It was possible to hijack attachments during update and create functions
to another owner as permissions to check they weren't already attached
to another resource and wasn't checked if it belonged to the repository
that was being operated on.
`Option[T]` currently exposes a method `Value()` which is permitted to be called on an option that has a value, and an option that doesn't have a value. This API is awkward because the behaviour if the option doesn't have a value isn't clear to the caller, and, because almost all accesses end up being `.Has()?` then `OK, use .Value()`.
`Get() (bool, T)` is added as a better replacement, which both returns whether the option has a value, and the value if present. Most call-sites are rewritten to this form.
`ValueOrZeroValue()` is a direct replacement that has the same behaviour that `Value()` had, but describes the behaviour if the value is missing.
In addition to the current API being awkward, the core reason for this change is that `Value()` conflicts with the `Value()` function from the `driver.Valuer` interface. If this interface was implemented, it would allow `Option[T]` to be used to represent a nullable field in an xorm bean struct (requires: https://code.forgejo.org/xorm/xorm/pulls/66).
_Note:_ changes are extensive in this PR, but are almost all changes are easy, mechanical transitions from `.Has()` to `.Get()`. All of this work was performed by hand.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*
The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11218
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Adds a new button on the right side of the label's filter menu items to explicitly exclude labels.
The new button is reachable with the keyboard by using the vertical arrow keys to reach the label you want to exclude and then the horizontal arrow keys to select the exclusion button.
The new button will only be visible when hovering the menu item or reaching it with the keyboard.
Adjusted the alignment of labels when at least one label is selected so that users can clearly discern which labels are selected or not.
Resolves#3302
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10702
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Luis <luis@adame.dev>
Co-committed-by: Luis <luis@adame.dev>
Fixes#10155
When participants are displayed, don't include those that only have made a pending review. Those should not yet be revealed as participants.
Apart from adding automated tests, this is the manual verification process I've followed:
1. Set up three users
2. User 1 creates a repository, then creates a pull request adding a new file
3. User 2 creates a new code comment but doesn't not publish the review, shows as pending.
4. User 3 creates a new code comment and publishes the review.
5. From everyone's perspective the number of participants is: 2. And, the participants displayed in the list are 1 and 3. User 2, which hasn't yet published the review is not displayed.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10528
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: luisadame <luisadame@noreply.codeberg.org>
Co-committed-by: luisadame <luisadame@noreply.codeberg.org>
- Create `modules/testimport/import.go` to centralize blank import needed for tests (in order to run the `init` function) to simplify maintenance.
- Remove the imports that are not needed.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10662
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
API call `GET /repos/{owner}/{repo}/issues/{index}/times` has no defined ordering implemented in it, causing PostgreSQL to have intermittent test failures on `TestAPIGetTrackedTimes` which expected records to be returned in ID order. ID order is reasonable enough, so this PR adds that ordering.
Fixes#10577.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10588
Reviewed-by: Cyborus <cyborus@disroot.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Closes#9129. I decided to try myself in contributing to Forgejo after having found this bug mentioned on Fedi.
I have also added a basic test for this behaviour, but this means that this PR adds a SHA-256 repo to the fixture set, so it can be reused in other tests.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10309
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nikita Karamov <me@kytta.dev>
Co-committed-by: Nikita Karamov <me@kytta.dev>
Closes#10078 and includes another small improvement (for comments and issues/PRs the title from report/s details page already included the poster name; now it will clickable, opening the poster profile page).
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10194
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
This PR migrates the unmaintaiend `lib/pq` library to `jackc/pgx`, which is the de-facto standard lib in go for postgres connections these days.
Some implementation notes:
We register both `pgx` and `postgresschema` driver names (for backward comp). We can't register `postgres` as this one is still used by `lib/pq` imported by `go-chi/session`, which is in use when users go for the "postgres" session type in the "Session config.
It is questionable if anyone is really using the "postgres" driver option in the session config - but for consistency, it would be good to also migrate to `pgx` there, especially as the code lives within Forgejo under [go-chi/session](https://code.forgejo.org/go-chi/session).
`pgx` supports multi-host notation in the connection string. New tests have been added therefore.
`pgx` also allows for connection string parameters such as `?default_query_exec_mode=simple_protocol`. This should possibly allow running with `pgbouncer` "transaction" mode instead of "session", which could substantially enhance Postgres query handling.
## Checklist
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10219
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
To make sure that the code stays maintainable, I added the `importas` linter to ensure that the imports for models and services stay consistent.
I realised that this might be needed after finding some discrepancies between singular/plural naming, and, especially in the case of the `forgejo.org/services/context` package, multiple different aliases like `gitea_ctx`, `app_context` and `forgejo_context`. I decided for `app_context`, as that seems to be the most commonly used naming.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10253
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: nachtjasmin <nachtjasmin@posteo.de>
Co-committed-by: nachtjasmin <nachtjasmin@posteo.de>
This resolves#10057 by showing a list of links to pull requests with the head branch being the one just pushed.
Since there may be multiple pull requests with different base branches, we find all of them and print them.
Here is a comparison table for pushing to the `feature` branch when having 2 pull requests: `feature -> dev`, and `feature -> prod`. `main` being the default branch.
## Before
remote:
remote: Create a new pull request for 'feature':
remote: http://localhost:3000/user1/repo1/compare/main...feature
remote:
## After
remote:
remote: Create a new pull request for 'feature':
remote: http://localhost:3000/user1/repo1/compare/main...feature
remote: Visit the existing pull requests:
remote: http://localhost:3000/user1/repo1/pulls/1 merges into dev
remote: http://localhost:3000/user1/repo1/pulls/3 merges into prod
remote:
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10079
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Calixte Pernot <cpernot@praksys.net>
Co-committed-by: Calixte Pernot <cpernot@praksys.net>
Although #9922 was deployed to Codeberg, it was reported on Matrix that a user observed a `-1` pull request count.
@Gusted checked and verified that the stats stored in redis appeared incorrect, and that no errors occurred on Codeberg that included the repo ID (eg. deadlocks, SQL queries).
```
127.0.0.1:6379> GET Repo:CountPulls:924266
"1"
127.0.0.1:6379> GET Repo:CountPullsClosed:924266
"2"
```
One possible cause is that when `UpdateRepoIssueNumbers` is invoked and invalidates the cache key for the repository, it is currently in a transaction; the next request for that cached count could be computed before the transaction is committed and the update is visible. It's been verified that `UpdateRepoIssueNumbers` is called within a transaction in most interactions (I put a panic in it if `db.InTransaction(ctx)`, and most related tests failed).
This PR fixes that hole by performing the cache invalidation in an `AfterTx()` hook which is invoked after the transaction is committed to the database.
(Another possible cause is documented in #10127)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10130
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Fixes [#3525](https://codeberg.org/forgejo/forgejo/issues/3525) and supersedes [#9586](https://codeberg.org/forgejo/forgejo/pulls/9586)
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/9829): <!--number 9829 --><!--line 0 --><!--description Y2hvcmU6IFJlbW92ZSBJc0RlbGV0ZWQgZnJvbSBhY3Rpb24gKGFjdGl2aXR5KSB0YWJsZQ==-->chore: Remove IsDeleted from action (activity) table<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9829
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Leni Kadali <lenikadali@noreply.codeberg.org>
Co-committed-by: Leni Kadali <lenikadali@noreply.codeberg.org>
Continuing the pattern from #9868, fixes another deadlock discovered in synthetic testing of #9785. This modifies the `milestone` table to have the `num_issues`, `num_closed_issues`, and `completeness` statistics be calculated asynchronously.
An optional `updateTimestamp` field was added to the stats queue to support the conditional updating of the milestone's modification date, retaining existing functionality.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9916
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
The intent of this change is to reduce the scope of deadlock issues identified in #9785. I've identified other deadlock issues from synthetic testing, so this is not a complete fix, but it's a partial fix. This design was discussed in #9785 and this is the most basic implementation, with a very small scope of work converted to use it.
Introduces a new `forgejo.org/services/stats` module which allows for the queuing and routing of recalc requests for object stats; in this case, the "number of issues" that are assigned to a label, and the number of closed issues that are assigned to a label.
The reasons that these calculations are performed asynchronously through a queue are:
- User operations that are common and performance-sensitive don't have to wait for recalculations that don't need to be exactly up-to-date at all times. For example, merging a pull request will be a faster operation; as it closes an issue, it needs to recalculate `label.num_closed_issues` for every label attached to the PR.
- Database deadlocks that can occur between concurrent operations -- for example, if you were holding a lock on an issue while recalculating a label's count of open issues -- can be broken by making the recalculation occur outside of the transaction.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
- Internal developer documentation is present.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9868
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Adds foreign keys to the table pull_request which are covered by the doctor's db consistency check:
- issue_id -> issue
- base_repo_id -> repository
Note that other fields that look like references -- `head_repo_id` and `merger` -- are not covered by the db consistency check and therefore out-of-scope for the first phase of foreign keys. They're on my list for future more detailed evaluation.
In addition to running automated tests (and making a few tweaks to get them to pass), I performed manual testing of:
- Deleting the base repo of a pull request -- the repo is deleted without error and the pull request is deleted as well.
- Deleting the issue behind a PR via an issue delete API call -- this code-path handles deleting a PR correctly.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9832
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Fixes#9693.
Image contents are not part of automated testing, so I manually tested this by:
- Mutating the `created` field to `NULL` for a target card, verifying image generated without a cache
- Double-checking by mutating the `created_unix` field for a target card, verifying image generated to correct updated date (checking my cache busting)
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9705
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Adds four foreign keys:
- stopwatch -- issue_id -> issue, user_id -> user
- tracked_time -- issue_id -> issue, user_id -> user
The majority of work encompassed in this PR is updating testing and support infrastructure to support foreign keys:
- `models/db/foreign_keys.go` adds new capabilities to sort registered tables into the right insertion order to avoid violating foreign keys
- `RecreateTables`, used by migration testing and the `doctor recreate-table` CLI, has been updated to support tables with foreign keys; new restrictions require that FK-related tables be rebuilt at the same time
- test fixture data is inserted in foreign-key order, and deleted in the reverse
An upgrade to xorm v1.3.9-forgejo.2 is incorporated in this PR, as two unexpected behaviors in the foreign key schema management were discovered during development of the updated `RecreateTables` routine.
Work in this PR is laid out to be reviewed easier commit-by-commit.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9373
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Do not display the title of unsubscribed issues or pull requests in the notification web page . The title of some random issues or pull requests from repositories were accidentally displayed in the notifications of a user. It was a rare occurrence, caused by an incorrect comparison of two unrelated unique identifiers that are unlikely to match (the id of the notification and the id of a repository). If the issue or the pull request belonged to a private repository to which the user had no read access, only the title was leaked. The user was denied permission to view the issue or the pull request when clicking on the link displayed in the notifications web page.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/9362): <!--number 9362 --><!--line 0 --><!--description RG8gbm90IGRpc3BsYXkgdGhlIHRpdGxlIG9mIHVuc3Vic2NyaWJlZCBpc3N1ZXMgb3IgcHVsbCByZXF1ZXN0cyBpbiB0aGUgbm90aWZpY2F0aW9uIHdlYiBwYWdlIC4gVGhlIHRpdGxlIG9mIHNvbWUgcmFuZG9tIGlzc3VlcyBvciBwdWxsIHJlcXVlc3RzIGZyb20gcmVwb3NpdG9yaWVzIHdlcmUgYWNjaWRlbnRhbGx5IGRpc3BsYXllZCBpbiB0aGUgbm90aWZpY2F0aW9ucyBvZiBhIHVzZXIuIEl0IHdhcyBhIHJhcmUgb2NjdXJyZW5jZSwgY2F1c2VkIGJ5IGFuIGluY29ycmVjdCBjb21wYXJpc29uIG9mIHR3byB1bnJlbGF0ZWQgdW5pcXVlIGlkZW50aWZpZXJzIHRoYXQgYXJlIHVubGlrZWx5IHRvIG1hdGNoICh0aGUgaWQgb2YgdGhlIG5vdGlmaWNhdGlvbiBhbmQgdGhlIGlkIG9mIGEgcmVwb3NpdG9yeSkuIElmIHRoZSBpc3N1ZSBvciB0aGUgcHVsbCByZXF1ZXN0IGJlbG9uZ2VkIHRvIGEgcHJpdmF0ZSByZXBvc2l0b3J5IHRvIHdoaWNoIHRoZSB1c2VyIGhhZCBubyByZWFkIGFjY2Vzcywgb25seSB0aGUgdGl0bGUgd2FzIGxlYWtlZC4gVGhlIHVzZXIgd2FzIGRlbmllZCBwZXJtaXNzaW9uIHRvIHZpZXcgdGhlIGlzc3VlIG9yIHRoZSBwdWxsIHJlcXVlc3Qgd2hlbiBjbGlja2luZyBvbiB0aGUgbGluayBkaXNwbGF5ZWQgaW4gdGhlIG5vdGlmaWNhdGlvbnMgd2ViIHBhZ2Uu-->Do not display the title of unsubscribed issues or pull requests in the notification web page . The title of some random issues or pull requests from repositories were accidentally displayed in the notifications of a user. It was a rare occurrence, caused by an incorrect comparison of two unrelated unique identifiers that are unlikely to match (the id of the notification and the id of a repository). If the issue or the pull request belonged to a private repository to which the user had no read access, only the title was leaked. The user was denied permission to view the issue or the pull request when clicking on the link displayed in the notifications web page.<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9362
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
- Because we wish to show the status of the old and new commit of a force push, ignore that the commit doesn't exist and return a commit with only its ID filled. This is enough to still show the CI status of this commit although the commit itself is no longer reachable.
- Add unit test.
- Add integration test.
- Resolvesforgejo/forgejo#9250
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Print out a list of all unused msgids
Handle Go files that make calls to translation.
Handle `models/unit/unit.go`, which stores msgids in `$Unit.NameKey`
Handle .locale.Tr in templates
Handle simple dynamically constructed `Tr("msgid-prefix." + SomeFunctionCall())`.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8736
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Ellen Εμιλία Άννα Zscheile <fogti+devel@ytrizja.de>
Co-committed-by: Ellen Εμιλία Άννα Zscheile <fogti+devel@ytrizja.de>
If a change is part of a force-push and the commit(s) have a CI status, this will now be shown after the hashes.
`interactiveBorder` has been lowered as it was possible to activate the hover state for both commits. It would be unreasonable to test this within Playwright and thus this needs to be manually tested. On a pull request page that contains a force-push you will notice:
a) the (de)activation area for force-pushes is now smaller, and;
b) it is not possible to activate the hover state/popup for both commits.
ExecuteTemplate function from @gusted
https://codeberg.org/forgejo/forgejo/pulls/5168https://codeberg.org/forgejo/forgejo/pulls/2884Close#4932
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8655
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Squel <squeljur+git@gmail.com>
Co-committed-by: Squel <squeljur+git@gmail.com>
- Add links to review request targets in issue comments
- Fix links to ghost users/orgs/teams to be empty
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8239
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
- Implementation of milestone 5. from **Task F. Moderation features: Reporting** (part of [amendment of the workplan](https://codeberg.org/forgejo/sustainability/src/branch/main/2022-12-01-nlnet/2025-02-07-extended-workplan.md#task-f-moderation-features-reporting) for NLnet 2022-12-035):
`5. Forgejo admins can see a list of reports`
There is a lot of room for improvements, but it was decided to start with a basic version so that feedback can be collected from real-life usages (based on which the UI might change a lot).
- Also covers milestone 2. from same **Task F. Moderation features: Reporting**:
`2. Reports from multiple users are combined in the database and don't create additional reports.`
But instead of combining the reports when stored, they are grouped when retrieved (it was concluded _that it might be preferable to take care of the deduplication while implementing the admin interface_; see https://codeberg.org/forgejo/forgejo/pulls/7939#issuecomment-4841754 for more details).
---
Follow-up of !6977
### See also:
- forgejo/design#30
---
This adds a new _Moderation reports_ section (/admin/moderation/reports) within the _Site administration_ page, where administrators can see an overview with the submitted abuse reports that are still open (not yet handled in any way). When multiple reports exist for the same content (submitted by distinct users) only the first one will be shown in the list and a counter can be seen on the right side (indicating the number of open reports for the same content type and ID). Clicking on the counter or the icon from the right side will open the details page where a list with all the reports (when multiple) linked to the reported content is available, as well as any shadow copy saved for the current report(s).
The new section is available only when moderation in enabled ([moderation] ENABLED config is set as true within app.ini).
Discussions regarding the UI/UX started with https://codeberg.org/forgejo/design/issues/30#issuecomment-2908849
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7905
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: jerger <jerger@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
Follow-up of !6977
### Manual testing
- User **S** creates an organization **O** and posts a comment **C** (on a random issue);
- User **R** report as abuse the comment **C**, the organization **O** as well as the user **S**;
- User **S** changes the content of comment **C** and the description of organization **O** as well as the description of their own profile;
- Check (within DB) that shadow copies are being created (and linked to corresponding abuse reports) for comment **C**, organization **O** and user **S** and the content is the one from the moment when the reports were submitted (therefore before the updates made by **S**).
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8533
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
Fixes#8491.
Previous behavior always updated the newly created review to set the `official` flag to false. This logic is now removed.
The most likely reason that this logic existed was that team reviews were being marked as official based upon `doer`, rather than the target team, which seems undesirable. The expected behavior was retained by removing the check for `IsOfficialReviewer(..., doer)`, ensuring that when making a review request for a team, it doesn't matter *who* makes the request.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8511
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Fixes#8329
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
### Documentation
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8330
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Co-authored-by: floss4good <floss4good@disroot.org>
Co-committed-by: floss4good <floss4good@disroot.org>
add links to the comments that appear in issue when changing milestones and projects
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7992
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
## Checklist
- [x] go to the last cherry-pick PR (forgejo/forgejo#7965) to figure out how far it went: [gitea@9d4ebc1f2c](9d4ebc1f2c)
- [x] cherry-pick and open PR (forgejo/forgejo#8040)
- [ ] have the PR pass the CI
- end-to-end (specially important if there are actions related changes)
- [ ] add `run-end-to-end` label
- [ ] check the result
- [ ] write release notes
- [ ] assign reviewers
- [ ] 48h later, last call
- merge 1 hour after the last call
## Legend
- ❓ - No decision about the commit has been made.
- 🍒 - The commit has been cherry picked.
- ⏩ - The commit has been skipped.
- 💡 - The commit has been skipped, but should be ported to Forgejo.
- ✍️ - The commit has been skipped, and a port to Forgejo already exists.
## Commits
- 🍒 [`gitea`](50d9565088) -> [`forgejo`](c3e6eab732) Add sort option recentclose for issues and pulls ([gitea#34525](https://github.com/go-gitea/gitea/pull/34525))
## TODO
- 💡 [`gitea`](d5bbaee64e) Retain issue sort type when a keyword search is introduced ([gitea#34559](https://github.com/go-gitea/gitea/pull/34559))
UI: Small bat might be nice. Test needed? Do we've frontend tests covering the search?
------
- 💡 [`gitea`](82ea2387e4) Always use an empty line to separate the commit message and trailer ([gitea#34512](https://github.com/go-gitea/gitea/pull/34512))
Needs merge
------
- 💡 [`gitea`](74858dc5ae) Fix line-button issue after file selection in file tree ([gitea#34574](https://github.com/go-gitea/gitea/pull/34574))
Frontend: Makes it sense to pick/port ui logic in *.ts files?
------
- 💡 [`gitea`](7149c9c55d) Fix doctor deleting orphaned issues attachments ([gitea#34142](https://github.com/go-gitea/gitea/pull/34142))
Doctor: seems useful.
------
- 💡 [`gitea`](0cec4b84e2) Fix actions skipped commit status indicator ([gitea#34507](https://github.com/go-gitea/gitea/pull/34507))
Actions: Might benefit from additional tests.
------
- 💡 [`gitea`](4cb0c641ce) Add "View workflow file" to Actions list page ([gitea#34538](https://github.com/go-gitea/gitea/pull/34538))
Actions: Needs tests
------
- 💡 [`gitea`](b0936f4f41) Do not mutate incoming options to RenderUserSearch and SearchUsers ([gitea#34544](https://github.com/go-gitea/gitea/pull/34544))
Nice refactoring but needs manual merge.
------
- 💡 [`gitea`](498088c053) Add webhook assigning test and fix possible bug ([gitea#34420](https://github.com/go-gitea/gitea/pull/34420))
Integrationtest has conflicts needs merge.
------
- 💡 [`gitea`](24a51059d7) Fix possible nil description of pull request when migrating from CodeCommit ([gitea#34541](https://github.com/go-gitea/gitea/pull/34541))
Is this relevant to forgejo? Did not find the place to apply this small change.
------
- 💡 [`gitea`](688da55f54) Split GetLatestCommitStatus as two functions ([gitea#34535](https://github.com/go-gitea/gitea/pull/34535))
Merge required.
------
- 💡 [`gitea`](ab9691291d) Don't display error log when .git-blame-ignore-revs doesn't exist ([gitea#34457](https://github.com/go-gitea/gitea/pull/34457))
Unsure wheter this affects forgejo. Tests missing.
------
- 💡 [`gitea`](11ee7ff3bf) fix: return 201 Created for CreateVariable API responses ([gitea#34517](https://github.com/go-gitea/gitea/pull/34517))
Actions: This is marked as breaking the api. Pls think about whether this breaking change iss needed & how this impact api-version-increase.
The corresponding clinet change can be found here: https://gitea.com/gitea/go-sdk/pulls/713/files
------
- 💡 [`gitea`](9b295e984a) Actions list ([gitea#34530](https://github.com/go-gitea/gitea/pull/34530))
Actions: Regression from https://github.com/go-gitea/gitea/pull/34337 Part of https://codeberg.org/forgejo/forgejo/pulls/7909
------
## Skipped
- ⏩ [`gitea`](bb6377d080) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](07d802a815) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](c6e2093f42) Clean up "file-view" related styles ([gitea#34558](https://github.com/go-gitea/gitea/pull/34558))
- gitea ui specific specific
------
- ⏩ [`gitea`](9f10885b21) Refactor commit reader ([gitea#34542](https://github.com/go-gitea/gitea/pull/34542))
- gitea refactor specific
------
<details>
<summary><h2>Stats</h2></summary>
<br>
Between [`gitea@9d4ebc1f2c`](9d4ebc1f2c) and [`gitea@d5bbaee64e`](d5bbaee64e), **18** commits have been reviewed. We picked **1**, skipped **4**, and decided to port **13**.
</details>
Co-authored-by: Markus Amshove <scm@amshove.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8040
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
See https://codeberg.org/forgejo/forgejo/pulls/4801#issuecomment-5094525 and #8152 for more context.
The current implementation is limited to self-hosted actions and buggy as soon as multiple repos are involved, like for the homepage (because each permission must be fetched individually).
Ideally this feature should work for all kind of status (with some setting indicating which collaborator can access with status). Probably inside the `git_model.ParseCommitsWithStatus` function.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8177
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
- If a review was requested from a deleted team, use the ghost team for the comment aggregator.
- ResolvesCodeberg/Community#1952
- Unit test added.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7987
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
The only parameter that is ever used is a single directory, make it that only instead of a more complex option structure.
Remove tests.AddFixtures that was the simpler form because it is now redundant.
---
Backporting to v11.0 will help with automated backporting of bug fixes in need of custom made fixtures.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7648
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- Consider the following scenario: a private repository in an organization with a team that has no specific access to that repository. Members of that team are still able to visit the repository because of entries in the `access` table.
- Consider this specific scenario for the gathering of issues for project tables.
- Unit test added
- Resolvesforgejo/forgejo#7217
- Ref: forgejo/forgejo#6843
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
- The security patch of forgejo/forgejo#6843 fixed the issue where project boards loaded all issues without considering if the doer actually had permission to view that issue. Within that patch the call to `Issues` was modified to include this permission checking.
- The query being generated was not entirely correct. Issues in public repositories weren't considered correctly (partly the fault of not setting `AllPublic` unconditionally) in the cause an authenticated user loaded the project.
- This is now fixed by setting `AllPublic` unconditionally and subsequently fixing the `Issue` function to ensure that the combination of setting `AllPublic` and `User` generates the correct query, by combining the permission check and issues in public repositories as one `AND` query.
- Added unit testing.
- Added integration testing.
- ResolvesCodeberg/Community#1809
- Regression of https://codeberg.org/forgejo/forgejo/pulls/6843
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7143
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Closes: https://codeberg.org/forgejo/forgejo/issues/6042
Continuation of: https://codeberg.org/forgejo/forgejo/pulls/6284
Replaces: https://codeberg.org/forgejo/forgejo/pulls/6285
Context: https://codeberg.org/forgejo/forgejo/pulls/6284#issuecomment-2518599
Create a new type of comment: `CommentTypeAggregator`
Replaces the grouping of labels and review request in a single place: the comment aggregator
The whole list of comments is "scanned", if they can get aggregated (diff of time < 60secs, same poster, open / close issue, add / del labels, add /del review req), they are added to the aggregator.
Once needed, the list of all the aggregated comments are replaced with a single aggregated comment containing all the data required.
In templates, have a specific HTML rendering part for the comment aggregator, reuse the same rendering as with the other types of comments.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6523
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Litchi Pi <litchi.pi@proton.me>
Co-committed-by: Litchi Pi <litchi.pi@proton.me>
