gc-1100-security-acl-anable-dev

resource/locales/en-US/translation.json

@@ -298,6 +298,7 @@
 		"Selecting authentication mechanism": "Selecting authentication mechanism",
 		"common_authentication": "If you set the basic authentication, common authentication is applied on the whole page.",
 		"without_encryption": "Please be noted that your ID and Password will be sent wihtout encryption.",
+		"basic_acl_disable": "Because of Public Wiki  setting, basic authentication can not be used.",
 		"users_without_account": "Users without account is not accessible",
     "example": "Example",
     "restrict_emails": "You can restrict registerable e-mail address.",

resource/locales/ja/translation.json

@@ -317,6 +317,7 @@
     "Selecting authentication mechanism": "認証機構選択",
     "common_authentication": "Basic認証を設定すると、ページ全体に共通の認証がかかります。",
     "without_encryption": "IDとパスワードは暗号化されずに送信されるのでご注意下さい。",
+    "basic_acl_disable": "Public Wiki の設定のため、Basic認証は利用できません。",
     "users_without_account": "アカウントを持たないユーザーはアクセス不可",
     "example": "例",
     "restrict_emails": "登録可能なメールアドレスを制限することができます。",

src/server/models/config.js

@@ -48,13 +48,18 @@ module.exports = function(crowi) {
    */
   function getDefaultCrowiConfigs() {
     /* eslint-disable key-spacing */
+    let securityRestrictGuestMode = SECURITY_RESTRICT_GUEST_MODE_DENY;
+    if (process.env.ACL_ENABLE) {
+      securityRestrictGuestMode = SECURITY_RESTRICT_GUEST_MODE_READONLY;
+    }
+
     return {
       //'app:installed'     : "0.0.0",
       'app:confidential'  : '',
 
       'app:fileUpload'    : false,
 
-      'security:restrictGuestMode'      : 'Deny',
+      'security:restrictGuestMode'      : securityRestrictGuestMode,
 
       'security:registrationMode'      : 'Open',
       'security:registrationWhiteList' : [],

src/server/routes/admin.js

@@ -104,7 +104,8 @@ module.exports = function(crowi, app) {
   actions.security = {};
   actions.security.index = function(req, res) {
     const settingForm = Config.setupCofigFormData('crowi', req.config);
-    return res.render('admin/security', { settingForm });
+    const acl_enable = process.env.ACL_ENABLE;
+    return res.render('admin/security', { settingForm, acl_enable });
   };
 
   // app.get('/admin/markdown'                  , admin.markdown.index);
@@ -1030,6 +1031,19 @@ module.exports = function(crowi, app) {
 
   actions.api.securitySetting = function(req, res) {
     const form = req.form.settingForm;
+    if (!process.env.ACL_ENABLE) {
+      const guestMode = form['security:restrictGuestMode'];
+      if ( guestMode == 'Deny' ) {
+        // TODO エラーメッセージがクライアント画面から消えない
+        req.form.errors.push('Private Wikiへの設定変更はできません。');
+        return res.json({status: false, message: req.form.errors.join('\n')});
+        /*
+        req.form.errors.push('Private Wikiへの設定変更はできません。');
+        req.flash('errorMessage', req.form.errors);
+        return res.redirect('/admin/security');
+        */
+      }
+    }
 
     if (req.form.isValid) {
       debug('form content', form);

src/server/views/admin/security.html

@@ -43,17 +43,21 @@
           <div class="form-group">
             <label for="settingForm[security:registrationMode]" class="col-xs-3 control-label">{{ t('Basic authentication') }}</label>
             <div class="col-xs-3">
-              <label for="">ID</label>
-              <input class="form-control" type="text" name="settingForm[security:basicName]"   value="{{ settingForm['security:basicName']|default('') }}">
+              <label for="">ID{{acl_enable}}</label>
+              <input class="form-control" type="text" name="settingForm[security:basicName]"   value="{{ settingForm['security:basicName']|default('') }}" {% if acl_enable == 'false' %}readonly{% endif%}>
             </div>
             <div class="col-xs-3">
               <label for="">{{ t('Password') }}</label>
-              <input class="form-control" type="text" name="settingForm[security:basicSecret]" value="{{ settingForm['security:basicSecret']|default('') }}">
+              <input class="form-control" type="text" name="settingForm[security:basicSecret]" value="{{ settingForm['security:basicSecret']|default('') }}" {% if acl_enable  == 'false'  %}readonly{% endif%}>
             </div>
             <div class="col-xs-offset-3 col-xs-9">
               <p class="help-block">
-                {{ t("security_setting.common_authentication") }}<br>
-                {{ t("security_setting.without_encryption") }}<br>
+                {% if acl_enable == 'false' %}
+                  {{ t("security_setting.basic_acl_disable") }}<br>
+                {% else %}
+                  {{ t("security_setting.common_authentication") }}<br>
+                  {{ t("security_setting.without_encryption") }}<br>
+                {% endif %}
               </p>
             </div>
           </div>