Merge branch 'main' into admin-ip-info

Author: techknowlogick

models/fixtures/webhook.yml

@@ -1,15 +1,15 @@
 -
   id: 1
   repo_id: 1
-  url: www.example.com/url1
+  url: https://www.example.com/url1
   content_type: 1 # json
   events: '{"push_only":true,"send_everything":false,"choose_events":false,"events":{"create":false,"push":true,"pull_request":false}}'
   is_active: true
 
 -
   id: 2
   repo_id: 1
-  url: www.example.com/url2
+  url: https://www.example.com/url2
   content_type: 1 # json
   events: '{"push_only":false,"send_everything":false,"choose_events":false,"events":{"create":false,"push":true,"pull_request":true}}'
   is_active: false
@@ -18,15 +18,15 @@
   id: 3
   owner_id: 3
   repo_id: 3
-  url: www.example.com/url3
+  url: https://www.example.com/url3
   content_type: 1 # json
   events: '{"push_only":false,"send_everything":false,"choose_events":false,"events":{"create":false,"push":true,"pull_request":true}}'
   is_active: true
 
 -
   id: 4
   repo_id: 2
-  url: www.example.com/url4
+  url: https://www.example.com/url4
   content_type: 1 # json
   events: '{"push_only":true,"branch_filter":"{master,feature*}"}'
   is_active: true
@@ -35,7 +35,7 @@
   id: 5
   repo_id: 0
   owner_id: 0
-  url: www.example.com/url5
+  url: https://www.example.com/url5
   content_type: 1 # json
   events: '{"push_only":true,"branch_filter":"{master,feature*}"}'
   is_active: true
@@ -45,7 +45,7 @@
   id: 6
   repo_id: 0
   owner_id: 0
-  url: www.example.com/url6
+  url: https://www.example.com/url6
   content_type: 1 # json
   events: '{"push_only":true,"branch_filter":"{master,feature*}"}'
   is_active: true

models/webhook/webhook_test.go

@@ -90,7 +90,7 @@ func TestWebhook_EventsArray(t *testing.T) {
 func TestCreateWebhook(t *testing.T) {
 	hook := &Webhook{
 		RepoID:      3,
-		URL:         "www.example.com/unit_test",
+		URL:         "https://www.example.com/unit_test",
 		ContentType: ContentTypeJSON,
 		Events:      `{"push_only":false,"send_everything":false,"choose_events":false,"events":{"create":false,"push":true,"pull_request":true}}`,
 	}

modules/repository/create.go

@@ -8,17 +8,9 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"strings"
 
-	activities_model "code.gitea.io/gitea/models/activities"
-	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
-	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
-	issue_indexer "code.gitea.io/gitea/modules/indexer/issues"
-	"code.gitea.io/gitea/modules/log"
-	api "code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/util"
 )
 
 const notRegularFileMode = os.ModeSymlink | os.ModeNamedPipe | os.ModeSocket | os.ModeDevice | os.ModeCharDevice | os.ModeIrregular
@@ -63,97 +55,3 @@ func UpdateRepoSize(ctx context.Context, repo *repo_model.Repository) error {
 
 	return repo_model.UpdateRepoSize(ctx, repo.ID, size, lfsSize)
 }
-
-// CheckDaemonExportOK creates/removes git-daemon-export-ok for git-daemon...
-func CheckDaemonExportOK(ctx context.Context, repo *repo_model.Repository) error {
-	if err := repo.LoadOwner(ctx); err != nil {
-		return err
-	}
-
-	// Create/Remove git-daemon-export-ok for git-daemon...
-	daemonExportFile := filepath.Join(repo.RepoPath(), `git-daemon-export-ok`)
-
-	isExist, err := util.IsExist(daemonExportFile)
-	if err != nil {
-		log.Error("Unable to check if %s exists. Error: %v", daemonExportFile, err)
-		return err
-	}
-
-	isPublic := !repo.IsPrivate && repo.Owner.Visibility == api.VisibleTypePublic
-	if !isPublic && isExist {
-		if err = util.Remove(daemonExportFile); err != nil {
-			log.Error("Failed to remove %s: %v", daemonExportFile, err)
-		}
-	} else if isPublic && !isExist {
-		if f, err := os.Create(daemonExportFile); err != nil {
-			log.Error("Failed to create %s: %v", daemonExportFile, err)
-		} else {
-			f.Close()
-		}
-	}
-
-	return nil
-}
-
-// UpdateRepository updates a repository with db context
-func UpdateRepository(ctx context.Context, repo *repo_model.Repository, visibilityChanged bool) (err error) {
-	repo.LowerName = strings.ToLower(repo.Name)
-
-	e := db.GetEngine(ctx)
-
-	if _, err = e.ID(repo.ID).AllCols().Update(repo); err != nil {
-		return fmt.Errorf("update: %w", err)
-	}
-
-	if err = UpdateRepoSize(ctx, repo); err != nil {
-		log.Error("Failed to update size for repository: %v", err)
-	}
-
-	if visibilityChanged {
-		if err = repo.LoadOwner(ctx); err != nil {
-			return fmt.Errorf("LoadOwner: %w", err)
-		}
-		if repo.Owner.IsOrganization() {
-			// Organization repository need to recalculate access table when visibility is changed.
-			if err = access_model.RecalculateTeamAccesses(ctx, repo, 0); err != nil {
-				return fmt.Errorf("recalculateTeamAccesses: %w", err)
-			}
-		}
-
-		// If repo has become private, we need to set its actions to private.
-		if repo.IsPrivate {
-			_, err = e.Where("repo_id = ?", repo.ID).Cols("is_private").Update(&activities_model.Action{
-				IsPrivate: true,
-			})
-			if err != nil {
-				return err
-			}
-
-			if err = repo_model.ClearRepoStars(ctx, repo.ID); err != nil {
-				return err
-			}
-		}
-
-		// Create/Remove git-daemon-export-ok for git-daemon...
-		if err := CheckDaemonExportOK(ctx, repo); err != nil {
-			return err
-		}
-
-		forkRepos, err := repo_model.GetRepositoriesByForkID(ctx, repo.ID)
-		if err != nil {
-			return fmt.Errorf("getRepositoriesByForkID: %w", err)
-		}
-		for i := range forkRepos {
-			forkRepos[i].IsPrivate = repo.IsPrivate || repo.Owner.Visibility == api.VisibleTypePrivate
-			if err = UpdateRepository(ctx, forkRepos[i], true); err != nil {
-				return fmt.Errorf("updateRepository[%d]: %w", forkRepos[i].ID, err)
-			}
-		}
-
-		// If visibility is changed, we need to update the issue indexer.
-		// Since the data in the issue indexer have field to indicate if the repo is public or not.
-		issue_indexer.UpdateRepoIndexer(ctx, repo.ID)
-	}
-
-	return nil
-}

modules/repository/create_test.go

@@ -6,34 +6,13 @@ package repository
 import (
 	"testing"
 
-	activities_model "code.gitea.io/gitea/models/activities"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 
 	"github.com/stretchr/testify/assert"
 )
 
-func TestUpdateRepositoryVisibilityChanged(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// Get sample repo and change visibility
-	repo, err := repo_model.GetRepositoryByID(db.DefaultContext, 9)
-	assert.NoError(t, err)
-	repo.IsPrivate = true
-
-	// Update it
-	err = UpdateRepository(db.DefaultContext, repo, true)
-	assert.NoError(t, err)
-
-	// Check visibility of action has become private
-	act := activities_model.Action{}
-	_, err = db.GetEngine(db.DefaultContext).ID(3).Get(&act)
-
-	assert.NoError(t, err)
-	assert.True(t, act.IsPrivate)
-}
-
 func TestGetDirectorySize(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	repo, err := repo_model.GetRepositoryByID(db.DefaultContext, 1)

options/locale/locale_fr-FR.ini

@@ -730,6 +730,8 @@ public_profile=Profil public
 biography_placeholder=Parlez-nous un peu de vous ! (Vous pouvez utiliser Markdown)
 location_placeholder=Partagez votre position approximative avec d'autres personnes
 profile_desc=Contrôlez comment votre profil est affiché aux autres utilisateurs. Votre adresse courriel principale sera utilisée pour les notifications, la récupération de mot de passe et les opérations Git basées sur le Web.
+password_username_disabled=Vous n’êtes pas autorisé à modifier votre nom d’utilisateur. Veuillez contacter l’administrateur de votre site pour plus de détails.
+password_full_name_disabled=Vous n’êtes pas autorisé à modifier votre nom complet. Veuillez contacter l’administrateur du site pour plus de détails.
 full_name=Nom complet
 website=Site Web
 location=Localisation
@@ -924,6 +926,9 @@ permission_not_set=Non défini
 permission_no_access=Aucun accès
 permission_read=Lecture
 permission_write=Lecture et écriture
+permission_anonymous_read=Consultation anonyme
+permission_everyone_read=Consultation collective
+permission_everyone_write=Participation collective
 access_token_desc=Les autorisations des jetons sélectionnées se limitent aux <a %s>routes API</a> correspondantes. Lisez la <a %s>documentation</a> pour plus d’informations.
 at_least_one_permission=Vous devez sélectionner au moins une permission pour créer un jeton.
 permissions_list=Autorisations :
@@ -1136,6 +1141,7 @@ transfer.no_permission_to_reject=Vous n’êtes pas autorisé à rejeter ce tran
 
 desc.private=Privé
 desc.public=Publique
+desc.public_access=Accès public
 desc.template=Modèle
 desc.internal=Interne
 desc.archived=Archivé
@@ -1648,6 +1654,8 @@ issues.label_archived_filter=Afficher les labels archivés
 issues.label_archive_tooltip=Les labels archivés sont par défaut exclus des suggestions lors de la recherche par label.
 issues.label_exclusive_desc=Remarque : pour rendre des labels mutuellement exclusifs, préfixez leur nom d’une portée au format <code>portée/label</code>.
 issues.label_exclusive_warning=Tout label d'une portée en conflit sera retiré lors de la modification des labels d’un ticket ou d’une demande d’ajout.
+issues.label_exclusive_order=Ordre de tri
+issues.label_exclusive_order_tooltip=Les labels exclusifs partageant la même portée seront triées selon cet ordre numérique.
 issues.label_count=%d labels
 issues.label_open_issues=%d tickets ouverts
 issues.label_edit=Éditer
@@ -2130,6 +2138,12 @@ contributors.contribution_type.deletions=Suppressions
 settings=Paramètres
 settings.desc=Les paramètres sont l'endroit où gérer les options du dépôt
 settings.options=Dépôt
+settings.public_access=Accès public
+settings.public_access_desc=Configurer les permissions des visiteurs publics remplaçant les valeurs par défaut de ce dépôt.
+settings.public_access.docs.not_set=Non défini : ne donne aucune permission supplémentaire. Les règles du dépôt et les permissions des utilisateurs font foi.
+settings.public_access.docs.anonymous_read=Lecture anonyme : les utilisateurs qui ne sont pas connectés peuvent consulter la ressource.
+settings.public_access.docs.everyone_read=Consultation publique : tous les utilisateurs connectés peuvent consulter la ressource. Mettre les tickets et demandes d’ajouts en accès public signifie que les utilisateurs connectés peuvent en créer.
+settings.public_access.docs.everyone_write=Participation publique : tous les utilisateurs connectés ont la permission d’écrire sur la ressource. Seule le Wiki supporte cette autorisation.
 settings.collaboration=Collaborateurs
 settings.collaboration.admin=Administrateur
 settings.collaboration.write=Écriture

options/locale/locale_pt-PT.ini

@@ -1654,6 +1654,8 @@ issues.label_archived_filter=Mostrar rótulos arquivados
 issues.label_archive_tooltip=Os rótulos arquivados são, por norma, excluídos das sugestões ao pesquisar por rótulo.
 issues.label_exclusive_desc=Nomeie o rótulo <code>âmbito/item</code> para torná-lo mutuamente exclusivo com outros rótulos do <code>âmbito/</code>.
 issues.label_exclusive_warning=Quaisquer rótulos com âmbito que estejam em conflito irão ser removidos ao editar os rótulos de uma questão ou de um pedido de integração.
+issues.label_exclusive_order=Ordenação
+issues.label_exclusive_order_tooltip=Rótulos exclusivos no mesmo âmbito serão ordenados de acordo com esta ordem numérica.
 issues.label_count=%d rótulos
 issues.label_open_issues=%d questões abertas
 issues.label_edit=Editar

options/locale/locale_zh-CN.ini

@@ -927,6 +927,8 @@ permission_no_access=无访问权限
 permission_read=可读
 permission_write=读写
 permission_anonymous_read=匿名读
+permission_everyone_read=所有人可读
+permission_everyone_write=所有人可写
 access_token_desc=所选令牌权限仅限于对应的 <a %s>API</a> 路由的授权。阅读 <a %s>文档</a> 以获取更多信息。
 at_least_one_permission=你需要选择至少一个权限才能创建令牌
 permissions_list=权限：
@@ -1646,12 +1648,14 @@ issues.save=保存
 issues.label_title=标签名称
 issues.label_description=标签描述
 issues.label_color=标签颜色
-issues.label_exclusive=独有
+issues.label_exclusive=互斥标签
 issues.label_archive=归档标签
 issues.label_archived_filter=显示存档标签
 issues.label_archive_tooltip=在标签搜索时，默认情况下存档标签将被排除在外。
 issues.label_exclusive_desc=命名标签为 <code>scope/item</code> 以使其与其他以 <code>scope/</code> 开头的标签互斥。
 issues.label_exclusive_warning=在编辑工单或合并请求的标签时，任何冲突的范围标签都将被删除。
+issues.label_exclusive_order=排序顺序
+issues.label_exclusive_order_tooltip=在同一个范围内的互斥标签将按照这个数字进行排序
 issues.label_count=%d 个标签
 issues.label_open_issues=%d 个开启的工单
 issues.label_edit=编辑
@@ -1711,8 +1715,11 @@ issues.start_tracking_history=`开始工作 %s`
 issues.tracker_auto_close=当此工单关闭时，自动停止计时器
 issues.tracking_already_started=`你已经开始对 <a href="%s">另一个工单</a> 进行时间跟踪！`
 issues.stop_tracking=停止计时器
+issues.stop_tracking_history=工作 <b>%[1]s</b> 于 %[2]s 停止
+issues.cancel_tracking=取消
 issues.cancel_tracking_history=`取消时间跟踪 %s`
 issues.del_time=删除此时间跟踪日志
+issues.add_time_history=已于 %[2]s 添加计时 <b>%[1]</b>
 issues.del_time_history=`已删除时间 %s`
 issues.add_time_manually=手动添加时间
 issues.add_time_hours=小时
@@ -1971,6 +1978,7 @@ pulls.upstream_diverging_prompt_behind_1=该分支落后于 %[2]s %[1]d 个提
 pulls.upstream_diverging_prompt_behind_n=该分支落后于 %[2]s %[1]d 个提交
 pulls.upstream_diverging_prompt_base_newer=基础分支 %s 有新的更改
 pulls.upstream_diverging_merge=同步派生
+pulls.upstream_diverging_merge_confirm=要将 %[1]s 合并到 %[2]s 吗？
 
 pull.deleted_branch=(已删除): %s
 pull.agit_documentation=查看有关 AGit 的文档
@@ -2131,6 +2139,11 @@ settings=设置
 settings.desc=设置是你可以管理仓库设置的地方
 settings.options=仓库
 settings.public_access=公开访问
+settings.public_access_desc=配置公共访客访问权限以覆盖此存储库的默认值。
+settings.public_access.docs.not_set=未设置：没有额外的公共访问权限。访客权限遵循存储库的可见性和成员权限。
+settings.public_access.docs.anonymous_read=匿名可读：未登录的用户可以通过读取权限访问单元。
+settings.public_access.docs.everyone_read=所有人可读：所有登录用户都可以通过读取权限访问单元。读取问题/拉取请求单元的权限也意味着用户可以创建新的问题/拉取请求。
+settings.public_access.docs.everyone_write=所有人可写：所有登录用户都有写入权限。只有百科支持此权限。
 settings.collaboration=协作者
 settings.collaboration.admin=管理员
 settings.collaboration.write=可写权限
@@ -2385,6 +2398,7 @@ settings.event_pull_request_approvals=合并请求批准
 settings.event_pull_request_merge=合并请求合并
 settings.event_header_workflow=工作流程事件
 settings.event_workflow_job=工作流任务
+settings.event_workflow_job_desc=Gitea Actions 工作流队列中、等待中、正在进行或已完成任务。
 settings.event_package=软件包
 settings.event_package_desc=软件包已在仓库中被创建或删除。
 settings.branch_filter=分支过滤
@@ -2900,6 +2914,9 @@ worktime.date_range_start=起始日期
 worktime.date_range_end=结束日期
 worktime.query=查询
 worktime.time=时间
+worktime.by_repositories=按仓库
+worktime.by_milestones=按里程碑
+worktime.by_members=按成员
 
 [admin]
 maintenance=维护

routers/api/v1/org/member.go

@@ -8,6 +8,7 @@ import (
 	"net/url"
 
 	"code.gitea.io/gitea/models/organization"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/routers/api/v1/user"
@@ -210,6 +211,20 @@ func IsPublicMember(ctx *context.APIContext) {
 	}
 }
 
+func checkCanChangeOrgUserStatus(ctx *context.APIContext, targetUser *user_model.User) {
+	// allow user themselves to change their status, and allow admins to change any user
+	if targetUser.ID == ctx.Doer.ID || ctx.Doer.IsAdmin {
+		return
+	}
+	// allow org owners to change status of members
+	isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
+	if err != nil {
+		ctx.APIError(http.StatusInternalServerError, err)
+	} else if !isOwner {
+		ctx.APIError(http.StatusForbidden, "Cannot change member visibility")
+	}
+}
+
 // PublicizeMember make a member's membership public
 func PublicizeMember(ctx *context.APIContext) {
 	// swagger:operation PUT /orgs/{org}/public_members/{username} organization orgPublicizeMember
@@ -240,8 +255,8 @@ func PublicizeMember(ctx *context.APIContext) {
 	if ctx.Written() {
 		return
 	}
-	if userToPublicize.ID != ctx.Doer.ID {
-		ctx.APIError(http.StatusForbidden, "Cannot publicize another member")
+	checkCanChangeOrgUserStatus(ctx, userToPublicize)
+	if ctx.Written() {
 		return
 	}
 	err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToPublicize.ID, true)
@@ -282,8 +297,8 @@ func ConcealMember(ctx *context.APIContext) {
 	if ctx.Written() {
 		return
 	}
-	if userToConceal.ID != ctx.Doer.ID {
-		ctx.APIError(http.StatusForbidden, "Cannot conceal another member")
+	checkCanChangeOrgUserStatus(ctx, userToConceal)
+	if ctx.Written() {
 		return
 	}
 	err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToConceal.ID, false)