Commit graph

12 commits

Author SHA1 Message Date
Earl Warren 337f4f9d87
Rename Str2html to SanitizeHTML and clarify its behavior (followup) (take 2)
In
  801792e4dc Rename Str2html to SanitizeHTML and clarify its behavior (followup)
the replacement was incorrect because
  c9d0e63c20  Remove unnecessary "Str2html" modifier from templates
was not applied and Str2html should have not been present in the first
place.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3554
2024-05-13 17:05:03 +02:00
Gergely Nagy a5c038f5e8
Add a release note for #3464
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-10 09:39:52 +02:00
Gergely Nagy 9cb2aa989a
Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-09 18:33:33 +02:00
Gergely Nagy f4dd53d79d Fix an incorrect form submission in repo-issue.js (#3675)
This fixes `initRepoPullRequestAllowMaintainerEdit()` to submit the form correctly (as a web form, rather than as JSON payload).

Fixes #3618, cherry picked from gitea#30854.

Co-Authored-By: wxiaoguang <wxiaoguang@gmail.com>

---

Manual testing steps:

- Open a PR against any repository, with the "Allow edits from maintainers" option checked.
- Open the developer console (`Ctrl-Shift-I` on Firefox), and look at the Network tab.
- Visit the PR, find the "Allow edits from maintainers" checkbox, and click it.
- See the developer console, and check that the response says the setting is false.
- Refresh the page *completely* (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is off.
- Click the box again to enable it.
- See the developer console, and check that the response says the setting is true.
- Reload without cache again (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is now on.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3675
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-08 21:14:46 +00:00
Earl Warren a050b546b9
[skip ci] docs(release-notes): 7.0.2 2024-05-01 14:22:18 +02:00
Gergely Nagy 632a274b8f
Fix Issue watching / unwatching on the web ui
When subscribing or unsubscribing to/from an issue on the web ui, the
request was posted to a route handled by `repo.IssueWatch`. This
function used `ctx.Req.PostForm.Get()`, erroneously.

`request.PostForm` is *only* available if `request.ParseForm()` has been
called before it. The function in question did not do that. Under some
circumstances, something, somewhere did end up calling `ParseForm()`,
but not in every scenario.

Since we do not need to check for multiple values, the easiest fix here
is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if
necessary.

Fixes #3516.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 11:04:54 +02:00
Gergely Nagy 0d029ebe6d
Fix git_model.FindBranchesByRepoAndBranchName
When a logged in user with no repositories visits their dashboard, it will
display a search box that lists their own repositories.

This is served by the `repo.SearchRepos` handler, which in turn calls
`commitstatus_service.FindReposLastestCommitStatuses()` with an empty
repo list.

That, in turn, will call `git_model.FindBranchesByRepoAndBranchName()`,
with an empty map. With no map, `FindBranchesByRepoAndBranchName()` ends
up querying the entire `branch` table, because no conditions were set
up.

Armed with a gazillion repo & commit shas, we return to
`FindReposLastestCommitStatuses`, and promptly call
`git_model.GetLatestCommitStatusForPairs`, which constructs a monstrous
query with so many placeholders that the database tells us to go
somewhere else, and flips us off. At least on instances the size of
Codeberg. On smaller instances, it will eventually return, and throw
away all the data, and return an empty set, having performed all this
for naught.

We fix this by short-circuiting `FindBranchesByRepoAndBranchName`, and
returning fast if our inputs are empty.

A test case is included.

Fixes #3521.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 00:34:39 +02:00
Beowulf 34134df3a7
added release notes 2024-04-30 12:05:22 +02:00
Earl Warren 4da76d0e5f Merge pull request 'fix(Dockerfile.rootless): revert to default path for app.ini' (#3363) from gmask/forgejo:fix/container-app-ini-variable into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3363
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-26 22:36:33 +00:00
Earl Warren a5df622099
docs(release-notes): 7.0.1 2024-04-27 00:31:22 +02:00
Gerard Salvatella dad16cd589 fix(Dockerfile.rootless): revert to default path for app.ini
The current path of the `$GITEA_APP_INI` configuration file makes the
forgejo application reset every time the container is restarted, unless
a specific volume for this file is created. Consider the following:

* This quirk is not documented
* All configuration data resides in `/var/lib/gitea`
* The custom configuration path defaults to `/var/lib/gitea/custom/conf`
  (see `forgejo -h`)
* Containers mounting the volume `-v /foo/bar:/var/lib/gitea` already
  have this file available to modify. Another volume shouldn't be
  required
* Containers using named volumes can use `docker cp` to modify the file
  inside the volume, if desired

For these reasons, it makes more sense to use the default path for
`$GITEA_APP_INI` rather than require users to create a dedicated volume
for the file. Revert it back to its default while maintaining backwards
compatibility (users can update by simply moving the file to the new
path).
2024-04-26 21:30:10 +02:00
Earl Warren 127eff49ee docs(release-notes): split items in files to avoid conflicts (#3452)
I thought there would be conflicts but that they would not be so difficult to manage. Worst idea I had this week. Change to @oliverpool idea instead.

> Instead of documenting the release notes in the issue, why not in the codebase?
>
> For instance in [go](https://cs.opensource.google/go/go/+/master:doc/README.md) there is a `doc/next` folder where you add `<pr-number>.md` files which document each pr.
>
> Before the release, a script takes all those files to generate the changelog.
>
> Having them as a file tracked by git, makes them easy to review and to programmatically handle.

Refs: https://codeberg.org/forgejo/discussions/issues/155#issuecomment-1787013
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3452
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2024-04-26 08:26:33 +00:00