From 9f2cad9bff38af05c5d01aeb61bfcf66b07b8619 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Mon, 21 Sep 2020 12:07:21 -0600
Subject: [PATCH] exec enabled flag

---
 frontend/src/components/settings/Permissions.vue | 2 +-
 frontend/src/components/settings/UserForm.vue    | 2 +-
 frontend/src/views/settings/Global.vue           | 4 +++-
 http/commands.go                                 | 2 +-
 runner/runner.go                                 | 3 +++
 settings/settings.go                             | 1 +
 6 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/frontend/src/components/settings/Permissions.vue b/frontend/src/components/settings/Permissions.vue
index 59a3dd9b..8f8d9d6e 100644
--- a/frontend/src/components/settings/Permissions.vue
+++ b/frontend/src/components/settings/Permissions.vue
@@ -9,7 +9,7 @@
     <p><input type="checkbox" :disabled="admin" v-model="perm.delete"> {{ $t('settings.perm.delete') }}</p>
     <p><input type="checkbox" :disabled="admin" v-model="perm.download"> {{ $t('settings.perm.download') }}</p>
     <p><input type="checkbox" :disabled="admin" v-model="perm.modify"> {{ $t('settings.perm.modify') }}</p>
-    <p><input type="checkbox" :disabled="admin" v-model="perm.execute"> {{ $t('settings.perm.execute') }}</p>
+    <p v-if="settings.execEnabled"><input type="checkbox" :disabled="admin" v-model="perm.execute"> {{ $t('settings.perm.execute') }}</p>
     <p><input type="checkbox" :disabled="admin" v-model="perm.rename"> {{ $t('settings.perm.rename') }}</p>
     <p><input type="checkbox" :disabled="admin" v-model="perm.share"> {{ $t('settings.perm.share') }}</p>
   </div>
diff --git a/frontend/src/components/settings/UserForm.vue b/frontend/src/components/settings/UserForm.vue
index 35a872f8..cb4b9f93 100644
--- a/frontend/src/components/settings/UserForm.vue
+++ b/frontend/src/components/settings/UserForm.vue
@@ -25,7 +25,7 @@
     </p>
 
     <permissions :perm.sync="user.perm" />
-    <commands :commands.sync="user.commands" />
+    <commands v-if="settings.execEnabled" :commands.sync="user.commands" />
 
     <div v-if="!isDefault">
       <h3>{{ $t('settings.rules') }}</h3>
diff --git a/frontend/src/views/settings/Global.vue b/frontend/src/views/settings/Global.vue
index a0fbfa8a..0269bc8d 100644
--- a/frontend/src/views/settings/Global.vue
+++ b/frontend/src/views/settings/Global.vue
@@ -14,9 +14,11 @@
         <p class="small">{{ $t('settings.globalRules') }}</p>
         <rules :rules.sync="settings.rules" />
 
+        <div v-if="settings.execEnabled">
         <h3>{{ $t('settings.executeOnShell') }}</h3>
         <p class="small">{{ $t('settings.executeOnShellDescription') }}</p>
         <input class="input input--block" type="text" placeholder="bash -c, cmd /c, ..." v-model="settings.shell" />
+        </div>
 
         <h3>{{ $t('settings.branding') }}</h3>
 
@@ -67,7 +69,7 @@
       </div>
     </form>
 
-    <form class="card" @submit.prevent="save">
+    <form v-if="settings.execEnabled" class="card" @submit.prevent="save">
       <div class="card-title">
         <h2>{{ $t('settings.commandRunner') }}</h2>
       </div>
diff --git a/http/commands.go b/http/commands.go
index cdb5ea1e..2c9a8bb7 100644
--- a/http/commands.go
+++ b/http/commands.go
@@ -59,7 +59,7 @@ var commandsHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *d
 		}
 	}
 
-	if !d.user.CanExecute(strings.Split(raw, " ")[0]) {
+	if !d.Settings.ExecEnabled || !d.user.CanExecute(strings.Split(raw, " ")[0]) {
 		if err := conn.WriteMessage(websocket.TextMessage, cmdNotAllowed); err != nil { //nolint:shadow
 			wsErr(conn, r, http.StatusInternalServerError, err)
 		}
diff --git a/runner/runner.go b/runner/runner.go
index b281ec28..2a8a75d1 100644
--- a/runner/runner.go
+++ b/runner/runner.go
@@ -18,6 +18,9 @@ type Runner struct {
 
 // RunHook runs the hooks for the before and after event.
 func (r *Runner) RunHook(fn func() error, evt, path, dst string, user *users.User) error {
+	if !r.Settings.ExecEnabled {
+		return nil
+	}
 	path = user.FullPath(path)
 	dst = user.FullPath(dst)
 
diff --git a/settings/settings.go b/settings/settings.go
index c6dbb0f9..8bc72a60 100644
--- a/settings/settings.go
+++ b/settings/settings.go
@@ -18,6 +18,7 @@ type Settings struct {
 	Defaults      UserDefaults        `json:"defaults"`
 	AuthMethod    AuthMethod          `json:"authMethod"`
 	Branding      Branding            `json:"branding"`
+	ExecEnabled   bool                `json:"execEnabled"`
 	Commands      map[string][]string `json:"commands"`
 	Shell         []string            `json:"shell"`
 	Rules         []rules.Rule        `json:"rules"`