Commit Graph

155 Commits

Author SHA1 Message Date
qwerty287 8eb1cd9264
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints

You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.

This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.

Closes #17728

Co-authored-by: 6543 <6543@obermui.de>
2022-04-28 17:45:33 +02:00
parnic 2347c9ebbe
Allow commit status popup on /pulls page (#19507)
* Allow commit status popup on /pulls page

The /pulls page doesn't contain a "repository" element, so the early-out here was preventing the commit status popup hook from working. However, the only thing the .repository element is being used for here is determining whether the popup should be on the right or on the left, so we don't actually need the element to exist for the hook to work.

Pull request #19375 allows the statuses on /pulls pages to appear clickable, but this commit is required to make the popup actually work there.

* Move commit statuses popup hook to dedicated func

* Add missing import
2022-04-26 21:09:46 +02:00
Lunny Xiao 03eba32bd9
Add a new menu in file view to open blame view and fix blame view select range bug (#19500) 2022-04-26 13:54:40 +03:00
wxiaoguang fef26c159c
Fix two UI bugs: JS error in imagediff.js, 500 error in diff/compare.tmpl
Co-authored-by: 6543 <6543@obermui.de>
2022-04-26 11:14:01 +08:00
Gusted 4e912a61c8
Improve Stopwatch behavior (#18930)
- Don't send empty stopwatch over and over again, only send once.
- Stop interval to update stopwatch's timer when there is no more stopwatch.
2022-04-25 22:45:22 +02:00
Lunny Xiao 783a021889
Never use /api/v1 from Gitea UI Pages (#19318)
Reusing `/api/v1` from Gitea UI Pages have pros and cons.
Pros:
1) Less code copy

Cons:
1) API/v1 have to support shared session with page requests.
2) You need to consider for each other when you want to change something about api/v1 or page.

This PR moves all dependencies to API/v1 from UI Pages.

Partially replace #16052
2022-04-07 20:59:56 +02:00
wxiaoguang 5b7466053d
Skip frontend ROOT_URL check on installation page, remove unnecessary global var (#19291)
Skip `checkAppUrl` message on installation page because the ROOT_URL is not determined yet
Move global var `supportedDbTypeNames` into `install.Init` as a local var
2022-04-01 16:00:26 +08:00
wxiaoguang 2bce1ea986
Show messages for users if the ROOT_URL is wrong, show JavaScript errors (#18971)
* ROOT_URL issues: some users did wrong to there app.ini config, then:
    * The assets can not be loaded (AppSubUrl != "" and users try to access http://host:3000/)
    *The ROOT_URL is wrong, then many URLs in Gitea are broken.
Now Gitea show enough information to users.

* JavaScript error issues, there are many users affected by JavaScript errors, some are caused by frontend bugs, some are caused by broken customized templates. If these JS errors can be found at first time, then maintainers do not need to ask about how bug occurs again and again.

* Some people like to modify the `head.tmpl`, so we separate the script part to `head_script.tmpl`, then it's much safer.

* use specialized CSS class "js-global-error", end users still have a chance to hide error messages by customized CSS styles.
2022-03-30 13:52:24 +08:00
wxiaoguang d4c789dfc1
Refactor repo clone button and repo clone links, fix JS error on empty repo page (#19208)
The last PR about clone buttons introduced an JS error when visiting an empty repo page:
* https://github.com/go-gitea/gitea/pull/19028
* `Uncaught ReferenceError: isSSH is not defined`, because the variables are scoped and doesn't share between sub templates.

This:
1. Simplify `templates/repo/clone_buttons.tmpl` and make code clear
2. Move most JS code into `initRepoCloneLink`
3. Remove unused `CloneLink.Git`
4. Remove `ctx.Data["DisableSSH"] / ctx.Data["ExposeAnonSSH"] / ctx.Data["DisableHTTP"]`, and only set them when is is needed (eg: deploy keys / ssh keys)
5. Introduce `Data["CloneButton*"]` to provide data for clone buttons and links
6. Introduce `Data["RepoCloneLink"]` for the repo clone link (not the wiki)
7. Remove most `ctx.Data["PageIsWiki"]` because it has been set in the `/wiki` middleware
8. Remove incorrect `quickstart` class in `migrating.tmpl`
2022-03-29 05:21:30 +02:00
Roger Luo bbce905b6a
Feature: show issue assignee on project board (#15232)
* Show assignees in project boards.
2022-03-09 00:42:28 +08:00
wxiaoguang 3e28fa72ce
Fix EasyMDE error when input Enter (#19004)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-06 01:53:34 +08:00
wxiaoguang 997deecbfa
Fix the editor height in review box (#19003)
Fix the height problem in  https://github.com/go-gitea/gitea/pull/18862#issuecomment-1059329539

I have tested this fix.

# Screenshots

### Min-height

<img width="1138" alt="image" src="https://user-images.githubusercontent.com/2114189/156811831-93d4d31a-1b0a-4c4c-a7b4-fafc706133d6.png">

### Max-height

<img width="1126" alt="image" src="https://user-images.githubusercontent.com/2114189/156811889-10ae41de-c63b-45e7-9d89-21a1ed29e58b.png">
2022-03-04 20:57:26 +00:00
silverwind 329b959160
Remove CodeMirror dependencies (#18911)
EasyMDE already loads all the modes and plugins it needs, so there is no reason for neither the webpack dependency nor the vendored copy
2022-02-26 23:47:52 +08:00
Kyle D f7085f718b
Set max text height to prevent overflow (#18862)
Sets a max height for review text boxes to prevent a very annoying bug where users cannot access the "submit" button.

Before:
![image](https://user-images.githubusercontent.com/12700993/155253001-e1dab086-aaf3-4338-889d-6a861728274a.png)

After:
![image](https://user-images.githubusercontent.com/12700993/155253144-5b9a3547-9582-412f-867f-41a45a14a0fe.png)

Interestingly, I don't see this bug on Firefox.
2022-02-23 20:17:14 +00:00
CommanderRoot 1ab88da0e4
Replace deprecated String.prototype.substr() with String.prototype.slice() (#18796)
String.prototype.substr() is deprecated (see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substr) so we replace it with the slice() method which works similarily but isn't deprecated.

Signed-off-by: Tobias Speicher <rootcommander@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-18 14:50:36 +08:00
Jimmy Praet 9444135ff5
Fix source code line highlighting (#18729)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-02-12 05:00:24 +00:00
Sven Seeberg 832ce406ae
Add LDAP group sync to Teams, fixes #1395 (#16299)
* Add setting for a JSON that maps LDAP groups to Org Teams.
* Add log when removing or adding team members.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.
* Adding and removing team members.
* Sync not existing LDAP group.
* Login with broken group map JSON.
2022-02-11 22:24:58 +08:00
zeripath eb748f5f3c
Add apply-patch, basic revert and cherry-pick functionality (#17902)
This code adds a simple endpoint to apply patches to repositories and
branches on gitea. This is then used along with the conflicting checking
code in #18004 to provide a basic implementation of cherry-pick revert.

Now because the buttons necessary for cherry-pick and revert have 
required us to create a dropdown next to the Browse Source button
I've also implemented Create Branch and Create Tag operations.

Fix #3880 
Fix #17986 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-09 20:28:55 +00:00
zeripath 2f76608221
Prevent security failure due to bad APP_ID (#18678)
WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-09 15:37:58 +08:00
confusedsushi f6f4e1ddb9
Fix review excerpt (#18502)
Currently the "File Changed" tab of a PR is somehow broken. This is also true for the current release 1.16.0.

When you are on the "File Changed" tab, and want to look at code excerpt before or after the code changes, the layout breaks. You can test this on try.gitea.io here: https://try.gitea.io/testnotexisting/magic_enum/pulls/2/files

The problem occurs for the unified view and for the split view.

Kind of the same problem was there for commenting a line of code, this was fixed in #18321 and #18403.

For consistency, I changed the solution of #18321, I removed the ``colspan`` and instead added a ``<td>``. The goal was to have code similarly with the split view.

Also the separator line in the split view was in the wrong column, this was fixed too.* more consistent unified review comment

Fix #18516

Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-02-01 19:08:33 +00:00
silverwind 19b017f398
Use explicit jQuery import, remove unused eslint globals (#18435)
- Don't rely on globals (window.$) for jQuery import
- Remove eslint globals no longer in use
2022-01-28 21:00:11 +00:00
zeripath 93250bfe27
Place inline diff comment dialogs on split diff in 4th and 8th columns (#18403)
Fix #18391
Fix #18320

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-25 12:18:30 +00:00
wxiaoguang 9837773f0e
Prevent showing webauthn error for every time visiting `/user/settings/security` (#18385) 2022-01-24 14:57:01 -05:00
wxiaoguang 84f8ef3df6
Fix PR comments UI (#18323)
Closes:
* Review comment cannot be edited #17768
* Changing PR Comment Resolved State Disables Further Changes #18315
2022-01-19 01:28:38 +08:00
wxiaoguang 11b4827791
Make the height of the editor in Review Box smaller (4 lines as GitHub) (#18319)
And shrink the height of Dropzone.
2022-01-19 00:57:57 +08:00
JonRB 483409716d
Place inline diff comment dialogs in the 4th column. (#18321)
Comment dialogs for inline comments should appear in 4th column (not 3rd column), this PR changes the column that the inline review comment is associated with.

This problem has occurred due to an unrecognised conflict between #17562 and #17315. 

Fix as zeripath suggested in #18320

Fix #18320 

Co-authored-by: zeripath <art27@cantab.net>
2022-01-18 10:28:45 +00:00
wxiaoguang 4d0a72a271
Revert "Prevent possible XSS when using jQuery (#18289)" (#18293)
This reverts commit 661d3d28e9.
2022-01-16 11:19:26 +00:00
Gusted 661d3d28e9
Prevent possible XSS when using jQuery (#18289)
In the case of misuse or misunderstanding from a developer whereby,
if `sel` can receive user-controlled data, jQuery `$(sel)` can lead to the
creation of a new element. Current usage is using hard-coded selectors
in the templates, but nobody prevents that from expanding to
user-controlled somehow.
2022-01-16 13:14:32 +08:00
zeripath d7c2a2951c
Webauthn nits (#18284)
This contains some additional fixes and small nits related to #17957 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-15 17:52:56 +01:00
Lunny Xiao 35c3553870
Support webauthn (#17957)
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-14 16:03:31 +01:00
wxiaoguang 70d7475356
Fix EasyMDE image paste bug during refactoring (#18207) 2022-01-08 21:33:32 +08:00
silverwind 3dbdf36d95
Fix CSS specificity issue with easymde's css (#18201)
* Fix CSS specificity issue with easymde's css

PR #18069 introduced a regression in certain overwritten editor styles
because the dynamic loading of easymde.min.css causes its's style to
apply after our supposed override styles.

Solve this by bundling the styles into index.css. We should later aim to
completely replace easymde.min.css completely with our own styles so there
are no more conflicts.

* Update web_src/js/features/comp/EasyMDE.js

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-07 16:41:31 +08:00
zeripath 21ed4fd8da
Add warning for BIDI characters in page renders and in diffs (#17562)
Fix #17514

Given the comments I've adjusted this somewhat. The numbers of characters detected are increased and include things like the use of U+300 to make à instead of à and non-breaking spaces.

There is a button which can be used to escape the content to show it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Gwyneth Morgan <gwymor@tilde.club>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-07 02:18:52 +01:00
wxiaoguang a38ba634a4
Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)
This PR makes frontend load EasyMDE/CodeMirror dynamically, and removes `RequireEasyMDE`.
2022-01-05 13:17:25 +01:00
wxiaoguang 48aab263d1
Fix EasyMDE validation (#18161) 2022-01-03 17:53:53 +01:00
Gusted 496acbe9e5
Require codereview to have content (#18156)
- Report a validityError when the codeReview have no comment.
- Resolves #18151
- Refactor
2022-01-02 23:31:03 +01:00
wxiaoguang 0a9fcf63a4
Clean legacy SimpleMDE code (#17926)
Since we are using EasyMDE now, we do not need to keep the SimpleMDE code anymore.

This PR removes all legacy SimpleMDE code, and makes some related changes:
* `createCommentEasyMDE` can accept native DOM element, and it doesn't need `jQuery.data` to store EasyMDE editor object (as discussed about the frontend guideline).
* introduce `getAttachedEasyMDE` to get the attached EasyMDE editor object, it's easier to find all the usage of EasyMDE.
* rename variable names from `$simplemde` to `easyMDE`, the `$` was incorrect because it is a EasyMDE editor, not a jQuery object.

With this PR, it will be easier to do more refactoring or replacing EasyMDE with other editors.
2021-12-10 10:51:27 +08:00
Anbraten 0ff18a808c
Support sorting for project board issuses (#17152)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-08 14:57:18 +08:00
wxiaoguang 4cbe792562
Remove unnecessary `X-Remote` HTTP header in AJAX request (#17932) 2021-12-08 14:18:07 +08:00
wxiaoguang a6f961fba4
Refactor install page (db type) (#17919)
* Refactor install page (db type)

* set correct default DB HOST for different DB TYPE
* remove legacy TiDB from documents
* unify the usage of DB TYPE, in code we only use "mysql". "MySQL" is only shown to users for friendly name.

* Gitea can use TiDB via MySQL protocol

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-07 13:44:08 +08:00
Gusted 9d6208965c
Fix loading content history on show more (#17819)
* Fix loading content history on show more

- Call `initRepoIssueContentHistory` so that the newly loaded issues
also get their content history.
- Resolves #17767

* apply history to show diff too

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-12-06 11:57:51 +08:00
silverwind f7094c8161
Update JS dependencies, adjust eslint config (#17904)
- Update all JS dependencies to latest versions
- Add new lint rules, enable es2022 eslint parser features
- Disable github/no-then, I feel the rule was too restricting
2021-12-04 14:43:14 +08:00
KN4CK3R fbf3208229
Added missing `data-` prefix. (#17884) 2021-12-03 00:36:00 +08:00
fnetX (aka fralix) 830ab75ce0
Switch archive URL code back to href attributes (#17796)
* Add fallback href link
* Switch async archive generation to use href links
* Edit all templates to use href instead of data-url for archives
* Add consistent rel="nofollow" as per wxiaoguang
2021-11-29 21:50:43 +08:00
silverwind 9450410ff7
Improve ellipsis buttons (#17773)
* Improve ellipsis buttons

- Remove icon font usage
- Add aria-expanded attribute

* rename function to match

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-11-22 21:44:38 -05:00
Jimmy Praet a3efd048a7
Improvements to content history (#17746)
* Improvements to content history

* initialize content history when making an edit to an old item created before the introduction of content history
* show edit history for code comments on pull request files tab

* Fix a flaw in keepLimitedContentHistory
Fix a flaw in keepLimitedContentHistory, the first and the last should never be deleted

* Remove obsolete eager initialization of content history
2021-11-22 20:20:16 +08:00
wxiaoguang 49b2cb998b
Fix project board bug and improve documents (#17753)
* the project board was broken, this PR fixes it, and refactor the code, and we prevent the uncategorized column from being dragged.
* improve the frontend guideline (as discussed in https://github.com/go-gitea/gitea/pull/17699)
2021-11-22 19:40:17 +08:00
silverwind a159c3175f
Add new JS linter rules (#17699)
* Add new JS linter rules

Adds a few useful rules from eslint-plugin-github. Notable changes:

- Forbid dataset usage, its camel-casing behaviour makes it hard to
  grep for attributes.
- Forbid .then() and .catch(), we should generally prefer await for new
  code. For rare cases where they are useful, a eslint-disable-line
  directive can be set.
- Add docs js to linting

* also enable github/array-foreach

* small tweak

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-22 16:19:01 +08:00
zeripath 8511eec4d4
Allow Loading of Diffs that are too large (#17739)
* Allow Loading of Diffs that are too large

This PR allows the loading of diffs that are suppressed because the file
is too large. It does not handle diffs of files which have lines which
are too long.

Fix #17738

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-22 00:51:08 +08:00
zeripath 0d69e64e03
Make a.add-code-comment click handler an event handler (#17737)
Instead of directly attaching the add-code-comment on click handler to
the a.add-code-comment elements - make this an event handler on the
document instead.

Fix #17736

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 20:12:59 +08:00