Skip to content

Allow admins to rename non-local users #35970

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow admins to rename non-local users #35970

wants to merge 1 commit into from
+17 −17

Conversation

@meln5674
Copy link

@meln5674 meln5674 commented Nov 17, 2025

Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user results in an error, even if the requester is an administrator. As far as I can tell, this is a security feature, not architectural in nature, as automatic account linking could be used to take control of another user's account. This is not a concern for an administrator, who we should trust to know what they are doing.

This patch allows admins, and only admins, to rename non-local users.

Fixes #18308 (sort of)

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 17, 2025
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files labels Nov 17, 2025
wxiaoguang
wxiaoguang approved these changes Nov 17, 2025
View reviewed changes
Copy link
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's better to add a test to cover the new behavior

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 17, 2025
delvh
delvh approved these changes Nov 17, 2025
View reviewed changes
Copy link
Member

@delvh delvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, given the following:
I think the second reason why this was disabled is also that it leads to desync between online data and the local data.
I am not sure if or when data is synced, and what will happen in this case.
Additionally, this means there is no way to reset it back to the online state.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 17, 2025
@lunny lunny added this to the 1.26.0 milestone Nov 17, 2025
@meln5674
Copy link
Author

meln5674 commented Nov 18, 2025

It's better to add a test to cover the new behavior

Can do, will take a look at that tomorrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wxiaoguang wxiaoguang wxiaoguang approved these changes

@delvh delvh delvh approved these changes

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

Can't change username from non-local users

5 participants

@meln5674 @wxiaoguang @delvh @lunny @GiteaBot