Add setting to disable user features when user login type is not plain (#29615)
## Changes - Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported user features when login type is not plain - In general, this is necessary for SSO implementations to avoid inconsistencies between the external account management and the linked account - Adds helper functions to encourage correct use
This commit is contained in:
Jack Hay
GitHub
parent
849eee8db7
commit
59d4aadba5
9 changed files with 84 additions and 16 deletions
|
|
@ -1232,3 +1232,21 @@ func GetOrderByName() string {
|
|||
}
|
||||
return "name"
|
||||
}
|
||||
|
||||
// IsFeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the
|
||||
// user if applicable
|
||||
func IsFeatureDisabledWithLoginType(user *User, feature string) bool {
|
||||
// NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType
|
||||
return (user != nil && user.LoginType > auth.Plain && setting.Admin.ExternalUserDisableFeatures.Contains(feature)) ||
|
||||
setting.Admin.UserDisabledFeatures.Contains(feature)
|
||||
}
|
||||
|
||||
// DisabledFeaturesWithLoginType returns the set of user features disabled, taking into account the login type
|
||||
// of the user if applicable
|
||||
func DisabledFeaturesWithLoginType(user *User) *container.Set[string] {
|
||||
// NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType
|
||||
if user != nil && user.LoginType > auth.Plain {
|
||||
return &setting.Admin.ExternalUserDisableFeatures
|
||||
}
|
||||
return &setting.Admin.UserDisabledFeatures
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue