Allow disalbe part user settings

Author: lunny

custom/conf/app.example.ini

@@ -2481,3 +2481,7 @@ ROUTER = console
 ;PROXY_URL =
 ;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
 ;PROXY_HOSTS =
+
+;[user]
+; Disabled modules from user settings, could be passwods, suicide, security, applications, gpg keys, organiztions
+;USER_SETTING_DISABLED_MODULES =

modules/setting/setting.go

@@ -1128,6 +1128,8 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
 	for _, emoji := range UI.CustomEmojis {
 		UI.CustomEmojisMap[emoji] = ":" + emoji + ":"
 	}
+
+	newUserSetting()
 }
 
 func parseAuthorizedPrincipalsAllow(values []string) ([]string, bool) {

modules/setting/user.go

@@ -0,0 +1,34 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package setting
+
+import (
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+)
+
+// userSetting represents user settings
+type userSetting struct {
+	SettingDisabledModules []string
+}
+
+func (s *userSetting) Enabled(module string) bool {
+	for _, m := range s.SettingDisabledModules {
+		if strings.EqualFold(m, module) {
+			return false
+		}
+	}
+	return true
+}
+
+var User userSetting
+
+func newUserSetting() {
+	sec := Cfg.Section("user")
+	if err := sec.MapTo(&User); err != nil {
+		log.Fatal("user setting mapping failed: %v", err)
+	}
+}

routers/web/user/setting/keys.go

@@ -5,6 +5,7 @@
 package setting
 
 import (
+	"fmt"
 	"net/http"
 
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
@@ -77,6 +78,11 @@ func KeysPost(ctx *context.Context) {
 		ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "gpg":
+		if !setting.User.Enabled("gpg keys") {
+			ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting are not allowed"))
+			return
+		}
+
 		token := asymkey_model.VerificationToken(ctx.Doer, 1)
 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)
 
@@ -216,6 +222,10 @@ func KeysPost(ctx *context.Context) {
 func DeleteKey(ctx *context.Context) {
 	switch ctx.FormString("type") {
 	case "gpg":
+		if !setting.User.Enabled("gpg keys") {
+			ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting are not allowed"))
+			return
+		}
 		if err := asymkey_model.DeleteGPGKey(ctx.Doer, ctx.FormInt64("id")); err != nil {
 			ctx.Flash.Error("DeleteGPGKey: " + err.Error())
 		} else {

routers/web/web.go

@@ -316,6 +316,14 @@ func RegisterRoutes(m *web.Route) {
 		}
 	}
 
+	userSettingModuleEnabled := func(module string) func(ctx *context.Context) {
+		return func(ctx *context.Context) {
+			if !setting.User.Enabled(module) {
+				ctx.Error(http.StatusNotFound)
+			}
+		}
+	}
+
 	// FIXME: not all routes need go through same middleware.
 	// Especially some AJAX requests, we can reduce middleware number to improve performance.
 	// Routers.
@@ -406,15 +414,15 @@ func RegisterRoutes(m *web.Route) {
 	m.Group("/user/settings", func() {
 		m.Get("", user_setting.Profile)
 		m.Post("", bindIgnErr(forms.UpdateProfileForm{}), user_setting.ProfilePost)
-		m.Get("/change_password", auth.MustChangePassword)
-		m.Post("/change_password", bindIgnErr(forms.MustChangePasswordForm{}), auth.MustChangePasswordPost)
+		m.Get("/change_password", userSettingModuleEnabled("password"), auth.MustChangePassword)
+		m.Post("/change_password", userSettingModuleEnabled("password"), bindIgnErr(forms.MustChangePasswordForm{}), auth.MustChangePasswordPost)
 		m.Post("/avatar", bindIgnErr(forms.AvatarForm{}), user_setting.AvatarPost)
 		m.Post("/avatar/delete", user_setting.DeleteAvatar)
 		m.Group("/account", func() {
 			m.Combo("").Get(user_setting.Account).Post(bindIgnErr(forms.ChangePasswordForm{}), user_setting.AccountPost)
 			m.Post("/email", bindIgnErr(forms.AddEmailForm{}), user_setting.EmailPost)
 			m.Post("/email/delete", user_setting.DeleteEmail)
-			m.Post("/delete", user_setting.DeleteAccount)
+			m.Post("/delete", userSettingModuleEnabled("suicide"), user_setting.DeleteAccount)
 		})
 		m.Group("/appearance", func() {
 			m.Get("", user_setting.Appearance)
@@ -441,18 +449,18 @@ func RegisterRoutes(m *web.Route) {
 				m.Post("/toggle_visibility", security.ToggleOpenIDVisibility)
 			}, openIDSignInEnabled)
 			m.Post("/account_link", linkAccountEnabled, security.DeleteAccountLink)
-		})
+		}, userSettingModuleEnabled("security"))
 		m.Group("/applications/oauth2", func() {
 			m.Get("/{id}", user_setting.OAuth2ApplicationShow)
 			m.Post("/{id}", bindIgnErr(forms.EditOAuth2ApplicationForm{}), user_setting.OAuthApplicationsEdit)
 			m.Post("/{id}/regenerate_secret", user_setting.OAuthApplicationsRegenerateSecret)
 			m.Post("", bindIgnErr(forms.EditOAuth2ApplicationForm{}), user_setting.OAuthApplicationsPost)
 			m.Post("/{id}/delete", user_setting.DeleteOAuth2Application)
 			m.Post("/{id}/revoke/{grantId}", user_setting.RevokeOAuth2Grant)
-		})
-		m.Combo("/applications").Get(user_setting.Applications).
-			Post(bindIgnErr(forms.NewAccessTokenForm{}), user_setting.ApplicationsPost)
-		m.Post("/applications/delete", user_setting.DeleteApplication)
+		}, userSettingModuleEnabled("applications"))
+		m.Combo("/applications").Get(userSettingModuleEnabled("applications"), user_setting.Applications).
+			Post(userSettingModuleEnabled("applications"), bindIgnErr(forms.NewAccessTokenForm{}), user_setting.ApplicationsPost)
+		m.Post("/applications/delete", userSettingModuleEnabled("applications"), user_setting.DeleteApplication)
 		m.Combo("/keys").Get(user_setting.Keys).
 			Post(bindIgnErr(forms.AddKeyForm{}), user_setting.KeysPost)
 		m.Post("/keys/delete", user_setting.DeleteKey)
@@ -470,13 +478,14 @@ func RegisterRoutes(m *web.Route) {
 				})
 			})
 		}, packagesEnabled)
-		m.Get("/organization", user_setting.Organization)
+		m.Get("/organization", userSettingModuleEnabled("organizations"), user_setting.Organization)
 		m.Get("/repos", user_setting.Repos)
 		m.Post("/repos/unadopted", user_setting.AdoptOrDeleteRepository)
 	}, reqSignIn, func(ctx *context.Context) {
 		ctx.Data["PageIsUserSettings"] = true
 		ctx.Data["AllThemes"] = setting.UI.Themes
 		ctx.Data["EnablePackages"] = setting.Packages.Enabled
+		ctx.Data["UserModules"] = &setting.User
 	})
 
 	m.Group("/user", func() {

templates/user/settings/account.tmpl

@@ -3,40 +3,42 @@
 	{{template "user/settings/navbar" .}}
 	<div class="ui container">
 		{{template "base/alert" .}}
-		<h4 class="ui top attached header">
-			{{.locale.Tr "settings.password"}}
-		</h4>
-		<div class="ui attached segment">
-			{{if or (.SignedUser.IsLocal) (.SignedUser.IsOAuth2)}}
-			<form class="ui form ignore-dirty" action="{{AppSubUrl}}/user/settings/account" method="post">
-				{{template "base/disable_form_autofill"}}
-				{{.CsrfTokenHtml}}
-				{{if .SignedUser.IsPasswordSet}}
-				<div class="required field {{if .Err_OldPassword}}error{{end}}">
-					<label for="old_password">{{.locale.Tr "settings.old_password"}}</label>
-					<input id="old_password" name="old_password" type="password" autocomplete="current-password" autofocus required>
-				</div>
-				{{end}}
-				<div class="required field {{if .Err_Password}}error{{end}}">
-					<label for="password">{{.locale.Tr "settings.new_password"}}</label>
-					<input id="password" name="password" type="password" autocomplete="new-password" required>
-				</div>
-				<div class="required field {{if .Err_Password}}error{{end}}">
-					<label for="retype">{{.locale.Tr "settings.retype_new_password"}}</label>
-					<input id="retype" name="retype" type="password" autocomplete="new-password" required>
-				</div>
+		{{if $.UserModules.Enabled "password"}}
+			<h4 class="ui top attached header">
+				{{.locale.Tr "settings.password"}}
+			</h4>
+			<div class="ui attached segment">
+				{{if or (.SignedUser.IsLocal) (.SignedUser.IsOAuth2)}}
+				<form class="ui form ignore-dirty" action="{{AppSubUrl}}/user/settings/account" method="post">
+					{{template "base/disable_form_autofill"}}
+					{{.CsrfTokenHtml}}
+					{{if .SignedUser.IsPasswordSet}}
+					<div class="required field {{if .Err_OldPassword}}error{{end}}">
+						<label for="old_password">{{.locale.Tr "settings.old_password"}}</label>
+						<input id="old_password" name="old_password" type="password" autocomplete="current-password" autofocus required>
+					</div>
+					{{end}}
+					<div class="required field {{if .Err_Password}}error{{end}}">
+						<label for="password">{{.locale.Tr "settings.new_password"}}</label>
+						<input id="password" name="password" type="password" autocomplete="new-password" required>
+					</div>
+					<div class="required field {{if .Err_Password}}error{{end}}">
+						<label for="retype">{{.locale.Tr "settings.retype_new_password"}}</label>
+						<input id="retype" name="retype" type="password" autocomplete="new-password" required>
+					</div>
 
-				<div class="field">
-					<button class="ui green button">{{$.locale.Tr "settings.change_password"}}</button>
-					<a href="{{AppSubUrl}}/user/forgot_password?email={{.Email}}">{{.locale.Tr "auth.forgot_password"}}</a>
+					<div class="field">
+						<button class="ui green button">{{$.locale.Tr "settings.change_password"}}</button>
+						<a href="{{AppSubUrl}}/user/forgot_password?email={{.Email}}">{{.locale.Tr "auth.forgot_password"}}</a>
+					</div>
+				</form>
+				{{else}}
+				<div class="ui info message">
+					<p class="text left">{{$.locale.Tr "settings.password_change_disabled"}}</p>
 				</div>
-			</form>
-			{{else}}
-			<div class="ui info message">
-				<p class="text left">{{$.locale.Tr "settings.password_change_disabled"}}</p>
+				{{end}}
 			</div>
-			{{end}}
-		</div>
+		{{end}}
 
 		<h4 class="ui top attached header">
 			{{.locale.Tr "settings.manage_emails"}}
@@ -172,15 +174,17 @@
 	{{template "base/delete_modal_actions" .}}
 </div>
 
-<div class="ui small basic delete modal" id="delete-account">
-	<div class="ui icon header">
-		{{svg "octicon-trash"}}
-		{{.locale.Tr "settings.delete_account_title"}}
-	</div>
-	<div class="content">
-		<p>{{.locale.Tr "settings.delete_account_desc"}}</p>
+{{if $.UserModules.Enabled "suicide"}}
+	<div class="ui small basic delete modal" id="delete-account">
+		<div class="ui icon header">
+			{{svg "octicon-trash"}}
+			{{.locale.Tr "settings.delete_account_title"}}
+		</div>
+		<div class="content">
+			<p>{{.locale.Tr "settings.delete_account_desc"}}</p>
+		</div>
+		{{template "base/delete_modal_actions" .}}
 	</div>
-	{{template "base/delete_modal_actions" .}}
-</div>
+{{end}}
 
 {{template "base/footer" .}}

templates/user/settings/keys.tmpl

@@ -5,7 +5,9 @@
 		{{template "base/alert" .}}
 		{{template "user/settings/keys_ssh" .}}
 		{{template "user/settings/keys_principal" .}}
-		{{template "user/settings/keys_gpg" .}}
+		{{if $.UserModules.Enabled "gpg keys"}}
+			{{template "user/settings/keys_gpg" .}}
+		{{end}}
 	</div>
 </div>
 

templates/user/settings/navbar.tmpl

@@ -9,12 +9,16 @@
 		<a class="{{if .PageIsSettingsAppearance}}active {{end}}item" href="{{AppSubUrl}}/user/settings/appearance">
 			{{.locale.Tr "settings.appearance"}}
 		</a>
-		<a class="{{if .PageIsSettingsSecurity}}active {{end}}item" href="{{AppSubUrl}}/user/settings/security">
-			{{.locale.Tr "settings.security"}}
-		</a>
-		<a class="{{if .PageIsSettingsApplications}}active {{end}}item" href="{{AppSubUrl}}/user/settings/applications">
-			{{.locale.Tr "settings.applications"}}
-		</a>
+		{{if $.UserModules.Enabled "security"}}
+			<a class="{{if .PageIsSettingsSecurity}}active {{end}}item" href="{{AppSubUrl}}/user/settings/security">
+				{{.locale.Tr "settings.security"}}
+			</a>
+		{{end}}
+		{{if $.UserModules.Enabled "applications"}}
+			<a class="{{if .PageIsSettingsApplications}}active {{end}}item" href="{{AppSubUrl}}/user/settings/applications">
+				{{.locale.Tr "settings.applications"}}
+			</a>
+		{{end}}
 		<a class="{{if .PageIsSettingsKeys}}active {{end}}item" href="{{AppSubUrl}}/user/settings/keys">
 			{{.locale.Tr "settings.ssh_gpg_keys"}}
 		</a>
@@ -23,9 +27,11 @@
 			{{.locale.Tr "packages.title"}}
 		</a>
 		{{end}}
-		<a class="{{if .PageIsSettingsOrganization}}active {{end}}item" href="{{AppSubUrl}}/user/settings/organization">
-			{{.locale.Tr "settings.organization"}}
-		</a>
+		{{if $.UserModules.Enabled "organizations"}}
+			<a class="{{if .PageIsSettingsOrganization}}active {{end}}item" href="{{AppSubUrl}}/user/settings/organization">
+				{{.locale.Tr "settings.organization"}}
+			</a>
+		{{end}}
 		<a class="{{if .PageIsSettingsRepos}}active {{end}}item" href="{{AppSubUrl}}/user/settings/repos">
 			{{.locale.Tr "settings.repos"}}
 		</a>