aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web
Commit message (Collapse)AuthorAgeFilesLines
* Fix possible panic when repository is empty (#20509) (#20527)release/v1.1665432022-07-281-4/+8
|
* Hide notify mail setting ui if not enabled (#20138) (#20337)Lunny Xiao2022-07-121-0/+1
| | | Backport #20138
* Only show Followers that current user can access (#20220) (#20253)zeripath2022-07-061-5/+6
| | | | | | | | Backport #20220 Users who are following or being followed by a user should only be displayed if the viewing user can see them. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Check for permission when fetching user controlled issues (#20133) (#20196)Gusted2022-07-013-23/+44
| | | | | | | | | | | | | | | | | | | | | | | * Check if project has the same repository id with issue when assign project to issue * Check if issue's repository id match project's repository id * Add more permission checking * Remove invalid argument * Fix errors * Add generic check * Remove duplicated check * Return error + add check for new issues * Apply suggestions from code review Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: 6543 <6543@obermui.de>
* Release page show all tags in compare dropdown (#20070) (#20071)65432022-06-211-1/+8
| | | | | | | Backport #20070 Just get all tags when creating the compare dropdown. (Also updates the changelog.) Fix #19936
* fix permission check for delete tag (#19985) (#20001)a10121127962022-06-172-1/+11
| | | | | | | fix #19970 by the way, fix some error response about protected tags. Signed-off-by: a1012112796 <1012112796@qq.com>
* Prevent NPE when cache service is disabled (#19703) (#19783)zeripath2022-05-253-18/+27
| | | | | | | | | | | | | | | | Backport #19703 The cache service can be disabled - at which point ctx.Cache will be nil and the use of it will cause an NPE. The main part of this PR is that the cache is used for restricting resending of activation mails and without this we cache we cannot restrict this. Whilst this code could be re-considered to use the db and probably should be, I think we can simply disable this code in the case that the cache is disabled. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix NotificationUnreadCount (#19802)Lunny Xiao2022-05-251-1/+2
|
* Fix issue overview for teams (#19652) (#19653)Gusted2022-05-161-16/+3
| | | | | - Backport #19652 - Don't use hacky solution to limit to the correct RepoID's, instead use current code to handle these limits. The existing code is more correct than the hacky solution. - Resolves #19636
* Fix oauth setting list bug (#19681)Lunny Xiao2022-05-111-1/+1
|
* Fix new release from tags list UI (#19670) (#19673)Lunny Xiao2022-05-101-1/+3
|
* GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)singuliere2022-05-081-0/+3
| | | | | | | | | | | | | | | | Co-authored-by: Loïc Dachary <loic@dachary.org> (cherry picked from commit b536b65189319544939da9b6537919a4fc838d71) Conflicts: models/action_test.go The GetFeeds function does not have a Context argument in 1.16. models/action.go The SQL statement is essentially the same in 1.16 but structured differently. The Join() was copied and the created_unix field prefixed with `action`. models/action_list.go in 1.16 the loadRepoOwner method did not exist and it was done in the RetrieveFeeds method of web/feed/profile.go. The safeguard to skip when act.Repo == nil was moved there.
* Respect DefaultUserIsRestricted system default when creating new user ↵Jimmy Praet2022-04-305-28/+31
| | | | (#19310 ) (#19560)
* When view _Siderbar or _Footer, just display once (#19501) (#19522)Lunny Xiao2022-04-271-30/+51
| | | Co-authored-by: zeripath <art27@cantab.net>
* User specific repoID or xorm builder conditions for issue search (#19475) ↵65432022-04-252-9/+3
| | | | (#19476)
* When updating mirror repo intervals by API reschedule next update too ↵zeripath2022-04-201-6/+1
| | | | | | | | | | | | (#19429) (#19433) Backport #19429 When a mirror repo interval is updated by the UI it is rescheduled with that interval however the API does not do this. The API also lacks the enable_prune option. This PR adds this functionality in to the API Edit Repo endpoint. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix middleware function's placements for `/user/...` (#19377) (#19378)Gusted2022-04-121-3/+3
| | | | | - Backport #19377 - Add reqSignIn to `/user/task/{task}` as it specific to a logged in user currently not-logged in user could cause a NPE. - Remove `/user/active` reqSignIn middleware, because when you want to active a account you're not "signed in" so it doesn't make sense to add that middleware.
* Move checks for pulls before merge into own function (#19271) (#19277)65432022-03-311-101/+54
| | | | | | | | Backport #19271 Fix: * The API does ignore issue dependencies where Web does not * The API checks if "IsSignedIfRequired" where Web does not - UI probably do but nothing will some to craft custom requests * Default merge message is crafted a bit different between API and Web if not set on specific cases ...
* Only send webhook events to active system webhooks and only deliver to ↵zeripath2022-03-291-1/+2
| | | | | | | | | | | | | | | | | active hooks (#19234) (#19248) Backport #19234 There is a bug in the system webhooks whereby the active state is not checked when webhooks are prepared and there is a bug that deactivating webhooks do not prevent queued deliveries. * Only add SystemWebhooks to the prepareWebhooks list if they are active * At the time of delivery if the underlying webhook is not active mark it as "delivered" but with a failed delivery so it does not get delivered. Fix #19220 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix showing issues in your repositories (#18916) (#19191)65432022-03-241-14/+55
| | | | | | | - Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository. - Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options). - Resolves #18913 Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Fix compare link in active feeds for new branch (#19149) (#19185)zeripath2022-03-231-0/+7
| | | | | | | | | | | | | | | | | | | | | | | Backport #19149 When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly. Therefore when creating the compare link for new branches: 1. Attempt to get the parent of the first commit and use that as the basis for the compare link. 2. If this is not possible make a comparison to the default branch 3. Finally if that is not possible simply do not show a compare link. However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch. Fix #19144 Signed-off-by: a1012112796 <1012112796@qq.com> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: a1012112796 <1012112796@qq.com>
* Fix the bug: deploy key with write access can not push (#19010) (#19182)zeripath2022-03-231-1/+0
| | | | | | | | | Backport #19010 Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission. Fix #19009 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Clean paths when looking in Storage (#19124) (#19179)zeripath2022-03-231-16/+16
| | | | | | | | | | | | | | | | Backport #19124 * Clean paths when looking in Storage Ensure paths are clean for minio aswell as local storage. Use url.Path not RequestURI/EscapedPath in storageHandler. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv>
* Use the new/choose link for New Issue on project page (#19172) (#19176)zeripath2022-03-231-2/+9
| | | | | | | | | | | | | Backport #19172 Extend issues/new/choose to pass the project id and change New Issue link on project page to use new/choose Fix #19170 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Use custom favicon when viewing static files if it exists (#19130) (#19152)Abheek Dhawan2022-03-201-0/+5
| | | | | | | Redirect `/favicon.ico` to `/assets/img/favicon.png`. Fix #19109 Co-authored-by: zeripath <art27@cantab.net>
* Fix wrong scopes caused by empty scope input (#19029) (#19145)zeripath2022-03-211-1/+13
| | | | Backport #19029 Fix #18972 Gitea prepends requested openid scope with + after updating authentication source
* Do not send activation email if manual confirm is set (#19119) (#19122)zeripath2022-03-191-0/+6
| | | | | | | | | | | Backport #19119 If the mailer is configured then even if Manual confirm is set an activation email is still being sent because `handleUserCreated` is not checking for this case. Fix #17263 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle email address not exist (#19089) (#19121)Lunny Xiao2022-03-192-3/+3
| | | | | | | | | Backport #19089 * Handle email address not exist. (#19089) * Fix lint about strings.Title Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Restrict email address validation (#17688) (#19085)65432022-03-143-2/+10
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix lfs bug (#19072) (#19080)65432022-03-141-0/+13
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent 500 when there is an error during new auth source post (#19041) (#19059)zeripath2022-03-131-2/+2
| | | | | | | Backport #19041 Fix #19036 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor admin user filter query parameters (#18965) (#18975)Otto Richter (fnetX)2022-03-022-2/+11
| | | | | | Only pass `status_filter` on admin page Use a more general method to pass query parameters, remove hard-coded keys Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that ↵65432022-03-021-10/+25
| | | | case (#18897) (#18964)
* Send 404 on `/{org}.gpg` (#18959) (#18962)Gusted2022-03-011-2/+10
|
* Fix admin user list pagination (#18957) (#18960)Otto Richter (fnetX)2022-03-011-0/+1
|
* BeforeSourcePath should point to base commit (#18880)Jimmy Praet2022-02-251-2/+2
|
* Don't report signal: killed errors in serviceRPC (#18850) (#18865)zeripath2022-02-241-4/+5
| | | | | | | | | Backport #18850 Fix #18849 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update assignees check to include any writing team and change org sidebar ↵zeripath2022-02-241-0/+2
| | | | | | | | | | | | | (#18680) (#18873) Backport #18680 Following the merging of #17811 teams can now have differing write and readonly permissions, however the assignee list will not include teams which have mixed perms. Further the org sidebar is no longer helpful as it can't describe these mixed permissions situations. Fix #18572 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Show fullname on issue edits and gpg/ssh signing info (#18828)Wim2022-02-201-1/+9
| | | Co-authored-by: zeripath <art27@cantab.net>
* Fix template bug of LFS lock (#18784) (#18787)Lunny Xiao2022-02-161-0/+1
| | | | | | Backport #18784 Fix #18782
* Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) ↵zeripath2022-02-121-2/+2
| | | | | | | | | | | (#18737) Backport #18713 Move setting PullRequestWorkInProgressPrefixes to the start of PrepareViewPullInfo. Fix #18706 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that blob-excerpt links work for wiki (#18587) (#18624)zeripath2022-02-062-1/+29
| | | | | | | | | | | Backport #18587 It appears that the blob-excerpt links do not work on the wiki - likely since their introduction. This PR adds support for the wiki on these links. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Collaborator trust model should trust collaborators (#18539) (#18557)zeripath2022-02-032-2/+2
| | | | | | | | | | | | Backport #18539 There was an unintended regression in #17917 which leads to only repository admin commits being trusted. This PR restores the old logic. Fix #18501 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent panic on prohibited user login with oauth2 (#18562) (#18563)zeripath2022-02-031-1/+1
| | | | | | | | | | | | Backport #18562 There was an unfortunate regression in #17962 where following detection of the UserProhibitLogin error the err is cast to a pointer by mistake. This causes a panic due to an interface error. Fix #18561 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add `GetUserTeams` (#18499) (#18531)zeripath2022-02-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Backport #18499 * Correct use `UserID` in `SearchTeams` - Use `UserID` in the `SearchTeams` function, currently it was useless to pass such information. Now it does a INNER statement to `team_user` which obtains UserID -> TeamID data. - Make OrgID optional. - Resolves #18484 * Seperate searching specific user * Add condition back * Use correct struct type Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix OAuth Source Edit Page (#18495) (#18503)zeripath2022-01-312-0/+7
| | | | | | | | | | Backport #18495 * Fix OAuth Source Edit Page to ensure restricted and group settings are set * Also tolerate []interface in the groups Fix #18432 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Only view milestones from current repo (#18414) (#18417)zeripath2022-01-262-3/+3
| | | | | | | | Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix partial cloning a repo (#18373) (#18377)Gusted2022-01-231-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | * Fix partial cloning a repo (#18373) - Backport from: #18373 - Backport isn't 1-1, because the frontport had a refactor in that area, which v1.16 doesn't have. * Include diff & use copy * Add partial clone test * patch * Apply suggestions from code review * globalArgs first * avoid copy but make GlobalCMDArgs append first * please linter Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Stop trimming preceding and suffixing spaces from editor filenames (#18334)v1.16.0-rc1zeripath2022-01-191-1/+1
| | | | | | | | | | | | | | * Stop trimming preceding and suffixing spaces from editor filenames In #5702 it was decided to trim preceding and suffixed spaces aswell as / from editing file filenames. This was because at this point in time the url-safety of Gitea was much poorer. We can now drop this requirement and file editing should work correctly. Fix #18176 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix incorrect OAuth message (#18332)wxiaoguang2022-01-191-1/+1
| | | | | As the title, Fix #18327
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-21 20:12:37 +0000