From a5b4720b91ffbc4e233695c4b0ca26ac31946a0d Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Tue, 9 Nov 2021 18:42:58 +0800
Subject: [PATCH] Update `User` model comments about permissions (#17583)

---
 models/user.go | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/models/user.go b/models/user.go
index dbd4f12b8a7..dde5d0e180f 100644
--- a/models/user.go
+++ b/models/user.go
@@ -131,14 +131,21 @@ type User struct {
 	// Maximum repository creation limit, -1 means use global default
 	MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1"`
 
-	// Permissions
-	IsActive                bool `xorm:"INDEX"` // Activate primary email
-	IsAdmin                 bool
-	IsRestricted            bool `xorm:"NOT NULL DEFAULT false"`
+	// IsActive true: primary email is activated, user can access Web UI and Git SSH.
+	// false: an inactive user can only log in Web UI for account operations (ex: activate the account by email), no other access.
+	IsActive bool `xorm:"INDEX"`
+	// the user is a Gitea admin, who can access all repositories and the admin pages.
+	IsAdmin bool
+	// true: the user is only allowed to see organizations/repositories that they has explicit rights to.
+	// (ex: in private Gitea instances user won't be allowed to see even organizations/repositories that are set as public)
+	IsRestricted bool `xorm:"NOT NULL DEFAULT false"`
+
 	AllowGitHook            bool
 	AllowImportLocal        bool // Allow migrate repository by local path
 	AllowCreateOrganization bool `xorm:"DEFAULT true"`
-	ProhibitLogin           bool `xorm:"NOT NULL DEFAULT false"`
+
+	// true: the user is not allowed to log in Web UI. Git/SSH access could still be allowed (please refer to Git/SSH access related code/documents)
+	ProhibitLogin bool `xorm:"NOT NULL DEFAULT false"`
 
 	// Avatar
 	Avatar          string `xorm:"VARCHAR(2048) NOT NULL"`