Commit Graph

3278 Commits

Author SHA1 Message Date
Gusted 6162fb0a19
Check for permission when fetching user controlled issues (#20133) (#20196)
* Check if project has the same repository id with issue when assign project to issue

* Check if issue's repository id match project's repository id

* Add more permission checking

* Remove invalid argument

* Fix errors

* Add generic check

* Remove duplicated check

* Return error + add check for new issues

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
2022-07-01 17:39:10 +02:00
6543 51db7b03dd
Release page show all tags in compare dropdown (#20070) (#20071)
Backport #20070 

Just get all tags when creating the compare dropdown. (Also updates the changelog.)
Fix #19936
2022-06-21 19:09:24 +01:00
a1012112796 4b7f0c6c38
fix permission check for delete tag (#19985) (#20001)
fix #19970

by the way, fix some error response about protected tags.

Signed-off-by: a1012112796 <1012112796@qq.com>
2022-06-17 22:52:47 +01:00
Lauris BH 0e9499ada7
Fix raw endpoint PDF file headers (#19825) (#19826) 2022-05-28 18:40:03 +03:00
zeripath ccc11c1e77
Prevent NPE when cache service is disabled (#19703) (#19783)
Backport #19703

The cache service can be disabled - at which point ctx.Cache will be nil
and the use of it will cause an NPE.

The main part of this PR is that the cache is used for restricting
resending of activation mails and without this we cache we cannot
restrict this. Whilst this code could be re-considered to use the db and
probably should be, I think we can simply disable this code in the case
that the cache is disabled.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-05-25 19:49:59 +08:00
Lunny Xiao 336e1ac779
Fix NotificationUnreadCount (#19802) 2022-05-25 07:38:21 +03:00
Gusted 38acce2f3f
Fix issue overview for teams (#19652) (#19653)
- Backport #19652
  - Don't use hacky solution to limit to the correct RepoID's, instead use current code to handle these limits. The existing code is more correct than the hacky solution.
  - Resolves #19636
2022-05-16 17:48:16 +08:00
Lunny Xiao 4386eb751f
Fix oauth setting list bug (#19681) 2022-05-11 21:05:58 +08:00
Lunny Xiao d6aab069ed
Fix new release from tags list UI (#19670) (#19673) 2022-05-10 22:55:28 +02:00
singuliere 0a2d618d85
GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)
Co-authored-by: Loïc Dachary <loic@dachary.org>
(cherry picked from commit b536b65189)

Conflicts:
        models/action_test.go
	  The GetFeeds function does not have a Context argument in 1.16.
	models/action.go
	  The SQL statement is essentially the same in 1.16 but
	  structured differently. The Join() was copied and the
   	  created_unix field prefixed with `action`.
	models/action_list.go
	  in 1.16 the loadRepoOwner method did not exist and
	  it was done in the RetrieveFeeds method of web/feed/profile.go.
          The safeguard to skip when act.Repo == nil was moved there.
2022-05-08 15:05:40 +02:00
wxiaoguang 46637b1164
Call MultipartForm.RemoveAll when request finishes (#19606) (#19607) 2022-05-05 16:13:59 +02:00
Gusted 82f24bedc2
Fix sending empty notifications (#19589) (#19590)
- Backport #19589
  - Don't send empty notifications on read notifications API.
2022-05-02 21:28:12 -05:00
Jimmy Praet 7c0bf06d96
Respect DefaultUserIsRestricted system default when creating new user (#19310 ) (#19560) 2022-04-30 15:00:14 +02:00
Gusted 0d196e29e8
Don't error when branch's commit doesn't exist (#19547) (#19548)
- Backport #19547
  - If one of the branches no longer exists, don't throw an error, it's possible that the branch was destroyed during the process. Simply skip it and disregard it.
  - Resolves #19541
2022-04-29 12:25:19 +02:00
Lunny Xiao 8ff542c1a2
When view _Siderbar or _Footer, just display once (#19501) (#19522)
Co-authored-by: zeripath <art27@cantab.net>
2022-04-27 14:04:53 +02:00
6543 8d7f1e430a
User specific repoID or xorm builder conditions for issue search (#19475) (#19476) 2022-04-25 15:28:47 +02:00
Gusted 1f0dca4614
Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)
* Mark TemplateLoading error as "UnprocessableEntity" (#19445)

- Backport #19445
  - Don't return Internal Server error if the user provide incorrect label template, instead return UnprocessableEntity.
  - Resolves #19399

- dep: upgrade: github.com/gogs/chardet
2022-04-22 21:07:57 +02:00
Gusted 0c7bf6801f
Fix DELETE request for non-existent public key (#19443) (#19444)
- Backport #19443
  - Add a return for the first "block" of errors, which fixes the double error messages.
  - Add a return for `externallyManaged`.
  - Resolves #19398

Co-authored-by: 6543 <6543@obermui.de>
2022-04-20 23:24:56 +01:00
Gusted 5863f7e048
Don't panic on `ErrEmailInvalid` (#19441) (#19442)
- Backport #19441
  - Don't panic on `ErrEmailInvalid`, this was caused due that we were trying to force `ErrEmailCharIsNotSupported` interface, which panics.
  - Resolves #19397

Co-authored-by: 6543 <6543@obermui.de>
2022-04-20 23:24:07 +01:00
zeripath 08eecba32b
When updating mirror repo intervals by API reschedule next update too (#19429) (#19433)
Backport #19429

When a mirror repo interval is updated by the UI it is rescheduled with that interval
however the API does not do this. The API also lacks the enable_prune option.

This PR adds this functionality in to the API Edit Repo endpoint.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-04-20 16:04:26 +02:00
Gusted ee3a21a537
Fix middleware function's placements for `/user/...` (#19377) (#19378)
- Backport #19377
  - Add reqSignIn to `/user/task/{task}` as it specific to a logged in user currently not-logged in user could cause a NPE.
  - Remove `/user/active` reqSignIn middleware, because when you want to active a account you're not "signed in" so it doesn't make sense to add that middleware.
2022-04-12 11:06:07 +08:00
6543 123c254b84
Move checks for pulls before merge into own function (#19271) (#19277)
Backport #19271

Fix:
* The API does ignore issue dependencies where Web does not
* The API checks if "IsSignedIfRequired" where Web does not - UI probably do but nothing will some to craft custom requests
* Default merge message is crafted a bit different between API and Web if not set on specific cases ...
2022-03-31 16:57:13 +02:00
John Olheiser 3ecd520f8e
Granular webhook events in editHook (#19251) (#19257)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2022-03-29 18:26:51 +02:00
zeripath e9935d358c
Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248)
Backport #19234

There is a bug in the system webhooks whereby the active state is not checked when
webhooks are prepared and there is a bug that deactivating webhooks do not prevent
queued deliveries.

* Only add SystemWebhooks to the prepareWebhooks list if they are active
* At the time of delivery if the underlying webhook is not active mark it
as "delivered" but with a failed delivery so it does not get delivered.

Fix #19220

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-29 14:12:56 +02:00
6543 42229dc0b8
Fix showing issues in your repositories (#18916) (#19191)
- Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository.
- Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options).
- Resolves #18913

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2022-03-24 00:36:38 +01:00
zeripath 6fc73a8433
Fix compare link in active feeds for new branch (#19149) (#19185)
Backport #19149

When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly.

Therefore when creating the compare link for new branches:

1. Attempt to get the parent of the first commit and use that as the basis
for the compare link.
2. If this is not possible make a comparison to the default branch
3. Finally if that is not possible simply do not show a compare link.

However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch.

Fix #19144

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
2022-03-23 19:04:50 +00:00
zeripath 93feb1a666
Fix the bug: deploy key with write access can not push (#19010) (#19182)
Backport #19010

Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission.

Fix #19009

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-23 13:44:41 +00:00
zeripath d21b7fd3af
Clean paths when looking in Storage (#19124) (#19179)
Backport #19124

* Clean paths when looking in Storage

Ensure paths are clean for minio aswell as local storage.

Use url.Path not RequestURI/EscapedPath in storageHandler.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-03-23 09:23:00 +00:00
zeripath 4b7cb813e6
Use the new/choose link for New Issue on project page (#19172) (#19176)
Backport #19172

Extend issues/new/choose to pass the project id and change New Issue
link on project page to use new/choose

Fix #19170

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-23 09:41:12 +08:00
Abheek Dhawan 1aa5dc75df
Use custom favicon when viewing static files if it exists (#19130) (#19152)
Redirect `/favicon.ico` to `/assets/img/favicon.png`.

Fix #19109

Co-authored-by: zeripath <art27@cantab.net>
2022-03-20 20:28:35 -04:00
Gusted ee234aff61
Fix NPE /repos/issues/search when not signed in (#19154) (#19155)
- Backport #19154

  - Don't panic when on `/repos/issues/search?{created,assigned,mentioned,review_requested}=true` when client didn't pass any authentication.
  - Resolves #19115
2022-03-20 22:42:31 +01:00
zeripath a3f3e310fb
Fix wrong scopes caused by empty scope input (#19029) (#19145)
Backport #19029
Fix #18972 Gitea prepends requested openid scope with + after updating authentication source
2022-03-21 03:13:18 +08:00
zeripath 45c836badc
Do not send notification emails to inactive users (#19131) (#19139)
Backport #19131
Backport #19142

Emails should not be sent to inactive users except for Activate and ResetPassword
messages.

Fix #18950

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-19 18:33:32 +00:00
zeripath 5bb0c92b6c
Do not send activation email if manual confirm is set (#19119) (#19122)
Backport #19119

If the mailer is configured then even if Manual confirm is set an activation email
is still being sent because `handleUserCreated` is not checking for this case.

Fix #17263

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-19 14:20:42 +00:00
Lunny Xiao 79a5e68816
Handle email address not exist (#19089) (#19121)
Backport #19089

* Handle email address not exist. (#19089)

* Fix lint about strings.Title

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-03-19 11:35:23 +00:00
6543 1cb649525d
Restrict email address validation (#17688) (#19085)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-14 20:51:58 +01:00
6543 99861e3e06
Fix lfs bug (#19072) (#19080)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-14 15:59:54 +01:00
zeripath 4df2320ba6
Prevent 500 when there is an error during new auth source post (#19041) (#19059)
Backport #19041

Fix #19036

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-13 03:42:31 +01:00
zeripath 4047c5c068
Ignore missing comment for user notifications (#18954) (#19043) 2022-03-10 01:48:27 -05:00
Otto Richter (fnetX) 578f19a682
Refactor admin user filter query parameters (#18965) (#18975)
Only pass `status_filter` on admin page
Use a more general method to pass query parameters, remove hard-coded keys

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-02 19:57:18 +01:00
6543 f9b6404950
Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897) (#18964) 2022-03-02 07:22:02 -06:00
Gusted 52517e3e23
Send 404 on `/{org}.gpg` (#18959) (#18962) 2022-03-01 20:37:47 -05:00
Otto Richter (fnetX) 36e96e3481
Fix admin user list pagination (#18957) (#18960) 2022-03-01 23:00:03 +00:00
qwerty287 054bc55a1c
Fix page and missing return on unadopted repos API (#18848) (#18927)
* Fix page and missing return on unadopted repos API

Page must be 1 if it's not specified and it should return after sending an internal server error.

* Allow ignore pages
2022-02-27 20:18:23 +08:00
Jimmy Praet 6f21a94d18
BeforeSourcePath should point to base commit (#18880) 2022-02-25 14:45:20 +08:00
zeripath 9d9ccdbe43
Don't report signal: killed errors in serviceRPC (#18850) (#18865)
Backport #18850

Fix #18849

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-24 16:59:50 +08:00
zeripath 81b29d6263
Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
Backport #18680

Following the merging of #17811 teams can now have differing write and readonly permissions, however the assignee list will not include teams which have mixed perms.

Further the org sidebar is no longer helpful as it can't describe these mixed permissions situations.

Fix #18572

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-24 09:22:46 +08:00
Wim 36148ed083
Show fullname on issue edits and gpg/ssh signing info (#18828)
Co-authored-by: zeripath <art27@cantab.net>
2022-02-20 21:47:17 +00:00
Lunny Xiao ad789542b8
Fix template bug of LFS lock (#18784) (#18787)
Backport #18784 

Fix #18782
2022-02-16 17:16:04 +00:00
zeripath c8f3672a88
Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) (#18737)
Backport #18713

Move setting PullRequestWorkInProgressPrefixes to the start of PrepareViewPullInfo.

Fix #18706

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-12 12:55:34 +00:00