Skip to content

Restrict organization danger zone actions to site admins via admin config#37091

Open
lunny wants to merge 5 commits intogo-gitea:mainfrom
lunny:lunny/support_disable_org_dangerzone
Open

Restrict organization danger zone actions to site admins via admin config#37091
lunny wants to merge 5 commits intogo-gitea:mainfrom
lunny:lunny/support_disable_org_dangerzone

Conversation

@lunny
Copy link
Copy Markdown
Member

@lunny lunny commented Apr 3, 2026

This introduces a new [admin] setting (ORG_DISABLED_FEATURES = danger_zone) that limits organization danger zone actions (delete, rename, visibility change) to site administrators. Org owners keep access to all other organization settings.

Changes include:

  • New admin setting and loader for org-level feature flags.
  • Centralized CanManageOrgDangerZone helper.
  • Web UI hides danger zone section when restricted.
  • API and web handlers enforce the restriction.
  • Added tests for the new admin config behavior.
  • Documented the setting in app.example.ini.

@lunny lunny added the type/enhancement An improvement of existing functionality label Apr 3, 2026
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Apr 3, 2026
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files docs-update-needed The document needs to be updated synchronously labels Apr 3, 2026
@lunny lunny marked this pull request as ready for review April 3, 2026 05:40
wxiaoguang
wxiaoguang reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you able to write a correct CanManageOrgDangerZone(doer)?

@lunny
Copy link
Copy Markdown
Member Author

lunny commented Apr 3, 2026

Are you able to write a correct CanManageOrgDangerZone(doer)?

The function is used behind the current doer's permission's check in the router system. It just checks the configuration.

@wxiaoguang
Copy link
Copy Markdown
Contributor

wxiaoguang commented Apr 3, 2026
edited
Loading

Are you able to write a correct CanManageOrgDangerZone(doer)?

The function is used behind the current doer's permission's check in the router system. It just checks the configuration.

So why you need to keep writing doer != nil && CanManageOrgDangerZone(doer.IsAdmin)?

wxiaoguang
wxiaoguang reviewed Apr 3, 2026
View reviewed changes
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Apr 3, 2026
wxiaoguang
wxiaoguang requested changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CanManageOrgDangerZone(doer)

@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 3, 2026
@Zettat123 Zettat123 self-requested a review April 4, 2026 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wxiaoguang wxiaoguang wxiaoguang requested changes

@Zettat123 Zettat123 Awaiting requested review from Zettat123

Assignees

No one assigned

Labels

docs-update-needed The document needs to be updated synchronously lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files type/enhancement An improvement of existing functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lunny @wxiaoguang @Zettat123 @GiteaBot