Follow #36058 for API edit user bug when editing email.
- The Admin Edit User API includes a breaking change. Previously, when
updating a user with an email from an unallowed domain, the request
would succeed but return a warning in the response headers. Now, the
request will fail and return an error in the response body instead.
- Removed `AdminAddOrSetPrimaryEmailAddress` because it will not be used
any where.
Fix https://github.com/go-gitea/gitea/pull/36058#issuecomment-3600005186
---------
Co-authored-by: Giteabot <teabot@gitea.io>
/claim #35898Resolves#35898
### Summary of key changes:
1. Add file name search/Go to file functionality to repo button row.
2. Add backend functionality to delete directory
3. Add context menu for directories with functionality to copy path & delete a directory
4. Move Add/Upload file dropdown to right for parity with Github UI
5. Add tree view to the edit/upload UI
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user
results in an error, even if the requester is an administrator. As far
as I can tell, this is a security feature, not architectural in nature,
as automatic account linking could be used to take control of another
user's account. This is not a concern for an administrator, who we
should trust to know what they are doing.
This patch allows admins, and only admins, to rename non-local users.
Fixes https://github.com/go-gitea/gitea/issues/18308 (sort of)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Permission & protection check:
- Fix Delete Release permission check
- Fix Update Pull Request with rebase branch protection check
- Fix Issue Dependency permission check
- Fix Delete Comment History ID check
Information leaking:
- Show unified message for non-existing user and invalid password
- Fix#35984
- Don't expose release draft to non-writer users.
- Make API returns signature's email address instead of the user
profile's.
Auth & Login:
- Avoid GCM OAuth2 attempt when OAuth2 is disabled
- Fix#35510
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* use a single function to do Action Tokens Permission checks
* allows easier customization
* add basic tests
* lfs file locks should work now
---------
Signed-off-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Fix incorrect column in `applySubscribedCondition`, add a test
2. Fix debian version parsing, add more tests fix#35695
3. Fix log level for HTTP errors, fix#35651
4. Fix abused "panic" handler in API `Migrate`
5. Fix the redirection from PR to issue, add a test
6. Fix Actions variable & secret name validation, add more tests
* envNameCIRegexMatch is unnecessary, removed
* validating in "delete" function doesn't make sense, removed
7. Fix incorrect link in release email
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Fix the swagger documentation for the `diffpatch` API endpoint,
and fix the wrong API path caused by a refactoring change.
Closes#35602
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Allows users to specify a "force" option in API /contents routes when
modifying files in a new branch. When "force" is true, and the branch
already exists, a force push will occur provided the branch does not
have a branch protection rule that disables force pushing.
This is useful as a way to manage a branch remotely through only the
API. For example in an automated release tool you can pull commits,
analyze, and update a release PR branch all remotely without needing to
clone or perform any local git operations.
Resolve#35538
---------
Co-authored-by: Rob Gonnella <rob.gonnella@papayapay.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Partially fix#32018
`git config` and `git remote` write operations create a temporary file
named `config.lock`. Since these operations are not atomic, they must
not be run in parallel. If two requests attempt to modify the same
repository concurrently—such as during a compare operation—one may fail
due to the presence of an existing `config.lock` file.
In cases where `config.lock` is left behind due to an unexpected program
exit, a global lock mechanism could allow us to safely remove the stale
lock file when a related error is detected. While this behavior is not
yet implemented in this PR, it is planned for a future enhancement.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
similar to how we can enable/disable repos or issues on a repo add the
code unit as option to it.
affects
```
PATCH /repos/{owner}/{repo}
```
---
*Sponsored by Kithara Software GmbH*
Issue: https://github.com/go-gitea/gitea/issues/9637
Changes introduced: I have clarified the problematic terms (owner and
parent) in all affected endpoints.
The changes were made to relevant:
- HTTP endpoint parameters' descriptions
- response/request models' fields
This MR is big, but most changes are the same. If you'd like me to break
this MR into several smaller ones, let me know :)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Change the OpenAPI response of `ListWorkflowRuns` to `WorkflowRunsList`
like it is supposed to be.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This PR fixes the response format for the OpenAPI Spec of
`ActionsListRepositoryWorkflows`.
It was specified in the OpenAPI spec as returning a `[]*ActionWorkflow`,
but it actually should return a `api.ActionWorkflowResponse`.
The test already expects an `api.ActionWorkflowResponse` like expected.
Issue: [link](https://github.com/go-gitea/gitea/issues/9637)
Changes introduced: I have clarified the problematic terms (`login`,
`login_name`, and `username`) in all affected endpoints.
The changes were made to relevant:
- HTTP endpoint parameters' descriptions
- response/request models' fields
enable nolintlint scope requirement
add comments to new directives so it's more obvious why they are in
place
---
I can also toggle the mandatory comments on if that's something of
interest.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Follow up the "editor" refactor, use the same approach to simplify code,
and fix some docs & comments
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
This PR fixes a state de-synchronization bug with the issue stopwatch,
it resolves the issue by replacing the ambiguous `/toggle` endpoint
with two explicit endpoints: `/start` and `/stop`.
- The "Start timer" button now exclusively calls the `/start` endpoint.
- The "Stop timer" button now exclusively calls the `/stop` endpoint.
This ensures the user's intent is clearly communicated to the server,
eliminating the state inconsistency and fixing the bug.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
