* Protect against NPEs in notifications list (#10879)
Unfortunately there appears to be potential race with notifications
being set before the associated issue has been committed.
This PR adds protection in to the notifications list to log any failures
and remove these notifications from the display.
References #10815 - and prevents the panic but does not completely fix
this.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add log import
* Update models/notification.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix panic in API pulls when headbranch does not exist (#10676)
Backport #10676
* Fix panic in API pulls when headbranch does not exist
* refix other reference to plumbing.ErrReferenceNotFound
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
Co-Authored-By: Lauris BH <lauris@nix.lv>
Backport #10425
Backport #10511
* Show Signer in commit lists and add basic trust (#10425)
Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.
Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Fix the signing icon in the view_list.tmpl page (#10511)
Co-Authored-By: silverwind <me@silverwind.io>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Change admin dashboard to POST (#10465)
* Add form and convert to POST
* Redirect for flash
* Convert octicons back to fa for 1.11
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Change action GETs to POST
* submite = submit + smite
* No more # href
* Fix test
* Match other tests
* Explicit csrf
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Fix wrong hint when status checking is running on pull request view
* fix lint
* fix test
* fix test
* fix wrong tmpl
* fix import
* rename function name
* Fix wrong permissions check when issues/prs shared operations
* move redirect to the last of the function
* fix swagger
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix push-to-create
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Check URL path and service
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Send dummy payload on receive-pack GET
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* The space was actually a NUL byte
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Use real bare repo instead of manufactured payload
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Once a branch has been merged if the commit ID no longer equals that of
the pulls ref commit id don't offer to delete the branch on the pull screen
and don't list it as merged on branches.
Fix#9201
When looking at the pull page we should also get the commits from the refs/pulls/x/head
Fix#9158
* test: add current attachement responses
* refactor: check if attachement is linked and accessible by user
* chore: clean TODO
* fix: typo attachement -> attachment
* revert un-needed go.sum change
* refactor: move models logic to models
* fix TestCreateIssueAttachment which was wrongly successful
* fix unit tests with unittype added
* fix unit tests with changes
* use a valid uuid format for pgsql int. test
* test: add unit test TestLinkedRepository
* refactor: allow uploader to access unlinked attachement
* add missing blank line
* refactor: move to a separate function repo.GetAttachment
* typo
* test: remove err test return
* refactor: use repo perm for access checking generally + 404 for all reject