summaryrefslogtreecommitdiffstats
path: root/routers/web
Commit message (Collapse)AuthorAgeFilesLines
* Fix showing issues in your repositories (#18916) (#19191)65432022-03-241-14/+55
| | | | | | | - Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository. - Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options). - Resolves #18913 Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Fix compare link in active feeds for new branch (#19149) (#19185)zeripath2022-03-231-0/+7
| | | | | | | | | | | | | | | | | | | | | | | Backport #19149 When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly. Therefore when creating the compare link for new branches: 1. Attempt to get the parent of the first commit and use that as the basis for the compare link. 2. If this is not possible make a comparison to the default branch 3. Finally if that is not possible simply do not show a compare link. However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch. Fix #19144 Signed-off-by: a1012112796 <1012112796@qq.com> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: a1012112796 <1012112796@qq.com>
* Fix the bug: deploy key with write access can not push (#19010) (#19182)zeripath2022-03-231-1/+0
| | | | | | | | | Backport #19010 Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission. Fix #19009 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Clean paths when looking in Storage (#19124) (#19179)zeripath2022-03-231-16/+16
| | | | | | | | | | | | | | | | Backport #19124 * Clean paths when looking in Storage Ensure paths are clean for minio aswell as local storage. Use url.Path not RequestURI/EscapedPath in storageHandler. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv>
* Use the new/choose link for New Issue on project page (#19172) (#19176)zeripath2022-03-231-2/+9
| | | | | | | | | | | | | Backport #19172 Extend issues/new/choose to pass the project id and change New Issue link on project page to use new/choose Fix #19170 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Use custom favicon when viewing static files if it exists (#19130) (#19152)Abheek Dhawan2022-03-201-0/+5
| | | | | | | Redirect `/favicon.ico` to `/assets/img/favicon.png`. Fix #19109 Co-authored-by: zeripath <art27@cantab.net>
* Fix wrong scopes caused by empty scope input (#19029) (#19145)zeripath2022-03-211-1/+13
| | | | Backport #19029 Fix #18972 Gitea prepends requested openid scope with + after updating authentication source
* Do not send activation email if manual confirm is set (#19119) (#19122)zeripath2022-03-191-0/+6
| | | | | | | | | | | Backport #19119 If the mailer is configured then even if Manual confirm is set an activation email is still being sent because `handleUserCreated` is not checking for this case. Fix #17263 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle email address not exist (#19089) (#19121)Lunny Xiao2022-03-192-3/+3
| | | | | | | | | Backport #19089 * Handle email address not exist. (#19089) * Fix lint about strings.Title Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Restrict email address validation (#17688) (#19085)65432022-03-143-2/+10
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix lfs bug (#19072) (#19080)65432022-03-141-0/+13
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent 500 when there is an error during new auth source post (#19041) (#19059)zeripath2022-03-131-2/+2
| | | | | | | Backport #19041 Fix #19036 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor admin user filter query parameters (#18965) (#18975)Otto Richter (fnetX)2022-03-022-2/+11
| | | | | | Only pass `status_filter` on admin page Use a more general method to pass query parameters, remove hard-coded keys Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that ↵65432022-03-021-10/+25
| | | | case (#18897) (#18964)
* Send 404 on `/{org}.gpg` (#18959) (#18962)Gusted2022-03-011-2/+10
|
* Fix admin user list pagination (#18957) (#18960)Otto Richter (fnetX)2022-03-011-0/+1
|
* BeforeSourcePath should point to base commit (#18880)Jimmy Praet2022-02-251-2/+2
|
* Don't report signal: killed errors in serviceRPC (#18850) (#18865)zeripath2022-02-241-4/+5
| | | | | | | | | Backport #18850 Fix #18849 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update assignees check to include any writing team and change org sidebar ↵zeripath2022-02-241-0/+2
| | | | | | | | | | | | | (#18680) (#18873) Backport #18680 Following the merging of #17811 teams can now have differing write and readonly permissions, however the assignee list will not include teams which have mixed perms. Further the org sidebar is no longer helpful as it can't describe these mixed permissions situations. Fix #18572 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Show fullname on issue edits and gpg/ssh signing info (#18828)Wim2022-02-201-1/+9
| | | Co-authored-by: zeripath <art27@cantab.net>
* Fix template bug of LFS lock (#18784) (#18787)Lunny Xiao2022-02-161-0/+1
| | | | | | Backport #18784 Fix #18782
* Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) ↵zeripath2022-02-121-2/+2
| | | | | | | | | | | (#18737) Backport #18713 Move setting PullRequestWorkInProgressPrefixes to the start of PrepareViewPullInfo. Fix #18706 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that blob-excerpt links work for wiki (#18587) (#18624)zeripath2022-02-062-1/+29
| | | | | | | | | | | Backport #18587 It appears that the blob-excerpt links do not work on the wiki - likely since their introduction. This PR adds support for the wiki on these links. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Collaborator trust model should trust collaborators (#18539) (#18557)zeripath2022-02-032-2/+2
| | | | | | | | | | | | Backport #18539 There was an unintended regression in #17917 which leads to only repository admin commits being trusted. This PR restores the old logic. Fix #18501 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent panic on prohibited user login with oauth2 (#18562) (#18563)zeripath2022-02-031-1/+1
| | | | | | | | | | | | Backport #18562 There was an unfortunate regression in #17962 where following detection of the UserProhibitLogin error the err is cast to a pointer by mistake. This causes a panic due to an interface error. Fix #18561 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add `GetUserTeams` (#18499) (#18531)zeripath2022-02-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Backport #18499 * Correct use `UserID` in `SearchTeams` - Use `UserID` in the `SearchTeams` function, currently it was useless to pass such information. Now it does a INNER statement to `team_user` which obtains UserID -> TeamID data. - Make OrgID optional. - Resolves #18484 * Seperate searching specific user * Add condition back * Use correct struct type Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix OAuth Source Edit Page (#18495) (#18503)zeripath2022-01-312-0/+7
| | | | | | | | | | Backport #18495 * Fix OAuth Source Edit Page to ensure restricted and group settings are set * Also tolerate []interface in the groups Fix #18432 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Only view milestones from current repo (#18414) (#18417)zeripath2022-01-262-3/+3
| | | | | | | | Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix partial cloning a repo (#18373) (#18377)Gusted2022-01-231-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | * Fix partial cloning a repo (#18373) - Backport from: #18373 - Backport isn't 1-1, because the frontport had a refactor in that area, which v1.16 doesn't have. * Include diff & use copy * Add partial clone test * patch * Apply suggestions from code review * globalArgs first * avoid copy but make GlobalCMDArgs append first * please linter Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Stop trimming preceding and suffixing spaces from editor filenames (#18334)v1.16.0-rc1zeripath2022-01-191-1/+1
| | | | | | | | | | | | | | * Stop trimming preceding and suffixing spaces from editor filenames In #5702 it was decided to trim preceding and suffixed spaces aswell as / from editing file filenames. This was because at this point in time the url-safety of Gitea was much poorer. We can now drop this requirement and file editing should work correctly. Fix #18176 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix incorrect OAuth message (#18332)wxiaoguang2022-01-191-1/+1
| | | | | As the title, Fix #18327
* Fix PR comments UI (#18323)wxiaoguang2022-01-191-8/+10
| | | | | Closes: * Review comment cannot be edited #17768 * Changing PR Comment Resolved State Disables Further Changes #18315
* Use indirect comparison when showing pull requests (#18313)zeripath2022-01-181-3/+3
| | | | | | | | When generating the commits list and number of files changed for PRs and compare we should use "..." always not "..". Fix #18303 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle missing default branch better in owner/repo/branches page (#18290)zeripath2022-01-161-20/+33
| | | | | | | This PR more nicely handles a missing default branch in owner/repo/branches Fix #18265 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Webauthn nits (#18284)zeripath2022-01-152-10/+12
| | | | | | | This contains some additional fixes and small nits related to #17957 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Support webauthn (#17957)Lunny Xiao2022-01-1410-281/+322
| | | | | | | Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix various typos (#18219)luzpaz2022-01-101-1/+1
| | | | | Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby,te,unknwon` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Show OAuth callback error message (#18185)KN4CK3R2022-01-071-1/+35
| | | | | | | | | | | * Show callback error message. * lint * Use error code to display a message. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add warning for BIDI characters in page renders and in diffs (#17562)zeripath2022-01-074-16/+40
| | | | | | | | | | | | Fix #17514 Given the comments I've adjusted this somewhat. The numbers of characters detected are increased and include things like the use of U+300 to make à instead of à and non-breaking spaces. There is a button which can be used to escape the content to show it. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Gwyneth Morgan <gwymor@tilde.club> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add replay of webhooks. (#18191)KN4CK3R2022-01-052-5/+36
|
* Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)wxiaoguang2022-01-057-19/+0
| | | This PR makes frontend load EasyMDE/CodeMirror dynamically, and removes `RequireEasyMDE`.
* refactoring nits (#18188)65432022-01-051-1/+0
| | | | | | | * no octal for time values * rm artifact from refactoring Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Team permission allow different unit has different permission (#17811)Lunny Xiao2022-01-051-27/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * fix * gofumpt * Integration test for migration (#18124) integrations: basic test for Gitea {dump,restore}-repo This is a first step for integration testing of DumpRepository and RestoreRepository. It: runs a Gitea server, dumps a repo via DumpRepository to the filesystem, restores the repo via RestoreRepository from the filesystem, dumps the restored repository to the filesystem, compares the first and second dump and expects them to be identical The verification is trivial and the goal is to add more tests for each topic of the dump. Signed-off-by: Loïc Dachary <loic@dachary.org> * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * Fix bug Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
* Don't delete branch if other PRs with this branch are open (#18164)a10121127962022-01-032-1/+35
| | | | | fix #18149 Signed-off-by: a1012112796 <1012112796@qq.com>
* Remove unused route "/tasks/trigger" (#18160)Gusted2022-01-033-66/+0
| | | ref: https://github.com/go-gitea/gitea/pull/18160#issuecomment-1004091325
* Refactor auth package (#17962)Lunny Xiao2022-01-0223-2228/+2355
|
* Unify and simplify TrN for i18n (#18141)wxiaoguang2022-01-023-17/+4
| | | | | Refer: https://github.com/go-gitea/gitea/pull/18135#issuecomment-1003246099 Now we have a unique and simple `TrN`, and make the fix of PR #18135 also use the better `TrN` logic.
* Use correct user when determining max repo limits for error messages (#18153)Gusted2022-01-023-3/+3
| | | - Use the correct user(`owner` instead of `ctx.User`) to get the maxCreationLimit.
* Allow admin to associate missing LFS objects for repositories (#18143)wxiaoguang2022-01-011-10/+18
| | | | | | | This PR reworked the Find pointer files feature in Settings -> LFS page. When a LFS object is missing from database but exists in LFS content store, admin can associate it to the repository by clicking the Associate button. This PR is not perfect (because the LFS module itself should be improved too), it's just a nice-to-have feature to help users recover their LFS repositories (eg: database was lost / table was truncated)
* Use correct translation key (#18135)Gusted2021-12-313-3/+22
| | | | | - Resolves #18122 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-14 11:52:21 +0000