Add option to disallow users from registering any application to use GitLab as an OAuth provideruser-oauth-applications

author: Douwe Maan <douwe@gitlab.com> 2015-05-29 13:29:16 +0200
committer: Douwe Maan <douwe@gitlab.com> 2015-05-29 13:29:16 +0200
commit: 96d6fdc27cc3721ec76b6542a32ae236d5e78956 (patch)
tree: 16f4e0d428caacb21eeae74cead4edb05f5080db /app
parent: 70b29c3576f646371c3a5bee312b921a3053fb70 (diff)
download: gitlab-ce-96d6fdc27cc3721ec76b6542a32ae236d5e78956.tar.gz
6 files changed, 55 insertions, 28 deletions
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 4c35622fff1..5aaae94e6bf 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :default_snippet_visibility,
       :restricted_signup_domains_raw,
       :version_check_enabled,
+      :user_oauth_applications,
       restricted_visibility_levels: [],
     )
   end
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index 507b8290a2b..fc31118124b 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -1,6 +1,8 @@
 class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
+  include Gitlab::CurrentSettings
   include PageLayoutHelper
   
+  before_action :verify_user_oauth_applications_enabled
   before_action :authenticate_user!
 
   layout 'profile'
@@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
 
   private
 
+  def verify_user_oauth_applications_enabled
+    return if current_application_settings.user_oauth_applications?
+
+    redirect_to applications_profile_url
+  end
+
   def set_application
     @application = current_user.oauth_applications.find(params[:id])
   end
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 241d6075c9f..63c3ff5674d 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -19,6 +19,10 @@ module ApplicationSettingsHelper
     current_application_settings.sign_in_text
   end
 
+  def user_oauth_applications?
+    current_application_settings.user_oauth_applications
+  end
+
   # Return a group of checkboxes that use Bootstrap's button plugin for a
   # toggle button effect.
   def restricted_level_checkboxes(help_block_id)
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index d5123249c53..c465158f764 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -18,6 +18,7 @@
 #  default_project_visibility   :integer
 #  default_snippet_visibility   :integer
 #  restricted_signup_domains    :text
+#  user_oauth_applications      :bool             default(TRUE)
 #
 
 class ApplicationSetting < ActiveRecord::Base
diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml
index 4ceae814805..dd8978647c4 100644
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -30,7 +30,7 @@
         .checkbox
           = f.label :twitter_sharing_enabled do
             = f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
-            %strong Twitter enabled
+            Twitter enabled
           %span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
     .form-group
       .col-sm-offset-2.col-sm-10
@@ -83,6 +83,13 @@
       .col-sm-10
         = f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
         .help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
+    .form_group
+      = f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
+      .col-sm-10
+        .checkbox
+          = f.label :user_oauth_applications do
+            = f.check_box :user_oauth_applications
+            Allow users to register any application to use GitLab as an OAuth provider
 
   .form-actions
     = f.submit 'Save', class: 'btn btn-primary'
diff --git a/app/views/profiles/applications.html.haml b/app/views/profiles/applications.html.haml
index c145a9b7f6d..2c4f0804f0b 100644
--- a/app/views/profiles/applications.html.haml
+++ b/app/views/profiles/applications.html.haml
@@ -2,37 +2,43 @@
 %h3.page-title
   = page_title
 %p.light
-  OAuth2 protocol settings below.
+  - if user_oauth_applications?
+    Manage applications that can use GitLab as an OAuth provider, 
+    and applications that you've authorized to use your account.
+  - else
+    Manage applications that you've authorized to use your account.
 %hr
 
-.oauth-applications
-  %h3
-    Your applications
-    .pull-right
-      = link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
-  - if @applications.any?
-    %table.table.table-striped
-      %thead
-        %tr
-          %th Name
-          %th Callback URL
-          %th Clients
-          %th
-          %th
-      %tbody
-        - @applications.each do |application|
-          %tr{:id => "application_#{application.id}"}
-            %td= link_to application.name, oauth_application_path(application)
-            %td
-              - application.redirect_uri.split.each do |uri|
-                %div= uri
-            %td= application.access_tokens.count
-            %td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm'
-            %td= render 'doorkeeper/applications/delete_form', application: application
+- if user_oauth_applications?
+  .oauth-applications
+    %h3
+      Your applications
+      .pull-right
+        = link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
+    - if @applications.any?
+      %table.table.table-striped
+        %thead
+          %tr
+            %th Name
+            %th Callback URL
+            %th Clients
+            %th
+            %th
+        %tbody
+          - @applications.each do |application|
+            %tr{:id => "application_#{application.id}"}
+              %td= link_to application.name, oauth_application_path(application)
+              %td
+                - application.redirect_uri.split.each do |uri|
+                  %div= uri
+              %td= application.access_tokens.count
+              %td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm'
+              %td= render 'doorkeeper/applications/delete_form', application: application
 
 .oauth-authorized-applications.prepend-top-20
-  %h3
-    Authorized applications
+  - if user_oauth_applications?
+    %h3
+      Authorized applications
 
   - if @authorized_tokens.any?
     %table.table.table-striped
author	Douwe Maan <douwe@gitlab.com>	2015-05-29 13:29:16 +0200
committer	Douwe Maan <douwe@gitlab.com>	2015-05-29 13:29:16 +0200
commit	96d6fdc27cc3721ec76b6542a32ae236d5e78956 (patch)
tree	16f4e0d428caacb21eeae74cead4edb05f5080db /app
parent	70b29c3576f646371c3a5bee312b921a3053fb70 (diff)
download	gitlab-ce-96d6fdc27cc3721ec76b6542a32ae236d5e78956.tar.gz