Improve issue history dialog and make poster can delete their own history (#27323)

Fix #27313 (see the comment) And some UI improvements: ### Before ![image](https://github.com/go-gitea/gitea/assets/2114189/420a314d-8f34-4e30-a557-f41cf4f0d2f2) ![image](https://github.com/go-gitea/gitea/assets/2114189/60ca0be4-b55e-4e65-be73-fd53e0d4fc36) ### After ![image](https://github.com/go-gitea/gitea/assets/2114189/d354f815-5a0c-4e63-8d59-d03ed344dbea) ![image](https://github.com/go-gitea/gitea/assets/2114189/6ef437a4-aa6f-4917-a260-00625ee71e79) ![image](https://github.com/go-gitea/gitea/assets/2114189/9d88a36c-616b-4dc9-8c6b-76adaad8acf6)
author: wxiaoguang <wxiaoguang@gmail.com> 2023-09-28 16:43:20 +0800
committer: GitHub <noreply@github.com> 2023-09-28 08:43:20 +0000
commit: 72c68177ab78d026d25a0a440c35cdbc9723cd98 (patch)
tree: 1cefedcd4a139fc1e2343633bba414247a331387 /routers
parent: 7ea2a910cebaf51cfd13c0941029c404e408ae54 (diff)
download: gitea-72c68177ab78d026d25a0a440c35cdbc9723cd98.tar.gz
gitea-72c68177ab78d026d25a0a440c35cdbc9723cd98.zip
1 files changed, 9 insertions, 5 deletions
diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go
index 3dd7725c21..5c378fe9d7 100644
--- a/routers/web/repo/issue_content_history.go
+++ b/routers/web/repo/issue_content_history.go
@@ -11,7 +11,6 @@ import (
 
 	"code.gitea.io/gitea/models/avatars"
 	issues_model "code.gitea.io/gitea/models/issues"
-	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -91,11 +90,16 @@ func GetContentHistoryList(ctx *context.Context) {
 // Admins or owners can always delete history revisions. Normal users can only delete own history revisions.
 func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue, comment *issues_model.Comment,
 	history *issues_model.ContentHistory,
-) bool {
-	canSoftDelete := false
-	if ctx.Repo.IsOwner() {
+) (canSoftDelete bool) {
+	// CanWrite means the doer can manage the issue/PR list
+	if ctx.Repo.IsOwner() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
 		canSoftDelete = true
-	} else if ctx.Repo.CanWrite(unit.TypeIssues) {
+	} else {
+		// for read-only users, they could still post issues or comments,
+		// they should be able to delete the history related to their own issue/comment, a case is:
+		// 1. the user posts some sensitive data
+		// 2. then the repo owner edits the post but didn't remove the sensitive data
+		// 3. the poster wants to delete the edited history revision
 		if comment == nil {
 			// the issue poster or the history poster can soft-delete
 			canSoftDelete = ctx.Doer.ID == issue.PosterID || ctx.Doer.ID == history.PosterID
author	wxiaoguang <wxiaoguang@gmail.com>	2023-09-28 16:43:20 +0800
committer	GitHub <noreply@github.com>	2023-09-28 08:43:20 +0000
commit	72c68177ab78d026d25a0a440c35cdbc9723cd98 (patch)
tree	1cefedcd4a139fc1e2343633bba414247a331387 /routers
parent	7ea2a910cebaf51cfd13c0941029c404e408ae54 (diff)
download	gitea-72c68177ab78d026d25a0a440c35cdbc9723cd98.tar.gz gitea-72c68177ab78d026d25a0a440c35cdbc9723cd98.zip