Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints
You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.
This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.
Closes#17728
Co-authored-by: 6543 <6543@obermui.de>
* Team permission allow different unit has different permission
* Finish the interface and the logic
* Fix lint
* Fix translation
* align center for table cell content
* Fix fixture
* merge
* Fix test
* Add deprecated
* Improve code
* Add tooltip
* Fix swagger
* Fix newline
* Fix tests
* Fix tests
* Fix test
* Fix test
* Max permission of external wiki and issues should be read
* Move team units with limited max level below units table
* Update label and column names
* Some improvements
* Fix lint
* Some improvements
* Fix template variables
* Add permission docs
* improve doc
* Fix fixture
* Fix bug
* Fix some bug
* fix
* gofumpt
* Integration test for migration (#18124)
integrations: basic test for Gitea {dump,restore}-repo
This is a first step for integration testing of DumpRepository and
RestoreRepository. It:
runs a Gitea server,
dumps a repo via DumpRepository to the filesystem,
restores the repo via RestoreRepository from the filesystem,
dumps the restored repository to the filesystem,
compares the first and second dump and expects them to be identical
The verification is trivial and the goal is to add more tests for each
topic of the dump.
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Team permission allow different unit has different permission
* Finish the interface and the logic
* Fix lint
* Fix translation
* align center for table cell content
* Fix fixture
* merge
* Fix test
* Add deprecated
* Improve code
* Add tooltip
* Fix swagger
* Fix newline
* Fix tests
* Fix tests
* Fix test
* Fix test
* Max permission of external wiki and issues should be read
* Move team units with limited max level below units table
* Update label and column names
* Some improvements
* Fix lint
* Some improvements
* Fix template variables
* Add permission docs
* improve doc
* Fix fixture
* Fix bug
* Fix some bug
* Fix bug
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
* Move keys to models/keys
* Rename models/keys -> models/asymkey
* change the missed package name
* Fix package alias
* Fix test
* Fix docs
* Fix test
* Fix test
* merge
* Some refactors related repository model
* Move more methods out of repository
* Move repository into models/repo
* Fix test
* Fix test
* some improvements
* Remove unnecessary function
* Use a standalone struct name for Organization
* recover unnecessary change
* make the code readable
* Fix template failure
* Fix template failure
* Move HasMemberWithUserID to org
* Fix test
* Remove unnecessary user type check
* Fix test
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fixes#16381
Note that changes to unprotected files via the web editor still cannot be pushed directly to the protected branch. I could easily add such support for edits and deletes if needed. But for adding, uploading or renaming unprotected files, it is not trivial.
* Extract & Move GetAffectedFiles to modules/git
* Add option to provide signed token to verify key ownership
Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.
* Ensure verified keys can act for all active emails for the user
* Add code to mark keys as verified
* Slight UI adjustments
* Slight UI adjustments 2
* Simplify signature verification slightly
* fix postgres test
* add api routes
* handle swapped primary-keys
* Verify the no-reply address for verified keys
* Only add email addresses that are activated to keys
* Fix committer shortcut properly
* Restructure gpg_keys.go
* Use common Verification Token code
Signed-off-by: Andrew Thornton <art27@cantab.net>
* remove github.com/unknwon/com from models
* dont use "com.ToStr()"
* replace "com.ToStr" with "fmt.Sprint" where its easy to do
* more refactor
* fix test
* just "proxy" Copy func for now
* as per @lunny
* move GitCommit to APIFormat convertion into convert package
* rename Commit convert functions
* move stopwatch to api convertion into convert package & rm unused code & extend test
* fix compare time
* Gitea not Gogs ;)
* git blame tells me a lot of gitea things happen here around 2018, add header
* move user code int its own file
* expose user id
* adopt things from APIFormat
* fix test
* CI.restart()
* add API endpoint to create OAuth2 Application.
* move endpoint to /user. Add swagger documentations and proper response type.
* change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs.
* change response status to Created (201)
* add methods to list OAuth2 apps and delete an existing OAuth2 app by ID.
* add APIFormat convert method and file header
* fixed header
* hide secret on oauth2 application list
* add Created time to API response
* add API integration tests for create/list/delete OAuth2 applications.
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* add API branch protection endpoint
* lint
* Change to use team names instead of ids.
* Status codes.
* fix
* Fix
* Add new branch protection options (BlockOnRejectedReviews, DismissStaleApprovals, RequireSignedCommits)
* Do xorm query directly
* fix xorm GetUserNamesByIDs
* Add some tests
* Improved GetTeamNamesByID
* http status created for CreateBranchProtection
* Correct status code in integration test
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
* Add team permission setting to allow creating repo in organization.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test case for creating repo when have team creation access.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* build error: should omit comparison to bool constant
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add comment on exported functions
* Fix fixture consistency, fix existing unit tests
* Fix boolean comparison in xorm query.
* addCollaborator and changeCollaborationAccessMode separate steps
More clear to use different if-cases.
* Create and commit xorm session
* fix
* Add information of create repo permission in team sidebar
* Add migration step
* Clarify that repository creator will be administrator.
* Fix some things after merge
* Fix language text that use html
* migrations file
* Create repository permission -> Create repositories
* fix merge
* fix review comments
* Add field IsAllRepositories to team
* Add AllRepositories to team UI
* Manage team with access to all repositories
* Add field IsAllRepositories to team API
* put backticks around table/column names
* rename IsAllRepositories to IncludesAllRepositories
* do not reload slice if already loaded
* add repo to teams with access to all repositories when changing repo owner
* improve tests for teams with access to all repositories
* Merge branch 'master'
* Change code for adding all repositories
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* fmt after merge
* Change code in API EditTeam similar to EditTeamPost web interface
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Clarify that all repositories will be added
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* All repositories option under Permissions headline
* New setting group 'Repository access'
* Move check IncludeAllRepositories to removeRepository.
* Revert "Move check IncludeAllRepositories to removeRepository." and add comment instead.
This reverts commit 753b7d205be260b8be465b5291a02975a81f3093.
* Clarify help text what options do.
This PR fixes#7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.
## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
- [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
- Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
- [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
- app.ini configuration done
- [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation
I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
* Add teams to repo on collaboration page.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add option for repository admins to change teams access to repo.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add comment for functions
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make RepoAdminChangeTeamAccess default false in xorm and make it default checked in template instead.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make proper language strings and fix error redirection.
* Add unit tests for adding and deleting team from repository.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add database migration
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix redirect
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix locale string mismatch.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Move team access mode text logic to template.
* Move collaborator access mode text logic to template.
* Create API endpoints for repo topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Generate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add documentation to functions
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Grammar fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix function comment
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Can't use FindTopics when looking for a single repo topic, as it doesnt use exact match
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add PUT /repos/{owner}/{repo}/topics and remove GET /repos/{owner}/{repo}/topics
* Ignore if topic is sent twice in same request, refactoring.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix topic dropdown with api changes.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Style fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update API documentation
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Better way to handle duplicate topics in slice
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make response element TopicName an array of strings, instead of using an array of TopicName
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test cases for API Repo Topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix format of tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix unit tests after adding some more topics to the test fixture.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update models/topic.go
Limit multiple if else if ...
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Engine as first parameter in function
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Replace magic numbers with http status code constants.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix variable scope
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Test one read with login and one with token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add some more tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Apply suggestions from code review
Use empty struct for efficiency
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add test case to check access for user with write access
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix access, repo admin required to change topics
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Correct first test to be without token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Any repo reader should be able to access topics.
* No need for string pointer
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>