zjjhot
diff --git a/‎.github/labeler.yml
Lines changed: 1 addition & 1 deletion b/‎.github/labeler.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/files-changed.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/files-changed.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.stylelintrc.yaml
Lines changed: 0 additions & 223 deletions b/‎.stylelintrc.yaml
Lines changed: 0 additions & 223 deletions
diff --git a/‎custom/conf/app.example.ini
Lines changed: 5 additions & 0 deletions b/‎custom/conf/app.example.ini
Lines changed: 5 additions & 0 deletions
diff --git a/‎docs/content/administration/config-cheat-sheet.en-us.md
Lines changed: 4 additions & 0 deletions b/‎docs/content/administration/config-cheat-sheet.en-us.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎models/user/user.go
Lines changed: 22 additions & 1 deletion b/‎models/user/user.go
Lines changed: 22 additions & 1 deletion
diff --git a/‎models/user/user_test.go
Lines changed: 35 additions & 0 deletions b/‎models/user/user_test.go
Lines changed: 35 additions & 0 deletions
diff --git a/‎modules/git/commit_convert_gogit.go
Lines changed: 6 additions & 0 deletions b/‎modules/git/commit_convert_gogit.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎modules/git/commit_reader.go
Lines changed: 2 additions & 0 deletions b/‎modules/git/commit_reader.go
Lines changed: 2 additions & 0 deletions
@@ -53,7 +53,7 @@ modifies/internal:
           - ".gitpod.yml"
           - ".markdownlint.yaml"
           - ".spectral.yaml"
-          - ".stylelintrc.yaml"
+          - "stylelint.config.js"
           - ".yamllint.yaml"
           - ".github/**"
           - ".gitea/"
 
@@ -58,7 +58,7 @@ jobs:
               - "package-lock.json"
               - "Makefile"
               - ".eslintrc.yaml"
-              - ".stylelintrc.yaml"
+              - "stylelint.config.js"
               - ".npmrc"
 
             docs:
 
@@ -1485,6 +1485,11 @@ LEVEL = Info
 ;; - manage_ssh_keys: a user cannot configure ssh keys
 ;; - manage_gpg_keys: a user cannot configure gpg keys
 ;USER_DISABLED_FEATURES =
+;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
+;; - deletion: a user cannot delete their own account
+;; - manage_ssh_keys: a user cannot configure ssh keys
+;; - manage_gpg_keys: a user cannot configure gpg keys
+;;EXTERNAL_USER_DISABLE_FEATURES =
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
@@ -522,6 +522,10 @@ And the following unique queues:
   - `deletion`: User cannot delete their own account.
   - `manage_ssh_keys`: User cannot configure ssh keys.
   - `manage_gpg_keys`: User cannot configure gpg keys.
+- `EXTERNAL_USER_DISABLE_FEATURES`: **_empty_**: Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
+  - `deletion`: User cannot delete their own account.
+  - `manage_ssh_keys`: User cannot configure ssh keys.
+  - `manage_gpg_keys`: User cannot configure gpg keys.
 
 ## Security (`security`)
 
 
@@ -1233,6 +1233,27 @@ func GetOrderByName() string {
 	return "name"
 }
 
+
+
+// IsFeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the
+// user if applicable
+func IsFeatureDisabledWithLoginType(user *User, feature string) bool {
+	// NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType
+	return (user != nil && user.LoginType > auth.Plain && setting.Admin.ExternalUserDisableFeatures.Contains(feature)) ||
+		setting.Admin.UserDisabledFeatures.Contains(feature)
+}
+
+// DisabledFeaturesWithLoginType returns the set of user features disabled, taking into account the login type
+// of the user if applicable
+func DisabledFeaturesWithLoginType(user *User) *container.Set[string] {
+	// NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType
+	if user != nil && user.LoginType > auth.Plain {
+		return &setting.Admin.ExternalUserDisableFeatures
+	}
+	return &setting.Admin.UserDisabledFeatures
+}
+
+
 // user customer funtions
 /*
 func contain(s []string, e string) bool {
@@ -1249,4 +1270,4 @@ func (u *User) ThemeContainsPark() bool {
 	ars := []string{"plex", "aquamarine", "dark", "dracula", "hotline", "organizr", "space-gray", "hotpink", "onedark", "overseerr", "nord"}
 	//return contain(ars, u.Theme)
 	return util.SliceContainsString(ars, u.Theme)
-}
+}
@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/auth/password/hash"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
@@ -526,3 +527,37 @@ func Test_NormalizeUserFromEmail(t *testing.T) {
 		}
 	}
 }
+
+func TestDisabledUserFeatures(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	testValues := container.SetOf(setting.UserFeatureDeletion,
+		setting.UserFeatureManageSSHKeys,
+		setting.UserFeatureManageGPGKeys)
+
+	oldSetting := setting.Admin.ExternalUserDisableFeatures
+	defer func() {
+		setting.Admin.ExternalUserDisableFeatures = oldSetting
+	}()
+	setting.Admin.ExternalUserDisableFeatures = testValues
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+
+	assert.Len(t, setting.Admin.UserDisabledFeatures.Values(), 0)
+
+	// no features should be disabled with a plain login type
+	assert.LessOrEqual(t, user.LoginType, auth.Plain)
+	assert.Len(t, user_model.DisabledFeaturesWithLoginType(user).Values(), 0)
+	for _, f := range testValues.Values() {
+		assert.False(t, user_model.IsFeatureDisabledWithLoginType(user, f))
+	}
+
+	// check disabled features with external login type
+	user.LoginType = auth.OAuth2
+
+	// all features should be disabled
+	assert.NotEmpty(t, user_model.DisabledFeaturesWithLoginType(user).Values())
+	for _, f := range testValues.Values() {
+		assert.True(t, user_model.IsFeatureDisabledWithLoginType(user, f))
+	}
+}
@@ -47,6 +47,12 @@ func convertPGPSignature(c *object.Commit) *CommitGPGSignature {
 		return nil
 	}
 
+	if c.Encoding != "" && c.Encoding != "UTF-8" {
+		if _, err = fmt.Fprintf(&w, "\nencoding %s\n", c.Encoding); err != nil {
+			return nil
+		}
+	}
+
 	if _, err = fmt.Fprintf(&w, "\n\n%s", c.Message); err != nil {
 		return nil
 	}
 
@@ -84,6 +84,8 @@ readLoop:
 				commit.Committer = &Signature{}
 				commit.Committer.Decode(data)
 				_, _ = payloadSB.Write(line)
+			case "encoding":
+				_, _ = payloadSB.Write(line)
 			case "gpgsig":
 				fallthrough
 			case "gpgsig-sha256": // FIXME: no intertop, so only 1 exists at present.
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,12 @@ func convertPGPSignature(c object.Commit) CommitGPGSignature {`
`47`	`47`	`return nil`
`48`	`48`	`}`
`49`	`49`
	`50`	`+ if c.Encoding != "" && c.Encoding != "UTF-8" {`
	`51`	`+ if _, err = fmt.Fprintf(&w, "\nencoding %s\n", c.Encoding); err != nil {`
	`52`	`+ return nil`
	`53`	`+ }`
	`54`	`+ }`
	`55`	`+`
`50`	`56`	`if _, err = fmt.Fprintf(&w, "\n\n%s", c.Message); err != nil {`
`51`	`57`	`return nil`
`52`	`58`	`}`