aboutsummaryrefslogtreecommitdiffstats
path: root/routers
Commit message (Collapse)AuthorAgeFilesLines
* Fix possible panic when repository is empty (#20509) (#20527)release/v1.1665432022-07-281-4/+8
|
* Hide notify mail setting ui if not enabled (#20138) (#20337)Lunny Xiao2022-07-121-0/+1
| | | Backport #20138
* Add write check for creating Commit status (#20332) (#20334)Gusted2022-07-121-1/+1
| | | | | | - Backport #20332 - Add write code checks for creating new commit status - Regression from #5314 - Resolves #20331
* Only show Followers that current user can access (#20220) (#20253)zeripath2022-07-062-9/+10
| | | | | | | | Backport #20220 Users who are following or being followed by a user should only be displayed if the viewing user can see them. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Check for permission when fetching user controlled issues (#20133) (#20196)Gusted2022-07-014-24/+45
| | | | | | | | | | | | | | | | | | | | | | | * Check if project has the same repository id with issue when assign project to issue * Check if issue's repository id match project's repository id * Add more permission checking * Remove invalid argument * Fix errors * Add generic check * Remove duplicated check * Return error + add check for new issues * Apply suggestions from code review Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: 6543 <6543@obermui.de>
* Release page show all tags in compare dropdown (#20070) (#20071)65432022-06-211-1/+8
| | | | | | | Backport #20070 Just get all tags when creating the compare dropdown. (Also updates the changelog.) Fix #19936
* fix permission check for delete tag (#19985) (#20001)a10121127962022-06-175-1/+38
| | | | | | | fix #19970 by the way, fix some error response about protected tags. Signed-off-by: a1012112796 <1012112796@qq.com>
* Fix raw endpoint PDF file headers (#19825) (#19826)Lauris BH2022-05-281-2/+6
|
* Prevent NPE when cache service is disabled (#19703) (#19783)zeripath2022-05-253-18/+27
| | | | | | | | | | | | | | | | Backport #19703 The cache service can be disabled - at which point ctx.Cache will be nil and the use of it will cause an NPE. The main part of this PR is that the cache is used for restricting resending of activation mails and without this we cache we cannot restrict this. Whilst this code could be re-considered to use the db and probably should be, I think we can simply disable this code in the case that the cache is disabled. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix NotificationUnreadCount (#19802)Lunny Xiao2022-05-251-1/+2
|
* Fix issue overview for teams (#19652) (#19653)Gusted2022-05-161-16/+3
| | | | | - Backport #19652 - Don't use hacky solution to limit to the correct RepoID's, instead use current code to handle these limits. The existing code is more correct than the hacky solution. - Resolves #19636
* Fix oauth setting list bug (#19681)Lunny Xiao2022-05-111-1/+1
|
* Fix new release from tags list UI (#19670) (#19673)Lunny Xiao2022-05-101-1/+3
|
* GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)singuliere2022-05-081-0/+3
| | | | | | | | | | | | | | | | Co-authored-by: Loïc Dachary <loic@dachary.org> (cherry picked from commit b536b65189319544939da9b6537919a4fc838d71) Conflicts: models/action_test.go The GetFeeds function does not have a Context argument in 1.16. models/action.go The SQL statement is essentially the same in 1.16 but structured differently. The Join() was copied and the created_unix field prefixed with `action`. models/action_list.go in 1.16 the loadRepoOwner method did not exist and it was done in the RetrieveFeeds method of web/feed/profile.go. The safeguard to skip when act.Repo == nil was moved there.
* Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)wxiaoguang2022-05-052-0/+4
|
* Fix sending empty notifications (#19589) (#19590)Gusted2022-05-021-1/+1
| | | | - Backport #19589 - Don't send empty notifications on read notifications API.
* Respect DefaultUserIsRestricted system default when creating new user ↵Jimmy Praet2022-04-307-39/+52
| | | | (#19310 ) (#19560)
* Don't error when branch's commit doesn't exist (#19547) (#19548)Gusted2022-04-291-8/+8
| | | | | - Backport #19547 - If one of the branches no longer exists, don't throw an error, it's possible that the branch was destroyed during the process. Simply skip it and disregard it. - Resolves #19541
* When view _Siderbar or _Footer, just display once (#19501) (#19522)Lunny Xiao2022-04-271-30/+51
| | | Co-authored-by: zeripath <art27@cantab.net>
* User specific repoID or xorm builder conditions for issue search (#19475) ↵65432022-04-253-11/+6
| | | | (#19476)
* Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)Gusted2022-04-221-4/+5
| | | | | | | | | * Mark TemplateLoading error as "UnprocessableEntity" (#19445) - Backport #19445 - Don't return Internal Server error if the user provide incorrect label template, instead return UnprocessableEntity. - Resolves #19399 - dep: upgrade: github.com/gogs/chardet
* Fix DELETE request for non-existent public key (#19443) (#19444)Gusted2022-04-201-4/+9
| | | | | | | | - Backport #19443 - Add a return for the first "block" of errors, which fixes the double error messages. - Add a return for `externallyManaged`. - Resolves #19398 Co-authored-by: 6543 <6543@obermui.de>
* Don't panic on `ErrEmailInvalid` (#19441) (#19442)Gusted2022-04-201-3/+10
| | | | | | | - Backport #19441 - Don't panic on `ErrEmailInvalid`, this was caused due that we were trying to force `ErrEmailCharIsNotSupported` interface, which panics. - Resolves #19397 Co-authored-by: 6543 <6543@obermui.de>
* When updating mirror repo intervals by API reschedule next update too ↵zeripath2022-04-202-28/+53
| | | | | | | | | | | | (#19429) (#19433) Backport #19429 When a mirror repo interval is updated by the UI it is rescheduled with that interval however the API does not do this. The API also lacks the enable_prune option. This PR adds this functionality in to the API Edit Repo endpoint. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix middleware function's placements for `/user/...` (#19377) (#19378)Gusted2022-04-121-3/+3
| | | | | - Backport #19377 - Add reqSignIn to `/user/task/{task}` as it specific to a logged in user currently not-logged in user could cause a NPE. - Remove `/user/active` reqSignIn middleware, because when you want to active a account you're not "signed in" so it doesn't make sense to add that middleware.
* Move checks for pulls before merge into own function (#19271) (#19277)65432022-03-312-177/+82
| | | | | | | | Backport #19271 Fix: * The API does ignore issue dependencies where Web does not * The API checks if "IsSignedIfRequired" where Web does not - UI probably do but nothing will some to craft custom requests * Default merge message is crafted a bit different between API and Web if not set on specific cases ...
* Granular webhook events in editHook (#19251) (#19257)John Olheiser2022-03-291-5/+16
| | | Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Only send webhook events to active system webhooks and only deliver to ↵zeripath2022-03-291-1/+2
| | | | | | | | | | | | | | | | | active hooks (#19234) (#19248) Backport #19234 There is a bug in the system webhooks whereby the active state is not checked when webhooks are prepared and there is a bug that deactivating webhooks do not prevent queued deliveries. * Only add SystemWebhooks to the prepareWebhooks list if they are active * At the time of delivery if the underlying webhook is not active mark it as "delivered" but with a failed delivery so it does not get delivered. Fix #19220 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix showing issues in your repositories (#18916) (#19191)65432022-03-241-14/+55
| | | | | | | - Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository. - Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options). - Resolves #18913 Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Fix compare link in active feeds for new branch (#19149) (#19185)zeripath2022-03-231-0/+7
| | | | | | | | | | | | | | | | | | | | | | | Backport #19149 When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly. Therefore when creating the compare link for new branches: 1. Attempt to get the parent of the first commit and use that as the basis for the compare link. 2. If this is not possible make a comparison to the default branch 3. Finally if that is not possible simply do not show a compare link. However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch. Fix #19144 Signed-off-by: a1012112796 <1012112796@qq.com> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: a1012112796 <1012112796@qq.com>
* Fix the bug: deploy key with write access can not push (#19010) (#19182)zeripath2022-03-234-43/+63
| | | | | | | | | Backport #19010 Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission. Fix #19009 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Clean paths when looking in Storage (#19124) (#19179)zeripath2022-03-231-16/+16
| | | | | | | | | | | | | | | | Backport #19124 * Clean paths when looking in Storage Ensure paths are clean for minio aswell as local storage. Use url.Path not RequestURI/EscapedPath in storageHandler. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv>
* Use the new/choose link for New Issue on project page (#19172) (#19176)zeripath2022-03-231-2/+9
| | | | | | | | | | | | | Backport #19172 Extend issues/new/choose to pass the project id and change New Issue link on project page to use new/choose Fix #19170 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Use custom favicon when viewing static files if it exists (#19130) (#19152)Abheek Dhawan2022-03-201-0/+5
| | | | | | | Redirect `/favicon.ico` to `/assets/img/favicon.png`. Fix #19109 Co-authored-by: zeripath <art27@cantab.net>
* Fix NPE /repos/issues/search when not signed in (#19154) (#19155)Gusted2022-03-201-5/+10
| | | | | | - Backport #19154 - Don't panic when on `/repos/issues/search?{created,assigned,mentioned,review_requested}=true` when client didn't pass any authentication. - Resolves #19115
* Fix wrong scopes caused by empty scope input (#19029) (#19145)zeripath2022-03-211-1/+13
| | | | Backport #19029 Fix #18972 Gitea prepends requested openid scope with + after updating authentication source
* Do not send notification emails to inactive users (#19131) (#19139)zeripath2022-03-191-1/+1
| | | | | | | | | | | | Backport #19131 Backport #19142 Emails should not be sent to inactive users except for Activate and ResetPassword messages. Fix #18950 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Do not send activation email if manual confirm is set (#19119) (#19122)zeripath2022-03-191-0/+6
| | | | | | | | | | | Backport #19119 If the mailer is configured then even if Manual confirm is set an activation email is still being sent because `handleUserCreated` is not checking for this case. Fix #17263 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle email address not exist (#19089) (#19121)Lunny Xiao2022-03-193-5/+6
| | | | | | | | | Backport #19089 * Handle email address not exist. (#19089) * Fix lint about strings.Title Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Restrict email address validation (#17688) (#19085)65432022-03-145-4/+16
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix lfs bug (#19072) (#19080)65432022-03-141-0/+13
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent 500 when there is an error during new auth source post (#19041) (#19059)zeripath2022-03-131-2/+2
| | | | | | | Backport #19041 Fix #19036 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ignore missing comment for user notifications (#18954) (#19043)zeripath2022-03-101-1/+1
|
* Refactor admin user filter query parameters (#18965) (#18975)Otto Richter (fnetX)2022-03-022-2/+11
| | | | | | Only pass `status_filter` on admin page Use a more general method to pass query parameters, remove hard-coded keys Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that ↵65432022-03-021-10/+25
| | | | case (#18897) (#18964)
* Send 404 on `/{org}.gpg` (#18959) (#18962)Gusted2022-03-011-2/+10
|
* Fix admin user list pagination (#18957) (#18960)Otto Richter (fnetX)2022-03-011-0/+1
|
* Fix page and missing return on unadopted repos API (#18848) (#18927)qwerty2872022-02-271-0/+4
| | | | | | | * Fix page and missing return on unadopted repos API Page must be 1 if it's not specified and it should return after sending an internal server error. * Allow ignore pages
* BeforeSourcePath should point to base commit (#18880)Jimmy Praet2022-02-251-2/+2
|
* Don't report signal: killed errors in serviceRPC (#18850) (#18865)zeripath2022-02-241-4/+5
| | | | | | | | | Backport #18850 Fix #18849 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-19 08:00:03 +0000