feat(be): add config options

api/login.go

@@ -205,14 +205,16 @@ type loginMetadataOidcProvider struct {
 }
 
 type loginMetadata struct {
-	OidcProviders []loginMetadataOidcProvider `json:"oidc_providers"`
+	OidcProviders     []loginMetadataOidcProvider `json:"oidc_providers"`
+	LoginWithPassword bool                        `json:"login_with_password"`
 }
 
 // nolint: gocyclo
 func login(w http.ResponseWriter, r *http.Request) {
 	if r.Method == "GET" {
 		config := &loginMetadata{
-			OidcProviders: make([]loginMetadataOidcProvider, len(util.Config.OidcProviders)),
+			OidcProviders:     make([]loginMetadataOidcProvider, len(util.Config.OidcProviders)),
+			LoginWithPassword: !util.Config.PasswordLoginDisable,
 		}
 		i := 0
 		for k, v := range util.Config.OidcProviders {

api/projects/projects.go

@@ -4,6 +4,7 @@ import (
 	log "github.com/Sirupsen/logrus"
 	"github.com/ansible-semaphore/semaphore/api/helpers"
 	"github.com/ansible-semaphore/semaphore/db"
+	"github.com/ansible-semaphore/semaphore/util"
 	"net/http"
 
 	"github.com/gorilla/context"
@@ -29,7 +30,7 @@ func AddProject(w http.ResponseWriter, r *http.Request) {
 
 	user := context.Get(r, "user").(*db.User)
 
-	if !user.Admin {
+	if !user.Admin && !util.Config.NonAdminCanCreateProject {
 		log.Warn(user.Username + " is not permitted to edit users")
 		w.WriteHeader(http.StatusUnauthorized)
 		return

util/config.go

@@ -105,6 +105,11 @@ type ConfigType struct {
 	// Default path is ~/.ssh/config.
 	SshConfigPath string `json:"ssh_config_path"`
 
+	GitClientId GitClientId `json:"git_client"`
+
+	// web host
+	WebHost string `json:"web_host"`
+
 	// cookie hashing & encryption
 	CookieHash       string `json:"cookie_hash"`
 	CookieEncryption string `json:"cookie_encryption"`
@@ -114,45 +119,41 @@ type ConfigType struct {
 	AccessKeyEncryption string `json:"access_key_encryption"`
 
 	// email alerting
+	EmailAlert    bool   `json:"email_alert"`
 	EmailSender   string `json:"email_sender"`
 	EmailHost     string `json:"email_host"`
 	EmailPort     string `json:"email_port"`
 	EmailUsername string `json:"email_username"`
 	EmailPassword string `json:"email_password"`
-
-	// web host
-	WebHost string `json:"web_host"`
+	EmailSecure   bool   `json:"email_secure"`
 
 	// ldap settings
+	LdapEnable       bool         `json:"ldap_enable"`
 	LdapBindDN       string       `json:"ldap_binddn"`
 	LdapBindPassword string       `json:"ldap_bindpassword"`
 	LdapServer       string       `json:"ldap_server"`
 	LdapSearchDN     string       `json:"ldap_searchdn"`
 	LdapSearchFilter string       `json:"ldap_searchfilter"`
 	LdapMappings     ldapMappings `json:"ldap_mappings"`
+	LdapNeedTLS      bool         `json:"ldap_needtls"`
 
-	// oidc settings
-	OidcProviders map[string]oidcProvider `json:"oidc_providers"`
-
-	// telegram alerting
+	// telegram and slack alerting
+	TelegramAlert bool   `json:"telegram_alert"`
 	TelegramChat  string `json:"telegram_chat"`
 	TelegramToken string `json:"telegram_token"`
+	SlackAlert    bool   `json:"slack_alert"`
 	SlackUrl      string `json:"slack_url"`
 
+	// oidc settings
+	OidcProviders map[string]oidcProvider `json:"oidc_providers"`
+
 	// task concurrency
 	MaxParallelTasks int `json:"max_parallel_tasks"`
 
 	// feature switches
-	EmailAlert           bool `json:"email_alert"`
-	EmailSecure          bool `json:"email_secure"`
-	TelegramAlert        bool `json:"telegram_alert"`
-	SlackAlert           bool `json:"slack_alert"`
-	LdapEnable           bool `json:"ldap_enable"`
-	LdapNeedTLS          bool `json:"ldap_needtls"`
-	PasswordLoginDisable bool `json:"password_login_disable"`
-	DemoMode             bool `json:"demo_mode"`
-
-	GitClientId GitClientId `json:"git_client"`
+	DemoMode                 bool `json:"demo_mode"` // Deprecated, will be deleted soon
+	PasswordLoginDisable     bool `json:"password_login_disable"`
+	NonAdminCanCreateProject bool `json:"non_admin_can_create_project"`
 }
 
 // Config exposes the application configuration storage for use in the application

web/src/views/Auth.vue

@@ -90,6 +90,7 @@
           :rules="[v => !!v || $t('username_required')]"
           required
           :disabled="signInProcess"
+          v-if="loginWithPassword"
         ></v-text-field>
 
         <v-text-field
@@ -101,13 +102,15 @@
           :disabled="signInProcess"
           @keyup.enter.native="signIn"
           style="margin-bottom: 20px;"
+          v-if="loginWithPassword"
         ></v-text-field>
 
         <v-btn
           color="primary"
           @click="signIn"
           :disabled="signInProcess"
           block
+          v-if="loginWithPassword"
         >
           {{ $t('signIn') }}
         </v-btn>
@@ -152,6 +155,7 @@ export default {
       loginHelpDialog: null,
 
       oidcProviders: [],
+      loginWithPassword: null,
     };
   },
 
@@ -165,6 +169,7 @@ export default {
       responseType: 'json',
     }).then((resp) => {
       this.oidcProviders = resp.data.oidc_providers;
+      this.loginWithPassword = resp.data.login_with_password;
     });
   },
 

web/src/views/project/Settings.vue

@@ -3,7 +3,7 @@
     <YesNoDialog
       v-model="deleteProjectDialog"
       :title="$t('deleteProject')"
-      text="$t('askDeleteProj')"
+      :text="$t('askDeleteProj')"
       @yes="deleteProject()"
     />