16 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Gusted
|
2da33aae2d
|
[MODERATION] User blocking
- Add the ability to block a user via their profile page. - This will unstar their repositories and visa versa. - Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations). - Blocked users cannot comment on the doer's opened issues or pull requests. - Blocked users cannot add reactions to doer's comments. - Blocked users cannot cause a notification trough mentioning the doer. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540 (cherry picked from commit 687d852480388897db4d7b0cb397cf7135ab97b1) (cherry picked from commit 0c32a4fde531018f74e01d9db6520895fcfa10cc) (cherry picked from commit 1791130e3cb8470b9b39742e0004d5e4c7d1e64d) (cherry picked from commit 37858b7e8fb6ba6c6ea0ac2562285b3b144efa19) (cherry picked from commit a3e2bfd7e9eab82cc2c17061f6bb4e386a108c46) (cherry picked from commit 7009b9fe87696b6182fab65ae82bf5a25cd39971) Conflicts: https://codeberg.org/forgejo/forgejo/pulls/1014 routers/web/user/profile.go templates/user/profile.tmpl (cherry picked from commit b2aec3479177e725cfc7cbbb9d94753226928d1c) (cherry picked from commit e2f1b73752f6bd3f830297d8f4ac438837471226) [MODERATION] organization blocking a user (#802) - Resolves #476 - Follow up for: #540 - Ensure that the doer and blocked person cannot follow each other. - Ensure that the block person cannot watch doer's repositories. - Add unblock button to the blocked user list. - Add blocked since information to the blocked user list. - Add extra testing to moderation code. - Blocked user will unwatch doer's owned repository upon blocking. - Add flash messages to let the user know the block/unblock action was successful. - Add "You haven't blocked any users" message. - Add organization blocking a user. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802 (cherry picked from commit 0505a1042197bd9136b58bc70ec7400a23471585) (cherry picked from commit 37b4e6ef9b85e97d651cf350c9f3ea272ee8d76a) (cherry picked from commit c17c121f2cf1f00e2a8d6fd6847705df47d0771e) [MODERATION] organization blocking a user (#802) (squash) Changes to adapt to: |
||
Gusted
|
006291bd9c
|
[MODERATION] Purge issues on user deletion
- Forgejo has the option to delete users, in which all data except issues and comments are removed, this makes sense in some cases where users need to be removed cleanly but without removing their existing bug reports or comments to an discussion. In the case of spammers, admins have the option to enable purging, where comments are removed. - Add issues to the list of things to be removed if purge is checked. - No unit testing, as this gigantic function doesn't have one to begin with. - Add integration test. - Resolves https://codeberg.org/forgejo/forgejo/issues/1268 (cherry picked from commit 3ed381c75826ffc6834fd54943f71579c060c16d) (cherry picked from commit 44d00650ce77bd4395892a62a64a90829578c81d) (cherry picked from commit 7f4da82779fa1d761b5fe045d3e0b4b2627638c0) (cherry picked from commit d629314def8e3e6d0f78184aa584fa57ece18bb1) Conflicts: models/fixtures/issue.yml https://codeberg.org/forgejo/forgejo/pulls/1508 (cherry picked from commit 794dcc218f2c0c53028aaf617407d46bddda57f3) (cherry picked from commit c433f2ecb60669e5c8748912b30c0433d5fe507a) (cherry picked from commit bb23683f4b10a504da677843bc2ae2b73ec299c4) (cherry picked from commit 634c5604d430b1b531467783bc70bb4efbee023d) (cherry picked from commit 219073f5c5558e7712039a83754f68b092689963) (cherry picked from commit 32893dbab139e2d238db8c3d7878321c6bdd0cd3) (cherry picked from commit 0ef40cfb5a23d9f654e093ade2668d82ce8d333a) (cherry picked from commit e535409cab3c276fd8db6b402f85934ef5127491) (cherry picked from commit 29059f611b5617d275737996b9e4076a3b0b667e) (cherry picked from commit cd480c5b8b99feed11a3797ab36a697cd0dcc91b) (cherry picked from commit 340e6573924dbd8d69843c69243e6b027c66f166) (cherry picked from commit 3a7a5564d02bde767cb14cbc30e3ca816808f7d6) (cherry picked from commit 1dbcaca726f3cbd777a4965b7414d6b60050ba54) (cherry picked from commit c491c439e28f04fdd0f002ec1403b19933afc7c3) (cherry picked from commit c8fe2140cc15dcffa9bb7c966493707ac23cdb74) (cherry picked from commit c72564e3ee1bd9972d4f7d7a7e1dc34bb8d81299) (cherry picked from commit 2084f3fa113bca751be0689f53dfeb7d059ffb8f) (cherry picked from commit 918e65327da011303ba7dfb3ff6970b8c83f5319) |
||
Earl Warren
|
c7a389f2b2
|
[FEAT] allow setting the update date on issues and comments
This field adds the possibility to set the update date when modifying an issue through the API. A 'NoAutoDate' in-memory field is added in the Issue struct. If the update_at field is set, NoAutoDate is set to true and the Issue's UpdatedUnix field is filled. That information is passed down to the functions that actually updates the database, which have been modified to not auto update dates if requested. A guard is added to the 'EditIssue' API call, to checks that the udpate_at date is between the issue's creation date and the current date (to avoid 'malicious' changes). It also limits the new feature to project's owners and admins. (cherry picked from commit c524d33402c76bc4cccea2806f289e08a009baae) Add a SetIssueUpdateDate() function in services/issue.go That function is used by some API calls to set the NoAutoDate and UpdatedUnix fields of an Issue if an updated_at date is provided. (cherry picked from commit f061caa6555e0c9e922ee1e73dd2e4337360e9fe) Add an updated_at field to the API calls related to Issue's Labels. The update date is applied to the issue's comment created to inform about the modification of the issue's labels. (cherry picked from commit ea36cf80f58f0ab20c565a8f5d063b90fd741f97) Add an updated_at field to the API call for issue's attachment creation The update date is applied to the issue's comment created to inform about the modification of the issue's content, and is set as the asset creation date. (cherry picked from commit 96150971ca31b97e97e84d5f5eb95a177cc44e2e) Checking Issue changes, with and without providing an updated_at date Those unit tests are added: - TestAPIEditIssueWithAutoDate - TestAPIEditIssueWithNoAutoDate - TestAPIAddIssueLabelsWithAutoDate - TestAPIAddIssueLabelsWithNoAutoDate - TestAPICreateIssueAttachmentWithAutoDate - TestAPICreateIssueAttachmentWithNoAutoDate (cherry picked from commit 4926a5d7a28581003545256632213bf4136b193d) Add an updated_at field to the API call for issue's comment creation The update date is used as the comment creation date, and is applied to the issue as the update creation date. (cherry picked from commit 76c8faecdc6cba48ca4fe07d1a916d1f1a4b37b4) Add an updated_at field to the API call for issue's comment edition The update date is used as the comment update date, and is applied to the issue as an update date. (cherry picked from commit cf787ad7fdb8e6273fdc35d7b5cc164b400207e9) Add an updated_at field to the API call for comment's attachment creation The update date is applied to the comment, and is set as the asset creation date. (cherry picked from commit 1e4ff424d39db7a4256cd9abf9c58b8d3e1b5c14) Checking Comment changes, with and without providing an updated_at date Those unit tests are added: - TestAPICreateCommentWithAutoDate - TestAPICreateCommentWithNoAutoDate - TestAPIEditCommentWithAutoDate - TestAPIEditCommentWithNoAutoDate - TestAPICreateCommentAttachmentWithAutoDate - TestAPICreateCommentAttachmentWithNoAutoDate (cherry picked from commit da932152f1deb3039a399516a51c8b6757059c91) Pettier code to set the update time of comments Now uses sess.AllCols().NoAutoToime().SetExpr("updated_unix", ...) XORM is smart enough to compose one single SQL UPDATE which all columns + updated_unix. (cherry picked from commit 1f6a42808dd739c0c2e49e6b7ae2967f120f43c2) Issue edition: Keep the max of the milestone and issue update dates. When editing an issue via the API, an updated_at date can be provided. If the EditIssue call changes the issue's milestone, the milestone's update date is to be changed accordingly, but only with a greater value. This ensures that a milestone's update date is the max of all issue's update dates. (cherry picked from commit 8f22ea182e6b49e933dc6534040160dd739ff18a) Rewrite the 'AutoDate' tests using subtests Also add a test to check the permissions to set a date, and a test to check update dates on milestones. The tests related to 'AutoDate' are: - TestAPIEditIssueAutoDate - TestAPIAddIssueLabelsAutoDate - TestAPIEditIssueMilestoneAutoDate - TestAPICreateIssueAttachmentAutoDate - TestAPICreateCommentAutoDate - TestAPIEditCommentWithDate - TestAPICreateCommentAttachmentAutoDate (cherry picked from commit 961fd13c551b3e50040acb7c914a00ead92de63f) (cherry picked from commit d52f4eea44692ee773010cb66a69a603663947d5) (cherry picked from commit 3540ea2a43155ca8cf5ab1a4a246babfb829db16) Conflicts: services/issue/issue.go https://codeberg.org/forgejo/forgejo/pulls/1415 (cherry picked from commit 56720ade008c09122d825959171aa5346d645987) Conflicts: routers/api/v1/repo/issue_label.go https://codeberg.org/forgejo/forgejo/pulls/1462 (cherry picked from commit 47c78927d6c7e7a50298fa67efad1e73723a0981) (cherry picked from commit 2030f3b965cde401976821083c3250b404954ecc) (cherry picked from commit f02aeb76981cd688ceaf6613f142a8a725be1437) Conflicts: routers/api/v1/repo/issue_attachment.go routers/api/v1/repo/issue_comment_attachment.go https://codeberg.org/forgejo/forgejo/pulls/1575 (cherry picked from commit d072525b35e44faf7ff87143c0e52b8ba8a625c8) (cherry picked from commit 8424d0ab3df75ac3ffa30f42d398e22995ada5e7) (cherry picked from commit 5cc62caec788b54afd9da5b9193ce06ee8ec562b) (cherry picked from commit d6300d5dcd01c7ddc65d8b0f326f9c19cb53b58e) [FEAT] allow setting the update date on issues and comments (squash) apply the 'update_at' value to the cross-ref comments (#1676) [this is a follow-up to PR #764] When a comment of issue A referencing issue B is added with a forced 'updated_at' date, that date has to be applied to the comment created in issue B. ----- Comment: While trying my 'RoundUp migration script', I found that this case was forgotten in PR #764 - my apologies... I'll try to write a functional test, base on models/issues/issue_xref_test.go Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1676 Co-authored-by: fluzz <fluzz@freedroid.org> Co-committed-by: fluzz <fluzz@freedroid.org> (cherry picked from commit ac4f727f63a2dd746dd84a31ebf7f70d5b5d7c52) (cherry picked from commit 5110476ee9010ba8cdca0e0f37f765f8800e9fe1) (cherry picked from commit 77ba6be1dab4f6f3678d79a394da56e6447ebbe1) (cherry picked from commit 9c8337b5c442cfd72d97597c2089e776f42828b7) (cherry picked from commit 1d689eb686f0f7df09c7861b3faf9d8683cb933b) (cherry picked from commit 511c519c875a4c4e65c02ef0c4e3b941f4da4371) (cherry picked from commit 2f0b4a8f610837d34844bb79cda1360ab23b6b1c) (cherry picked from commit fdd4da111c449322901a0acf6d0857eac4716581) [FEAT] allow setting the update date on issues and comments (squash) do not use token= query param See https://codeberg.org/forgejo/forgejo/commit/33439b733a (cherry picked from commit c5139a75b9e4af612a628171bd4f63a24860c272) (cherry picked from commit c7b572c35d3e9e22017fd74045bcdc1109bd06df) (cherry picked from commit aec7503ff6dd177980f3d9f367122ffc2fec8986) (cherry picked from commit 87c65f2a490faeccb85088fa0981dd50f7199eb8) (cherry picked from commit bd47ee33c20e53ae616a7e53d63c3b51809585fb) (cherry picked from commit f3dbd90a747c14fb1b5b4271db6c10abbf86d586) |
||
Kyle D
|
33439b733a
|
Disable query token param in integration tests (#28592)
Follow up to https://github.com/go-gitea/gitea/pull/28484, this PR enables the setting for integration tests and migrates a few additional test queries. |
||
KN4CK3R
|
838db2f891
|
Convert to url auth to header auth in tests (#28484)
Related #28390 |
||
Nanguan Lin
|
2f8e1604f8
|
Fix review request number and add more tests (#27104)
fix #27019 ## testfixture yml 1. add issue20(a pr issue) in repo 23, org 17 2. add user15 to team 9 3. add four reviews about issue20 ## test case add two tests that are described with code comments the code before pr #26784 failed the first test <img width="479" alt="image" src="https://github.com/go-gitea/gitea/assets/70063547/1d9b5787-11b4-4c4d-931f-6a9869547f35"> current code failed the second test(as mentioned in #27019) <img width="484" alt="image" src="https://github.com/go-gitea/gitea/assets/70063547/05608055-7587-43d1-bae1-92c688270819"> Any advice is appreciated. --------- Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
Nanguan Lin
|
da50be7360
|
Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052)
Currently 'userxx' and 'orgxx' are both used as username in test files when the user type is org, which is confusing. This PR replaces all 'userxx' with 'orgxx' when the user type is org(`user.type==1`). Some non-trivial changes 1. Rename `user3` dir to `org3` in `tests/git-repositories-meta` 2. Change `end` in `issue reference` because 'org3' is one char shorter than 'user3' ![ksnip_20230913-112819](https://github.com/go-gitea/gitea/assets/70063547/442988c5-4cf4-49b8-aa01-4dd6bf0ca954) 3. Change the search result number of `user/repo2` because `user3/repo21` can't be searched now ![ksnip_20230913-112931](https://github.com/go-gitea/gitea/assets/70063547/d9ebeba4-479f-4110-9a85-825efbc981fd) 4. Change the first org name getting from API because the result is ordered by alphabet asc and now `org 17` is before `org25` ![JW8U7NIO(J$H _YCRB36H)T](https://github.com/go-gitea/gitea/assets/70063547/f55a685c-cf24-40e5-a87f-3a2327319548) ![)KFD411O4I8RB5ZOH7E0 Z3](https://github.com/go-gitea/gitea/assets/70063547/a0dc3299-249c-46f6-91cb-d15d4ee88dd5) Other modifications are just find all and replace all. Unit tests with SQLite are all passed. --------- Co-authored-by: caicandong <1290147055@qq.com> |
||
wxiaoguang
|
f01bed2443
|
Avoid double-unescaping of form value (#26853)
1. The old `prepareQueryArg` did double-unescaping of form value. 2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`. Co-authored-by: Giteabot <teabot@gitea.io> |
||
sebastian-sauer
|
55532061c8
|
Add commits dropdown in PR files view and allow commit by commit review (#25528)
This PR adds a new dropdown to select a commit or a commit range (shift-click like github) of a Pull Request. After selection of a commit only the changes of this commit will be shown. When selecting a range of commits the diff of this range is shown. This allows to review a PR commit by commit or by viewing only commit ranges. The "Show changes since your last review" mechanism github uses is implemented, too. When reviewing a single commit or a commit range the "Viewed" functionality is disabled. ## Screenshots ### The commit dropdown ![image](https://github.com/go-gitea/gitea/assets/51889757/0db3ae62-1272-436c-be64-4730c5d611e3) ### Selecting a commit range ![image](https://github.com/go-gitea/gitea/assets/51889757/ad81eedb-8437-42b0-8073-2d940c25fe8f) ### Show changes of a single commit only ![image](https://github.com/go-gitea/gitea/assets/51889757/6b1a113b-73ef-4ecc-adf6-bc2340bb8f97) ### Show changes of a commit range ![image](https://github.com/go-gitea/gitea/assets/51889757/6401b358-cd66-4c09-8baa-6cf6177f23a7) Fixes https://github.com/go-gitea/gitea/issues/20989 Fixes https://github.com/go-gitea/gitea/issues/19263 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: delvh <dev.lh@web.de> |
||
Lunny Xiao
|
315124b469
|
Fix parallelly generating index failure with Mysql (#24567) | ||
Jack Hay
|
18de83b2a3
|
Redesign Scoped Access Tokens (#24767)
## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io> |
||
Brecht Van Lommel
|
6221a6fd54
|
Scoped labels (#22585)
Add a new "exclusive" option per label. This makes it so that when the label is named `scope/name`, no other label with the same `scope/` prefix can be set on an issue. The scope is determined by the last occurence of `/`, so for example `scope/alpha/name` and `scope/beta/name` are considered to be in different scopes and can coexist. Exclusive scopes are not enforced by any database rules, however they are enforced when editing labels at the models level, automatically removing any existing labels in the same scope when either attaching a new label or replacing all labels. In menus use a circle instead of checkbox to indicate they function as radio buttons per scope. Issue filtering by label ensures that only a single scoped label is selected at a time. Clicking with alt key can be used to remove a scoped label, both when editing individual issues and batch editing. Label rendering refactor for consistency and code simplification: * Labels now consistently have the same shape, emojis and tooltips everywhere. This includes the label list and label assignment menus. * In label list, show description below label same as label menus. * Don't use exactly black/white text colors to look a bit nicer. * Simplify text color computation. There is no point computing luminance in linear color space, as this is a perceptual problem and sRGB is closer to perceptually linear. * Increase height of label assignment menus to show more labels. Showing only 3-4 labels at a time leads to a lot of scrolling. * Render all labels with a new RenderLabel template helper function. Label creation and editing in multiline modal menu: * Change label creation to open a modal menu like label editing. * Change menu layout to place name, description and colors on separate lines. * Don't color cancel button red in label editing modal menu. * Align text to the left in model menu for better readability and consistent with settings layout elsewhere. Custom exclusive scoped label rendering: * Display scoped label prefix and suffix with slightly darker and lighter background color respectively, and a slanted edge between them similar to the `/` symbol. * In menus exclusive labels are grouped with a divider line. --------- Co-authored-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv> |
||
Chongyi Zheng
|
de484e86bc
|
Support scoped access tokens (#20908)
This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300 |
||
Lunny Xiao
|
df676a47d0
|
Remove session in api tests (#21984)
It's no meaning to request an API route with session. |
||
flynnnnnnnnnn
|
e81ccc406b
|
Implement FSFE REUSE for golang files (#21840)
Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> |
||
Kyle D
|
c8ded77680
|
Kd/ci playwright go test (#20123)
* Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs |
Renamed from integrations/api_issue_test.go (Browse further)