If an attacker gains access to the webinterface, they can delete repositories without any further confirmation or authentication. This pull request adds an option that can be set with an environment variable to disable deletion.
I tried removing the button as well in the interface, but unfortunately was not able to, as I am not very proficient with node.js. Feel free to edit the PR, if you would like to hide the button or change it to a text saying that it its disabled.
If an attacker gains access to the webinterface, they can delete repositories without any further confirmation or authentication. This pull request adds an option that can be set with an environment variable to disable deletion.
I tried removing the button as well in the interface, but unfortunately was not able to, as I am not very proficient with node.js. Feel free to edit the PR, if you would like to hide the button or change it to a text saying that it its disabled.