLives                         int
@@ -75,6 +75,16 @@ var Service struct {
 	} `ini:"service.explore"`
 }
 
+// AllowedVisibility store in a 3 item bool array what is allowed
+type AllowedVisibility []bool
+
+func (a AllowedVisibility) IsAllowedVisibility(t structs.VisibleType) bool {
+	if int(t) >= len(a) {
+		return false
+	}
+	return a[t]
+}
+
 func newService() {
 	sec := Cfg.Section("service")
 	Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
@@ -125,14 +135,13 @@ func newService() {
 	Service.DefaultUserVisibility = sec.Key("DEFAULT_USER_VISIBILITY").In("public", structs.ExtractKeysFromMapString(structs.VisibilityModes))
 	Service.DefaultUserVisibilityMode = structs.VisibilityModes[Service.DefaultUserVisibility]
 	Service.AllowedUserVisibilityModes = sec.Key("ALLOWED_USER_VISIBILITY_MODES").Strings(",")
-	Service.AllowedUserVisibilityModesMap = make(map[structs.VisibleType]bool)
-	for _, modes := range Service.AllowedUserVisibilityModes {
-		Service.AllowedUserVisibilityModesMap[structs.VisibilityModes[modes]] = true
-	}
-	if len(Service.AllowedUserVisibilityModesMap) == 0 {
-		Service.AllowedUserVisibilityModesMap[structs.VisibleTypePublic] = true
-		Service.AllowedUserVisibilityModesMap[structs.VisibleTypeLimited] = true
-		Service.AllowedUserVisibilityModesMap[structs.VisibleTypePrivate] = true
+	if len(Service.AllowedUserVisibilityModes) == 0 {
+		Service.AllowedUserVisibilityModesSlice = []bool{true, true, true}
+	} else {
+		Service.AllowedUserVisibilityModesSlice = []bool{false, false, false}
+		for _, sMode := range Service.AllowedUserVisibilityModes {
+			Service.AllowedUserVisibilityModesSlice[structs.VisibilityModes[sMode]] = true
+		}
 	}
 	Service.DefaultOrgVisibility = sec.Key("DEFAULT_ORG_VISIBILITY").In("public", structs.ExtractKeysFromMapString(structs.VisibilityModes))
 	Service.DefaultOrgVisibilityMode = structs.VisibilityModes[Service.DefaultOrgVisibility]

routers/web/admin/users.go

@@ -17,6 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/password"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/web/explore"
 	router_user_setting "code.gitea.io/gitea/routers/web/user/setting"
@@ -52,7 +53,13 @@ func NewUser(ctx *context.Context) {
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminUsers"] = true
 	ctx.Data["DefaultUserVisibilityMode"] = setting.Service.DefaultUserVisibilityMode
-	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesMap
+	var allowedUserVisibilityModes []structs.VisibleType
+	for i, v := range setting.Service.AllowedUserVisibilityModesSlice {
+		if v {
+			allowedUserVisibilityModes = append(allowedUserVisibilityModes, structs.VisibleType(i))
+		}
+	}
+	ctx.Data["AllowedUserVisibilityModes"] = allowedUserVisibilityModes
 
 	ctx.Data["login_type"] = "0-0"
 
@@ -212,7 +219,13 @@ func EditUser(ctx *context.Context) {
 	ctx.Data["PageIsAdminUsers"] = true
 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation
 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
-	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesMap
+	var allowedUserVisibilityModes []structs.VisibleType
+	for i, v := range setting.Service.AllowedUserVisibilityModesSlice {
+		if v {
+			allowedUserVisibilityModes = append(allowedUserVisibilityModes, structs.VisibleType(i))
+		}
+	}
+	ctx.Data["AllowedUserVisibilityModes"] = allowedUserVisibilityModes
 
 	prepareUserInfo(ctx)
 	if ctx.Written() {

routers/web/user/setting/account_test.go

@@ -18,6 +18,8 @@ import (
 )
 
 func TestChangePassword(t *testing.T) {
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, true, true}
+
 	oldPassword := "password"
 	setting.MinPasswordLength = 6
 	var pcALL = []string{"lower", "upper", "digit", "spec"}

routers/web/user/setting/profile.go

@@ -19,6 +19,7 @@ import (
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/typesniffer"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
@@ -38,7 +39,13 @@ const (
 func Profile(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsProfile"] = true
-	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesMap
+	var allowedUserVisibilityModes []structs.VisibleType
+	for i, v := range setting.Service.AllowedUserVisibilityModesSlice {
+		if v {
+			allowedUserVisibilityModes = append(allowedUserVisibilityModes, structs.VisibleType(i))
+		}
+	}
+	ctx.Data["AllowedUserVisibilityModes"] = allowedUserVisibilityModes
 
 	ctx.HTML(http.StatusOK, tplSettingsProfile)
 }

templates/admin/user/edit.tmpl

@@ -42,12 +42,12 @@
 						</div>
 						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 						<div class="menu">
-							{{range $key, $value := .AllowedUserVisibilityModes}}
-								{{if $key.IsPublic}}
+							{{range $mode := .AllowedUserVisibilityModes}}
+								{{if $mode.IsPublic}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.public_tooltip"}}" data-value="0">{{$.i18n.Tr "settings.visibility.public"}}</div>
-								{{else if $key.IsLimited}}
+								{{else if $mode.IsLimited}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.limited_tooltip"}}" data-value="1">{{$.i18n.Tr "settings.visibility.limited"}}</div>
-								{{else if $key.IsPrivate}}
+								{{else if $mode.IsPrivate}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.private_tooltip"}}" data-value="2">{{$.i18n.Tr "settings.visibility.private"}}</div>
 								{{end}}
 							{{end}}

templates/admin/user/new.tmpl

@@ -36,12 +36,12 @@
 						</div>
 						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 						<div class="menu">
-							{{range $key, $value := .AllowedUserVisibilityModes}}
-								{{if $key.IsPublic}}
+							{{range $mode := .AllowedUserVisibilityModes}}
+								{{if $mode.IsPublic}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.public_tooltip"}}" data-value="0">{{$.i18n.Tr "settings.visibility.public"}}</div>
-								{{else if $key.IsLimited}}
+								{{else if $mode.IsLimited}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.limited_tooltip"}}" data-value="1">{{$.i18n.Tr "settings.visibility.limited"}}</div>
-								{{else if $key.IsPrivate}}
+								{{else if $mode.IsPrivate}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.private_tooltip"}}" data-value="2">{{$.i18n.Tr "settings.visibility.private"}}</div>
 								{{end}}
 							{{end}}

templates/user/settings/profile.tmpl

@@ -81,12 +81,12 @@
 						</div>
 						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 						<div class="menu">
-							{{range $key, $value := .AllowedUserVisibilityModes}}
-								{{if $key.IsPublic}}
+							{{range $mode := .AllowedUserVisibilityModes}}
+								{{if $mode.IsPublic}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.public_tooltip"}}" data-value="0">{{$.i18n.Tr "settings.visibility.public"}}</div>
-								{{else if $key.IsLimited}}
+								{{else if $mode.IsLimited}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.limited_tooltip"}}" data-value="1">{{$.i18n.Tr "settings.visibility.limited"}}</div>
-								{{else if $key.IsPrivate}}
+								{{else if $mode.IsPrivate}}
 									<div class="item poping up" data-content="{{$.i18n.Tr "settings.visibility.private_tooltip"}}" data-value="2">{{$.i18n.Tr "settings.visibility.private"}}</div>
 								{{end}}
 							{{end}}