default IsRestricted permission only set on sign up

setting this in the model messes with other workflows (e.g. syncing LDAP users) where the IsRestricted permission needs to be explicitly set and not overridden by a config value

Author: rjnienaber

integrations/signup_test.go

@@ -33,6 +33,25 @@ func TestSignup(t *testing.T) {
 	MakeRequest(t, req, http.StatusOK)
 }
 
+func TestSignupAsRestricted(t *testing.T) {
+	defer prepareTestEnv(t)()
+
+	setting.Service.EnableCaptcha = false
+	setting.Service.DefaultUserIsRestricted = true
+
+	req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
+		"user_name": "restrictedUser",
+		"email":     "restrictedUser@example.com",
+		"password":  "examplePassword!1",
+		"retype":    "examplePassword!1",
+	})
+	MakeRequest(t, req, http.StatusFound)
+
+	// should be able to view new user's page
+	req = NewRequest(t, "GET", "/restrictedUser")
+	MakeRequest(t, req, http.StatusOK)
+}
+
 func TestSignupEmail(t *testing.T) {
 	defer prepareTestEnv(t)()
 

models/user.go

@@ -843,7 +843,6 @@ func CreateUser(u *User) (err error) {
 	}
 	u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation
 	u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
-	u.IsRestricted = setting.Service.DefaultUserIsRestricted
 	u.MaxRepoCreation = -1
 	u.Theme = setting.UI.DefaultTheme
 

models/user_test.go

@@ -322,28 +322,6 @@ func TestCreateUser(t *testing.T) {
 	assert.NoError(t, DeleteUser(user))
 }
 
-func TestCreateUserWithRestrictedUserByDefault(t *testing.T) {
-	user := &User{
-		Name:               "GiteaBot",
-		Email:              "GiteaBot@gitea.io",
-		Passwd:             ";p['////..-++']",
-		IsAdmin:            false,
-		Theme:              setting.UI.DefaultTheme,
-		MustChangePassword: false,
-	}
-
-	setting.Service.DefaultUserIsRestricted = true
-
-	assert.NoError(t, CreateUser(user))
-
-	savedUser, err := GetUserByEmail(user.Email)
-	assert.NoError(t, err)
-
-	assert.Equal(t, savedUser.IsRestricted, true)
-
-	assert.NoError(t, DeleteUser(savedUser))
-}
-
 func TestCreateUserInvalidEmail(t *testing.T) {
 	user := &User{
 		Name:               "GiteaBot",

routers/web/user/auth.go

@@ -1204,10 +1204,11 @@ func SignUpPost(ctx *context.Context) {
 	}
 
 	u := &models.User{
-		Name:     form.UserName,
-		Email:    form.Email,
-		Passwd:   form.Password,
-		IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
+		Name:         form.UserName,
+		Email:        form.Email,
+		Passwd:       form.Password,
+		IsActive:     !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
+		IsRestricted: setting.Service.DefaultUserIsRestricted,
 	}
 
 	if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) {