Allow administrators to change visibility of FORCE_PRIVATE repositories afterwards #3154

New Issue

GiteaMirror · 2025-11-02T05:02:13-06:00

GiteaMirror commented

2025-11-02 05:02:13 -06:00

Originally created by @matthiasb85 on GitHub (Apr 8, 2019).

Gitea version (or commit ref): v1.8
Git version: 1.8.3.1
Operating system: CentOS 7.6
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:

Description

Hi folks, for our gitea installation it would be nice, if a standard user could only create private repositories. This can easily be achieved through the use of the FORCE_PRIVATE config flag. The caveat of this flag is, that such a repository can't be changed into a public one afterwards. Neither by the owner nor by a generic admin account. Since I didn't find anything in the documentation (and src) to enable such a functionality, I tried to change it by myself. The way to go was:

Remove the read only attribute in the template if accessed by an admin account
Allow changes to a .ForcePrivate repository
This resulted in the following two changes, which allows admin users to change the visibility of a repo afterwards, even though the global FORCE_PRIVATE setting is true:

diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index d68edb4..956f38e 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -97,7 +97,7 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
 
                visibilityChanged := repo.IsPrivate != form.Private
                // when ForcePrivate enabled, you could change public repo to private, but could not change private to public
-               if visibilityChanged && setting.Repository.ForcePrivate && !form.Private {
+               if visibilityChanged && setting.Repository.ForcePrivate && !form.Private && !ctx.User.IsAdmin {
                        ctx.ServerError("Force Private enabled", errors.New("cannot change private repository to public"))
                        return
                }
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index 94fbcbe..7e25206 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -19,7 +19,11 @@
                                        <div class="inline field">
                                                <label>{{.i18n.Tr "repo.visibility"}}</label>
                                                <div class="ui checkbox">
+                                                       {{if .IsAdmin}}
+                                                       <input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}>
+                                                       {{else}}
                                                        <input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}{{if and $.ForcePrivate .Repository.IsPrivate}} readonly{{end}}>
+                                                       {{end}}
                                                        <label>{{.i18n.Tr "repo.visibility_helper" | Safe}} {{if .Repository.NumForks}}<span class="text red">{{.i18n.Tr "repo.visibility_fork_helper"}}</span>{{end}}</label>
                                                </div>
                                        </div>

Is this a feature needed or wanted in gitea?
Am I doing something horibly wrong and such a feature doesn't make sense or has already been implemented?
Is this worth a pull request?

We (Institute of Computer and Network Engineering) definitly need such a feature, since we allow our students to create their own repositories. Nevertheless, we want to have control over what is publicly available and what is not.

Originally created by @matthiasb85 on GitHub (Apr 8, 2019). - Gitea version (or commit ref): v1.8 - Git version: 1.8.3.1 - Operating system: CentOS 7.6 - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description Hi folks, for our gitea installation it would be nice, if a standard user could only create private repositories. This can easily be achieved through the use of the FORCE_PRIVATE config flag. The caveat of this flag is, that such a repository can't be changed into a public one afterwards. Neither by the owner nor by a generic admin account. Since I didn't find anything in the documentation (and src) to enable such a functionality, I tried to change it by myself. The way to go was: 1. Remove the read only attribute in the template if accessed by an admin account 2. Allow changes to a .ForcePrivate repository This resulted in the following two changes, which allows admin users to change the visibility of a repo afterwards, even though the global FORCE_PRIVATE setting is true: ``` diff --git a/routers/repo/setting.go b/routers/repo/setting.go index d68edb4..956f38e 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -97,7 +97,7 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { visibilityChanged := repo.IsPrivate != form.Private // when ForcePrivate enabled, you could change public repo to private, but could not change private to public - if visibilityChanged && setting.Repository.ForcePrivate && !form.Private { + if visibilityChanged && setting.Repository.ForcePrivate && !form.Private && !ctx.User.IsAdmin { ctx.ServerError("Force Private enabled", errors.New("cannot change private repository to public")) return } diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl index 94fbcbe..7e25206 100644 --- a/templates/repo/settings/options.tmpl +++ b/templates/repo/settings/options.tmpl @@ -19,7 +19,11 @@ <div class="inline field"> <label>{{.i18n.Tr "repo.visibility"}}</label> <div class="ui checkbox"> + {{if .IsAdmin}} + <input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}> + {{else}} <input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}{{if and $.ForcePrivate .Repository.IsPrivate}} readonly{{end}}> + {{end}} <label>{{.i18n.Tr "repo.visibility_helper" | Safe}} {{if .Repository.NumForks}}<span class="text red">{{.i18n.Tr "repo.visibility_fork_helper"}}</span>{{end}}</label> </div> </div> ``` Is this a feature needed or wanted in gitea? Am I doing something horibly wrong and such a feature doesn't make sense or has already been implemented? Is this worth a pull request? We (Institute of Computer and Network Engineering) definitly need such a feature, since we allow our students to create their own repositories. Nevertheless, we want to have control over what is publicly available and what is not.

GiteaMirror added the type/proposal label 2025-11-02 05:02:13 -06:00

GiteaMirror closed this issue

2025-11-02 05:02:13 -06:00

GiteaMirror commented

2025-11-02 05:02:14 -06:00

@lunny commented on GitHub (Apr 9, 2019):

@matthiasb85 Please send a PR.

@lunny commented on GitHub (Apr 9, 2019): @matthiasb85 Please send a PR.

GiteaMirror commented

2025-11-02 05:02:14 -06:00

@wxiaoguang commented on GitHub (May 18, 2024):

Done in Allow admin users to set a repositoires visibility to public, even if FORCE_PRIVATE is to true (#6541) (#6572)

@wxiaoguang commented on GitHub (May 18, 2024): Done in Allow admin users to set a repositoires visibility to public, even if FORCE_PRIVATE is to true (#6541) (#6572)

GiteaMirror referenced this issue

2025-11-02 12:19:24 -06:00

[PR #3154] [MERGED] fix run web with -p push failed #16800

GiteaMirror referenced this issue

2025-11-02 12:19:47 -06:00

[PR #3179] [MERGED] fix run web with -p push failed (#3154) #16817

Sign in to join this conversation.