新增注册runner权限管理

2025-11-11 10:17:35 +08:00
--- a/repo.diff.view_file
+++ b/repo.diff.view_file
@@ -125,6 +125,7 @@ type User struct {
 	AllowImportLocal        bool // Allow migrate repository by local path
 	AllowCreateOrganization bool `xorm:"DEFAULT true"`
 	AllowCreateDevcontainer bool `xorm:"DEFAULT false"`
+	AllowCreateActRunner    bool `xorm:"DEFAULT false"`

 	// true: the user is not allowed to log in Web UI. Git/SSH access could still be allowed (please refer to Git/SSH access related code/documents)
 	ProhibitLogin bool `xorm:"NOT NULL DEFAULT false"`
@@ -274,6 +275,11 @@ func (u *User) CanCreateDevcontainer() bool {
 	return u.AllowCreateDevcontainer
 }

+// CanCreateActrunner returns true if user can create organisation.
+func (u *User) CanCreateActrunner() bool {
+	return u.AllowCreateActRunner
+}
+
 // CanEditGitHook returns true if user can edit Git hooks.
 func (u *User) CanEditGitHook() bool {
 	return !setting.DisableGitHooks && (u.IsAdmin || u.AllowGitHook)
@@ -640,6 +646,7 @@ type CreateUserOverwriteOptions struct {
 	Visibility                   *structs.VisibleType
 	AllowCreateOrganization      optional.Option[bool]
 	AllowCreateDevcontainer      optional.Option[bool]
+	AllowCreateActRunner         optional.Option[bool]
 	EmailNotificationsPreference *string
 	MaxRepoCreation              *int
 	Theme                        *string
--- a/models/user/user_system.go
+++ b/models/user/user_system.go
@@ -59,6 +59,7 @@ func NewActionsUser() *User {
 		Type:                    UserTypeBot,
 		AllowCreateOrganization: true,
 		AllowCreateDevcontainer: false,
+		AllowCreateActRunner:    false,
 		Visibility:              structs.VisibleTypePublic,
 	}
 }
--- a/modules/structs/admin_user.go
+++ b/modules/structs/admin_user.go
@@ -55,6 +55,7 @@ type EditUserOption struct {
 	ProhibitLogin           *bool   `json:"prohibit_login"`
 	AllowCreateOrganization *bool   `json:"allow_create_organization"`
 	AllowCreateDevcontainer *bool   `json:"allow_create_devcontainer"`
+	AllowCreateActRunner    *bool   `json:"allow_create_actrunner"`
 	Restricted              *bool   `json:"restricted"`
 	Visibility              string  `json:"visibility" binding:"In(,public,limited,private)"`
 }
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -363,8 +363,10 @@ default_keep_email_private = Hide Email Addresses by Default
 default_keep_email_private_popup = Hide email addresses of new user accounts by default.
 default_allow_create_organization = Allow Creation of Organizations by Default
 default_allow_create_devcontainer = Allow Creation of DevContainers by Default
+default_allow_create_actrunner = Allow Creation of ActRunners by Default
 default_allow_create_organization_popup = Allow new user accounts to create organizations by default.
 default_allow_create_devcontainer_popup = Allow new user accounts to create devcontainers by default.
+default_allow_create_actrunner_popup = Allow new user accounts to create actrunner by default.
 default_enable_timetracking = Enable Time Tracking by Default
 default_enable_timetracking_popup = Enable time tracking for new repositories by default.
 no_reply_address = Hidden Email Domain
@@ -3162,6 +3164,7 @@ users.allow_git_hook_tooltip = Git Hooks are executed as the OS user running Git
 users.allow_import_local = May Import Local Repositories
 users.allow_create_organization = May Create Organizations
 users.allow_create_devcontainer= May Create Devcontainers
+users.allow_create_actrunner= May Create ActRunners
 users.update_profile = Update User Account
 users.delete_account = Delete User Account
 users.cannot_delete_self = "You cannot delete yourself"
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -3152,6 +3152,7 @@ users.allow_git_hook_tooltip=Git 钩子将会以操作系统用户运行，拥
 users.allow_import_local=允许导入本地仓库
 users.allow_create_organization=允许创建组织
 users.allow_create_devcontainer=允许创建开发容器
+users.allow_create_actrunner=允许创建运行器
 users.update_profile=更新帐户
 users.delete_account=删除帐户
 users.cannot_delete_self=您不能删除自己
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -246,6 +246,7 @@ func EditUser(ctx *context.APIContext) {
 		MaxRepoCreation:         optional.FromPtr(form.MaxRepoCreation),
 		AllowCreateOrganization: optional.FromPtr(form.AllowCreateOrganization),
 		AllowCreateDevcontainer: optional.FromPtr(form.AllowCreateDevcontainer),
+		AllowCreateActRunner:    optional.FromPtr(form.AllowCreateActRunner),
 		IsRestricted:            optional.FromPtr(form.Restricted),
 	}

--- a/services/forms/admin.go
+++ b/services/forms/admin.go
@@ -50,6 +50,7 @@ type AdminEditUserForm struct {
 	AllowImportLocal        bool
 	AllowCreateOrganization bool
 	AllowCreateDevcontainer bool
+	AllowCreateActRunner    bool
 	ProhibitLogin           bool
 	Reset2FA                bool `form:"reset_2fa"`
 	Visibility              structs.VisibleType
--- a/services/runners/runners.go
+++ b/services/runners/runners.go
@@ -40,6 +40,7 @@ func checkK8sIsEnable() bool {

 func RegistRunner(ctx context.Context, token string) error {
 	log.Info("开始注册Runner...")
+
 	var err error
 	if checkK8sIsEnable() {
 		err = registK8sRunner(ctx, token)
--- a/services/user/update.go
+++ b/services/user/update.go
@@ -52,6 +52,7 @@ type UpdateOptions struct {
 	DiffViewStyle                optional.Option[string]
 	AllowCreateOrganization      optional.Option[bool]
 	AllowCreateDevcontainer      optional.Option[bool]
+	AllowCreateActRunner         optional.Option[bool]
 	IsActive                     optional.Option[bool]
 	IsAdmin                      optional.Option[UpdateOptionField[bool]]
 	EmailNotificationsPreference optional.Option[string]
@@ -170,6 +171,11 @@ func UpdateUser(ctx context.Context, u *user_model.User, opts *UpdateOptions) er

 		cols = append(cols, "allow_create_devcontainer")
 	}
+	if opts.AllowCreateActRunner.Has() {
+		u.AllowCreateActRunner = opts.AllowCreateActRunner.Value()
+
+		cols = append(cols, "allow_create_actrunner")
+	}
 	if opts.RepoAdminChangeTeamAccess.Has() {
 		u.RepoAdminChangeTeamAccess = opts.RepoAdminChangeTeamAccess.Value()

--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -155,6 +155,13 @@
 					</div>
 				</div>

+				<div class="inline field">
+					<div class="ui checkbox">
+						<label><strong>{{ctx.Locale.Tr "admin.users.allow_create_actrunner"}}</strong></label>
+						<input name="allow_create_actrunner" type="checkbox" {{if or (.User.IsAdmin) (.User.AllowCreateActrunner)}}checked{{end}}>
+					</div>
+				</div>
+
 				{{if .TwoFactorEnabled}}
 				<div class="divider"></div>
 				<div class="inline field">