private wiki only option

README.md

@@ -172,6 +172,8 @@ Environment Variables
     * MONGO_GRIDFS_TOTAL_LIMIT: Total capacity limit of MongoDB GridFS (bytes). default: `Infinity`
     * SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS: If `true`, the system uses only the value of the environment variable as the value of the SAML option that can be set via the environment variable.
     * PUBLISH_OPEN_API: Publish GROWI OpenAPI resources with [ReDoc](https://github.com/Rebilly/ReDoc). Visit `/api-docs`.
+    * PUBLIC_WIKI_ONLY: Enable to make wiki public only.
+    * PRIVATE_WIKI_ONLY: Enable to make wiki private only.
 * **Option to integrate with external systems**
     * HACKMD_URI: URI to connect to [HackMD(CodiMD)](https://hackmd.io/) server.
         * **This server must load the GROWI agent. [Here's how to prepare it](https://docs.growi.org/guide/admin-cookbook/integrate-with-hackmd.html).**

config/env.dev.js

@@ -14,4 +14,5 @@ module.exports = {
   // USER_UPPER_LIMIT: 0,
   // DEV_HTTPS: true,
   // PUBLIC_WIKI_ONLY: true,
+  // PRIVATE_WIKI_ONLY: true,
 };

src/server/models/config.js

@@ -40,6 +40,7 @@ module.exports = function(crowi) {
       'app:fileUpload'    : false,
       'app:globalLang'    : 'en-US',
 
+      'security:disableGuestModeOption' : false,
       'security:restrictGuestMode'      : 'Deny',
 
       'security:registrationMode'      : 'Open',

src/server/routes/admin.js

@@ -104,7 +104,19 @@ module.exports = function(crowi, app) {
 
   // app.get('/admin/security'                  , admin.security.index);
   actions.security = {};
-  actions.security.index = function(req, res) {
+  actions.security.index = async function(req, res) {
+    const privateWikiOnly = !!process.env.PRIVATE_WIKI_ONLY;
+    const publicWikiOnly = !!process.env.PUBLIC_WIKI_ONLY;
+    // enable GuestModeOption only when privateWikiOnly AND publicWikiOnly are false/undefined
+    const enableGuestModeOption = !(privateWikiOnly || publicWikiOnly);
+
+    const disableGuestModeOption = configManager.getConfig('crowi', 'security:disableGuestModeOption');
+
+    // if equal, disableGuestModeOption needs to be updated
+    if (enableGuestModeOption === disableGuestModeOption) {
+      await configManager.updateConfigsInTheSameNamespace('crowi', { 'security:disableGuestModeOption': !enableGuestModeOption });
+    }
+
     return res.render('admin/security');
   };
 

src/server/service/acl.js

@@ -21,7 +21,17 @@ class AclService {
     return !!publicWikiOnly;
   }
 
+  getIsPrivateWikiOnly() {
+    const privateWikiOnly = process.env.PRIVATE_WIKI_ONLY;
+    return !!privateWikiOnly;
+  }
+
   getIsGuestAllowedToRead() {
+    // return false if private wiki mode
+    if (this.getIsPrivateWikiOnly()) {
+      return false;
+    }
+
     // return true if puclic wiki mode
     if (this.getIsPublicWikiOnly()) {
       return true;

src/server/views/admin/security.html

@@ -45,8 +45,9 @@
             <div class="col-xs-6">
               <select class="form-control selectpicker" name="settingForm[security:restrictGuestMode]" value="{{ getConfig('crowi', 'security:restrictGuestMode') }}">
                 {% for modeValue, modeLabel in consts.restrictGuestMode %}
-                <option value="{{ t(modeValue) }}" {% if modeValue == getConfig('crowi', 'security:restrictGuestMode') %}selected{% endif %} >{{ t(modeLabel) }}</option>
+                <option value="{{ t(modeValue) }}" {% if modeValue == getConfig('crowi', 'security:restrictGuestMode') %}selected{% endif %} {% if getConfig('crowi', 'security:disableGuestModeOption') %}disabled{% endif %}>{{ t(modeLabel) }}</option>
                 {% endfor %}
+                <option value="{{ getConfig('crowi', 'security:restrictGuestMode') }}" {% if getConfig('crowi', 'security:disableGuestModeOption') %}selected{% endif %} style="display:none;"> Public/Private Wiki Only is Enabled </option>
               </select>
             </div>
           </div>