feat: add additional admin users subcommands (#842)

## Summary Adds admin user management commands to the tea CLI, enabling admins to create, edit, and delete user accounts. ## Features Added ### Admin User Management Commands - **Create users**: `tea admin users create` - Create new user accounts with configurable options - **Edit users**: `tea admin users edit <username>` - Update user properties including password, permissions, and profile settings - **Delete users**: `tea admin users delete <username>` - Remove user accounts with confirmation prompt ### Implementation Details #### Create Command (`admin users create`) - Required: username - Optional: email, full name, password - Flags: admin, restricted, prohibit-login, visibility - Password input: command-line flag, file, stdin, or interactive prompt with confirmation - Default: users must change password on first login (use `--no-must-change-password` to skip) - Post-creation updates for admin/restricted/prohibit-login (not available during creation) #### Edit Command (`admin users edit`) - Updates only explicitly provided fields (partial updates) - Password change support with the same input methods as create - Editable fields: - Profile: email, full name, description, website, location - Permissions: admin/restricted/active status - Settings: visibility, max repo creation limits - Advanced: git hooks, local imports, organization creation - Default: password changes require password change on next login (use `--no-must-change-password` to skip) #### Delete Command (`admin users delete`) - Confirmation prompt by default - `--confirm` flag to skip confirmation - Displays user details before deletion ### Security Features - Secure password input via interactive prompts (hidden input) - Multiple password input methods: flag, file, stdin, interactive - Password confirmation for interactive mode - Whitespace trimming for file/stdin inputs ### Password Input Methods 1. **Command-line flag**: `--password <value>` 2. **File input**: `--password-file <file>` - Read from file 3. **Stdin input**: `--password-stdin` - Read from stdin 4. **Interactive prompt**: Automatically prompts if password not provided (with confirmation) For edit command: Use `--password=""` to trigger interactive prompt. ## Usage Examples ```bash # Create a new user tea admin users create --username john --email john@example.com --admin --no-must-change-password # Create with interactive password prompt tea admin users create jane --email jane@example.com # Edit user properties tea admin users edit john --email newemail@example.com --restricted # Change user password (will prompt if not provided) tea admin users edit john --password="" tea admin users edit john --password-file /path/to/password.txt # Delete a user (with confirmation) tea admin users delete olduser # Delete without confirmation tea admin users delete olduser --confirm ``` ## Related Issue Resolves #161 ## Testing - Unit tests for all commands - Flag validation and default value tests - Password input method tests (file, stdin, interactive) - Test coverage for all user option structures - Confirmation logic tests for delete command ## Technical Details - Uses Gitea SDK `AdminCreateUser`, `AdminEditUser`, and `AdminDeleteUser` APIs - Follows existing tea CLI patterns and conventions - Handles fields not available during creation via post-creation updates - Partial update support for edit command (only updates explicitly set fields) - Consistent with other tea commands (webhooks, secrets) in password handling and confirmation patterns All tests pass and the implementation integrates with existing tea CLI infrastructure. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/842 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: ghainer <gehainer@gmail.com> Co-committed-by: ghainer <gehainer@gmail.com>
2026-05-15 20:29:22 +02:00 · 2026-05-02 23:50:36 +00:00
parent 9d6ae4bf02
commit 22ff601988
7 changed files with 955 additions and 0 deletions
--- a/docs/CLI.md
+++ b/docs/CLI.md
@@ -2029,6 +2029,116 @@ List Users

 **--repo, -r**="": Override local repository path or gitea repository slug to interact with. Optional

+#### create, add, new
+
+Create a new user
+
+**--admin**: Make the user an administrator
+
+**--email, -e**="": Email address for the new user (required)
+
+**--full-name**="": Full name for the new user
+
+**--login, -l**="": Use a different Gitea Login. Optional
+
+**--no-must-change-password**: Don't require the user to change password on first login (default: password change required)
+
+**--output, -o**="": Output format. (simple, table, csv, tsv, yaml, json)
+
+**--password, -p**="": Password for the new user (will prompt if not provided)
+
+**--password-file**="": Read password from file
+
+**--password-stdin**: Read password from stdin
+
+**--prohibit-login**: Prohibit the user from logging in
+
+**--remote, -R**="": Discover Gitea login from remote. Optional
+
+**--repo, -r**="": Override local repository path or gitea repository slug to interact with. Optional
+
+**--restricted**: Make the user restricted
+
+**--username, -u**="": Username for the new user (required)
+
+**--visibility**="": Visibility of the user profile (public, limited, private) (default: "public")
+
+#### edit, update, e, u
+
+Edit a user
+
+**--active**: Activate the user
+
+**--admin**: Make the user an administrator
+
+**--allow-create-organization**: Allow the user to create organizations
+
+**--allow-git-hook**: Allow the user to use git hooks
+
+**--allow-import-local**: Allow the user to import local repositories
+
+**--allow-login**: Allow the user to log in
+
+**--description**="": User description
+
+**--email, -e**="": Email address
+
+**--full-name**="": Full name
+
+**--inactive**: Deactivate the user
+
+**--location**="": Location
+
+**--login, -l**="": Use a different Gitea Login. Optional
+
+**--max-repo-creation**="": Maximum number of repositories the user can create (-1 for unlimited) (default: 0)
+
+**--no-admin**: Remove administrator status
+
+**--no-allow-create-organization**: Disallow the user from creating organizations
+
+**--no-allow-git-hook**: Disallow the user from using git hooks
+
+**--no-allow-import-local**: Disallow the user from importing local repositories
+
+**--no-must-change-password**: Don't require the user to change password on next login (default: password change required)
+
+**--no-restricted**: Remove restricted status
+
+**--output, -o**="": Output format. (simple, table, csv, tsv, yaml, json)
+
+**--password**="": New password (use empty value --password="" to trigger interactive prompt)
+
+**--password-file**="": Read password from file
+
+**--password-stdin**: Read password from stdin
+
+**--prohibit-login**: Prohibit the user from logging in
+
+**--remote, -R**="": Discover Gitea login from remote. Optional
+
+**--repo, -r**="": Override local repository path or gitea repository slug to interact with. Optional
+
+**--restricted**: Make the user restricted
+
+**--visibility**="": Visibility of the user profile (public, limited, private)
+
+**--website**="": Website URL
+
+#### delete, rm, remove
+
+Delete a user
+
+**--confirm, -y**: confirm deletion without prompting
+
+**--login, -l**="": Use a different Gitea Login. Optional
+
+**--output, -o**="": Output format. (simple, table, csv, tsv, yaml, json)
+
+**--remote, -R**="": Discover Gitea login from remote. Optional
+
+**--repo, -r**="": Override local repository path or gitea repository slug to interact with. Optional
+
 ## api

 Make an authenticated API request