Conversation
* set fork-related context data * show submit button based on permissions * add ForkAndEdit field to EditRepoFileForm * modify EditFilePost to handle fork creation and commit to fork * reuse existing fork if user already has one
* query repos by owner and subject * check for existing user repo for subject * disable edit/fork buttons when user already has a repo for the subject * show message in edit view explaining why editing is disabled
* fix wrong error condition (returned on any error, not just 'not found') * fix double increment bug (i++ in loop body + loop increment) * optimise from O(n) queries to single query with hash set lookup O(1) * add proper error logging
* run subject ownership check and fork detection concurrently
* add error for subject ownership violations * validate subject ownership before forking
* fix POST handler to validate subject ownership
* create IDX_repository_owner_subject and IDX_repository_owner_fork * optimizes GetRepositoryByOwnerIDAndSubjectID() and GetForkedRepo() queries
* replace 'Cannot Edit' button with 'Edit Your Article' action link * add translation keys for fork-on-edit error messages * link users to their existing article when subject ownership blocks editing
* simplify fork_and_edit hidden field to only use .NeedsFork * extract repeated nil-guard pattern into $subjectName template variable
* add Playwright tests for modal appearance, cancel actions, and tooltip * test modal shows correct header, content, and button text * verify cancel button and Escape key close modal without action * verify fork button has tooltip with confirmation message
* add repository owner tests for Submit Changes button behavior * add non-owner tests for Fork button and disabled submit button * add unauthenticated user test for sign-in button
* accessibility tests verify Enter opens modal, Tab navigates buttons, and buttons have proper accessible text content * unique name tests verify suffix generation when base name is taken
* use RepoOperationsLink instead of RepoLink in form action url * bypass fork_and_edit in CanWriteToBranch middleware to allow non-owners to reach the EditFilePost handler * skip NeedFork workflow when ForkAndEdit is true to prevent conflicting fork creation attempts
* CheckForkOnEditPermissions for owner/non-owner/unauthenticated * CanWriteToBranch middleware bypass with fork_and_edit=true * existing fork detection using fixture data (repo11/repo10) * subject ownership blocking prevents duplicate forks * form action URL uses RepoOperationsLink not RepoLink
* slug generation migration covering basic slugs, mixed-case deduplication, special characters, unique constraint verification, and empty table handling * index creation, idempotency, and index type verification
…order * fork API behavior when user already owns a repository for the same subject * fork blocked by subject ownership (403), fork succeeds for user without subject repo (202), fork blocked even with custom name (403) * fix error handling order in CreateFork
* update GetForkedRepo signature to return (*Repository, error) * update all callers to handle the new error return value * fixes silent error swallowing
* fix modal promise resolution pattern * add PathEscapeSegments to article template URL * update test comment to list all removed special characters
|
/crush_fast AI review started. |
Advanced AI Review
Click to expand reviewReview SummaryThe changes look correct and implement defensive programming improvements. I found no bugs or security issues in the modified code. The changes are:
1. 🔵 Type Assertion Fix in
|
|
…th check - Make navbar-pill-active conditional on PageIsPullList so it's only highlighted on PR-related pages (fixes always-active pill bug) - Add $.SignedUserID check to review submit button condition to prevent showing it to unauthenticated users - Fix split/unified view toggle (replace broken JS onclick with server-side rendered <a> tag) - Add mobile default to unified view - Add CSS overrides for conversation-holder comments and PR diff styling
Remove .IsShowingAllCommits from the outer condition in box.tmpl since review_submit.tmpl already handles the disabled state internally when not showing all commits. This matches the master behavior where the review button is always rendered for signed-in users on PR file pages. Fixes TestPullDiff_SingleCommitPRDiff and TestPullDiff_CommitRangePRDiff which expect .js-btn-review to exist with a disabled class.
The JavaScript in article-editor.ts reads data-fork-confirm-body2 to display a second paragraph in the fork confirmation modal, but the template was missing this attribute. The locale key already exists. Fixes AI Review Issue #1.
The backend SubmitReviewForm struct has no Title field, so the title input was silently discarded. This removes it to avoid misleading users. Fixes AI Review Issue #2.
Move inline onclick handlers to addEventListener calls for CSP compatibility. Affects the diff info banner dismiss button in box.tmpl and the PR back link in view_title.tmpl. Fixes AI Review Issue #4.
The review modal could only be closed by clicking the X button or the overlay. Add a keydown listener so pressing Escape also closes it. Fixes AI Review Issue #5.
Replace 'Post immediately', 'Save draft', and 'Click a paragraph to add a comment.' with ctx.Locale.Tr calls. Add corresponding keys to the custom locale file. Fixes AI Review Issue #6.
Add sessionStorage guard so the automatic redirect from split to unified view on mobile only fires once per session. Previously, if a user switched back to split view, they'd be immediately redirected again. Fixes AI Review Issue #7.
|
/crush_fast AI review started. |
Advanced AI Review
Click to expand reviewCode Review: Fix Diff CommentsIssue 1: 🟡 Safe Type Assertion Improvement -
|
| Scenario | Before | After |
|---|---|---|
origin == "timeline", value is true |
true (short-circuit) |
true |
origin == "timeline", value is false |
true (short-circuit) |
true |
origin == "timeline", value is nil |
PANIC | true |
origin != "timeline", value is true |
true |
true |
origin != "timeline", value is false |
false |
false |
origin != "timeline", value is nil |
PANIC | false |
The test at routers/web/repo/pull_review_test.go:70-74 confirms this behavior is expected:
run("timeline is not affected by ShowOutdatedComments=false", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
ctx.Data["ShowOutdatedComments"] = false
renderConversation(ctx, preparedComment, "timeline")
assert.Contains(t, resp.Body.String(), `<div id="code-comments-`)
})No changes needed - this is a good fix.
Summary
These are both valid bug fixes that prevent potential runtime panics from failed type assertions. The changes:
- Are safe: Use the comma-ok idiom to prevent panics when
ctx.Data["ShowOutdatedComments"]is unset or not a bool - Preserve behavior: The logical behavior is unchanged in all scenarios where the value is properly set
- Improve robustness: Even though middleware should set these values, defensive coding protects against future code paths that might skip the middleware
No issues found that require changes. The PR is ready to merge.
Review generated using glm-5 via Z.AI. Comment /crush_fast to re-run.
taoeffect
left a comment
taoeffect
left a comment
There was a problem hiding this comment.
Great work @pedrogaudencio !
3 participants
Fixes /issues/151
Closes /issues/91
Notes: depends on /pull/147