Global configuration to prevent users from deleting their own account

[ghost]

• Gitea version (or commit ref):25d6e2a
• Git version:2.11.2
• Operating system:ubuntu/docker
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

There should be a default admin level configuration to prevent users from deleting their own account.

This has currently led to an issue on our installation, wherein, we use only the SMTP login source.
A user logs in once, admin sets their repo limit to 0.
The user deletes their account and signs back in, this is making the repo setting go back to -1 (unlimited)

This is just one problem.
We do not want any of the users of our ORG to have the ability to delete their own accounts for multiple other reasons as well.

[DblK]

I will try to work on it.
But first, I have some questions:

1. Should it be linked to the authentification Source (Ex with LDAP EDIT)

2. Or more simply add to the user modification page (in admin mode) with default value to prevent deletion

3. Somewhere else?

[ghost]

My vote is for Approach 1

I would also like to suggest Approach 3, have a global variable in app.ini, so that it would apply to every source and prevent account deletion altogether.

Also, IMO, the administrator should have absolute authority over this and hence we should avoid placing any UI configurable element.

[DblK]

I will wait for comments from other members to see which implementation should be done.
The approach 3 sounds good too.

[lunny]

Maybe a global option to disable_user_suicide

[DblK]

When you said global option, you mean inside conf.ini?

[ghost]

I'm currently using the app.ini file to define gobal configuration variables.

[lunny]

@DblK yes

[lunny]

should be resolved by #20549

[lunny]

Fixed by #29275