Show Signer in commit lists and add basic trust (#10425) (#10524)
Backport #10425
Backport #10511
* Show Signer in commit lists and add basic trust (#10425)
Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.
Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Fix the signing icon in the view_list.tmpl page (#10511)
Co-Authored-By: silverwind <me@silverwind.io>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Change admin dashboard to POST (#10465)
* Add form and convert to POST
* Redirect for flash
* Convert octicons back to fa for 1.11
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Change action GETs to POST
* submite = submit + smite
* No more # href
* Fix test
* Match other tests
* Explicit csrf
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Fix wrong hint when status checking is running on pull request view (#9886) (#9928)
* Fix wrong hint when status checking is running on pull request view
* fix lint
* fix test
* fix test
* fix wrong tmpl
* fix import
* rename function name
Fix wrong permissions check when issues/prs shared operations (#9885) (#9889)
* Fix wrong permissions check when issues/prs shared operations
* move redirect to the last of the function
* fix swagger
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix push-to-create
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Check URL path and service
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Send dummy payload on receive-pack GET
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* The space was actually a NUL byte
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Use real bare repo instead of manufactured payload
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Branches not at ref commit ID should not be listed as Merged (#9614)
Once a branch has been merged if the commit ID no longer equals that of
the pulls ref commit id don't offer to delete the branch on the pull screen
and don't list it as merged on branches.
Fix #9201
When looking at the pull page we should also get the commits from the refs/pulls/x/head
Fix #9158
Only serve attachments when linked to issue/release and if accessible by user (#9340)
* test: add current attachement responses
* refactor: check if attachement is linked and accessible by user
* chore: clean TODO
* fix: typo attachement -> attachment
* revert un-needed go.sum change
* refactor: move models logic to models
* fix TestCreateIssueAttachment which was wrongly successful
* fix unit tests with unittype added
* fix unit tests with changes
* use a valid uuid format for pgsql int. test
* test: add unit test TestLinkedRepository
* refactor: allow uploader to access unlinked attachement
* add missing blank line
* refactor: move to a separate function repo.GetAttachment
* typo
* test: remove err test return
* refactor: use repo perm for access checking generally + 404 for all reject
Fix #9189 - API Allow only specific Colums to be updated on Issue (#9539)
* dont insert "-1" in any case to issue.poster_id
* Make sure API cant override importand fields
* code format
* fix lint
* WIP test
* add missing poster_id
* fix test
* user.IsGhost handle nil
* CI.restart()
* make sure no -1 is realy added
* CI.restart()
* @lunny suggestion remove some not allowed fields
* seperate issue.LoadMilestone
* load milestone and return it on IssueEdit via API
* extend Test for TestAPIEditIssue
* fix fixtures
* declare allowedColumnsUpdateIssueByAPI only once
* Update Year
* no var just write id drecty into func cal
Co-authored-by: Lauris BH <lauris@nix.lv>