* fix org visibility bug
* fix permission check
* add integration tests
* fix tests
* change test user name for easier maintainance and fix test
* fix test git repo name
* Use PathUnescape instead of QueryUnescape when working with branch names
Currently branch names with a '+' fail in certain situations because
QueryUnescape replaces the + character with a blank space.
Using PathUnescape should be better since it is defined as:
// PathUnescape is identical to QueryUnescape except that it does not
// unescape '+' to ' ' (space).
Fixes#6333
* Change error to match new function name
* Add new util function PathEscapeSegments
This function simply runs PathEscape on each segment of a path without
touching the forward slash itself. We want to use this instead of
PathEscape/QueryEscape in most cases because a forward slash is a valid name for a
branch etc... and we don't want that escaped in a URL.
Putting this in new file url.go and also moving a couple similar
functions into that file as well.
* Use EscapePathSegments where appropriate
Replace various uses of EscapePath/EscapeQuery with new
EscapePathSegments. Also remove uncessary uses of various
escape/unescape functions when the text had already been escaped or was
not escaped.
* Reformat comment to make drone build happy
* Remove no longer used url library
* Requested code changes
* Fix ParsePatch to work properly with quoted diff --git string
Currently ParsePatch fails when a diff contains a quoted diff line like:
diff --git "a/file" "b/file"
This patch makes it properly parse the line when that happens.
Fixes#6309
* Add test for regular case while here
* Simplify string modification
In #6211, we started creating repo_redirects for ownership transfers,
however that opens an edge case where a user might perform the
following sequence:
rename org1/repo1 -> org1/repo2 (creates org1/repo1 redirect)
transfer org2/repo1 -> org1/repo1 (org1/repo1 redirect continues to exist)
rename org1/repo1 -> org1/repo3 (fails due to existing org1/repo1 redirect)
This change ensures that each time we rename or transfer a repo,
we delete any existing redirects at the target location. This
already happens when a new repo is created. By doing this we ensure
that we'll never have both a repo and a redirect at the same location.
Signed-off-by: James E. Blair <jeblair@redhat.com>
* Show email if the authenticated user owns the profile page being
requested for.
Also removed `setting.UI.ShowUserEmail` as it's documentation says it
only controls the email setting on the explore page
* fix current user check... This prevents a panic as a user must be signed in before ctx.User is called
* fix panic in tests
* try to fix tests
* Update year
* Test CI fail
* Revert change
* User 3 is not allowed to authorize
* Set user2 email to be private
* Change to user4 in explore page as user2 now has private email option set
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview
* Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles
* Move branch checkout functions out of repo_editor.go as they are no longer used there
* BUGFIX: The default permissions should be 100644
This is a change from the previous code but is more in keeping
with the default behaviour of git.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Standardise cleanUploadFilename to more closely match git
See verify_path in: 7f4e641693/read-cache.c (L951)
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Redirect on bad paths
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor to move the uploading functions out to a module
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add LFS support
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update upload.go attribution header
Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution.
* Delete upload files after session committed
* Ensure that GIT_AUTHOR_NAME etc. are valid for git
see #5774
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add in test cases per @lafriks comment
* Add space between gitea and github imports
Signed-off-by: Andrew Thornton <art27@cantab.net>
* more examples in TestCleanUploadName
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix formatting
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Set the SSH_ORIGINAL_COMMAND to ensure hooks are run
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch off SSH_ORIGINAL_COMMAND
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixes#5957
* add tests to make sure config option is respected
* use already defined struct
* - use migration to make the flag repo wide not for the entire gitea instance
Also note that the config value can still be set so as to be able to control the value for new repositories that are to be created
- fix copy/paste error in copyright header year and rearrange import
- use repo config instead of server config value to determine if a commit should close an issue
- update testsuite
* use global config only when creating a new repository
* allow repo admin toggle feature via UI
* fix typo and improve testcase
* fix fixtures
* add DEFAULT prefix to config value
* fix test
* Fix serving of raw wiki files other than .md
Closes#4690.
Closes#4395.
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Simplify code at routers/repo/wiki.go
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add more files to user2/repo1.wiki for testing
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Update macaron to v1.3.2
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add tests for WikiRaw
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Fix NewResponseWriter usage due to macaron update
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add raw to reserved wiki names
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Don't display buttons if there are no notices
* clear stopwatch on merging a PR
* remove redundant gt check
* use ctx.Flash as per @bkcsoft comment
* stop timer on closing issues/PRs too
* updated translation as per review
* redirect to login page after successfully activating account
* remove unrelated changes
* stop timer for issues that are closed via commits too..Not just the 'close' UI button
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix#1357
Lunny Xiao