mirror of
1
Fork 0
Commit Graph

3784 Commits

Author SHA1 Message Date
Loïc Dachary e58e7bf088
[GITEA] rework long-term authentication (squash) add migration
Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
2023-10-05 12:35:59 +02:00
Gusted 51988ef52b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry-pick from eff097448b)

Conflicts:

	modules/context/context_cookie.go
	trivial context conflicts

	routers/web/web.go
	ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
2023-10-05 08:50:54 +02:00
Lunny Xiao 4b23f11864
Fix bug of review request number (#27406)
Manually backport #27104 without tests because too many conflicted files
to backport it completely.

(cherry picked from commit 5c96a2be87)
2023-10-03 14:48:40 +02:00
Giteabot 3e8c3b7c09
Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)
Backport #26430 by @lunny

Fix #26165
Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 23139aa27b)
2023-10-03 14:48:40 +02:00
Giteabot 5e2d16de0e
Add logs for data broken of comment review (#27326) (#27344)
Backport #27326 by @lunny

Fix #27306

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit b6b71c78c4)
2023-10-03 14:48:40 +02:00
KN4CK3R 13423d6eda
Quote table `release` in sql queries (#27205) (#27219)
Backport of #27205

Fixes #27174

`release` is a reserved keyword in MySql. I can't reproduce the issue on
my setup and we have a test for that code but it seems there can be
setups where it fails.

(cherry picked from commit eae6985b63)
2023-10-03 14:48:18 +02:00
Lunny Xiao 745b45406d
Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017)
backport #26991

Unfortunately, when a system setting hasn't been stored in the database,
it cannot be cached.
Meanwhile, this PR also uses context cache for push email avatar display
which should avoid to read user table via email address again and again.

According to my local test, this should reduce dashboard elapsed time
from 150ms -> 80ms .

(cherry picked from commit 9df573bddc)
2023-09-20 12:50:46 +02:00
Gusted 4b9a473e12
[GITEA] Use restricted sanitizer for repository description
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1433
  - Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
  - Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
  - Added unit testing.
  - Resolves https://codeberg.org/forgejo/forgejo/issues/1202
  - Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit a8afa4cd18)
2023-09-13 17:17:37 +02:00
Earl Warren 5aad8a6918
[GITEA] enable system users for comment.LoadPoster
System users (Ghost, ActionsUser, etc) have a negative id and may be
the author of a comment, either because it was created by a now
deleted user or via an action using a transient token.

The GetPossibleUserByID function has special cases related to system
users and will not fail if given a negative id.

Refs: https://codeberg.org/forgejo/forgejo/issues/1425
(cherry picked from commit 97667e06b3)
2023-09-12 11:02:07 +02:00
Giteabot 4df75c254f
Fix wrong review requested number (#26784) (#26880)
Backport #26784 by @lng2020

Fix the wrong review requested number mentioned by #18808 .
Fix #18808
Before:

![ksnip_20230829-140750](https://github.com/go-gitea/gitea/assets/70063547/0af2055b-6f16-4699-a944-c7186831d7f9)
After:

![ksnip_20230829-141817](https://github.com/go-gitea/gitea/assets/70063547/16633264-20ba-45e3-bfbb-a495ed76a45b)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 2a184796b5)
2023-09-08 08:09:18 +02:00
Giteabot 193e04c43b
Fix verifyCommits error when push a new branch (#26664) (#26810)
Backport #26664 by @CaiCandong

> ### Description
> If a new branch is pushed, and the repository has a rule that would
require signed commits for the new branch, the commit is rejected with a
500 error regardless of whether it's signed.
>
> When pushing a new branch, the "old" commit is the empty ID
(0000000000000000000000000000000000000000). verifyCommits has no
provision for this and passes an invalid commit range to git rev-list.
Prior to 1.19 this wasn't an issue because only pre-existing individual
branches could be protected.
>
> I was able to reproduce with
[try.gitea.io/CraigTest/test](https://try.gitea.io/CraigTest/test),
which is set up with a blanket rule to require commits on all branches.

Fix #25565
Very thanks to @Craig-Holmquist-NTI for reporting the bug and suggesting
an valid solution!

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 93c36f395c)
2023-09-08 08:09:18 +02:00
Giteabot d5845521a8
check blocklist for emails when adding them to account (#26812) (#26831)
Backport #26812 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
(cherry picked from commit 41bae29f84)
2023-09-08 08:09:18 +02:00
Giteabot 2f6d011503
Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)
Backport #26597 by @wxiaoguang

Fix #26526

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 4aed0e6b07)
2023-09-08 08:07:19 +02:00
Gusted fa25b9eec6
[GITEA] Add slow SQL query warning
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1284
  - Databases are one of the most important parts of Forgejo, every
interaction with Forgejo uses the database in one way or another.
Therefore, it is important to maintain the database and recognize when
Forgejo is not doing well with the database. Forgejo already has the
option to log *every* SQL query along with its execution time, but
monitoring becomes impractical for larger instances and takes up
unnecessary storage in the logs.
  - Add a QoL enhancement that allows instance administrators to specify a
threshold value beyond which query execution time is logged as a warning
in the xorm logger. The default value is a conservative five seconds to
avoid this becoming a source of spam in the logs.
  - The use case for this patch is that with an instance the size of Codeberg, monitoring SQL logs is not very fruitful and most of them are uninteresting. Recently, in the context of persistent deadlock issues (https://codeberg.org/forgejo/forgejo/issues/220), I have noticed that certain queries hold locks on tables like comment and issue for several seconds. This patch helps to identify which queries these are and when they happen.
  - Added unit test.
2023-08-21 21:18:43 +02:00
CaiCandong 28acd6e262
Fix project filter bugs (#26490) (#26558)
Backport  #26490

related: #26012

1. missing project filter on the issue page.

1e76a824bc/modules/indexer/issues/dboptions.go (L11-L15)
2. incorrect SQL condition: some issue does not belong to a project but
exists on the project_issue table.

f5dbac9d36/models/issues/issue_search.go (L233)

![before](https://github.com/go-gitea/gitea/assets/50507092/1dcde39e-3e2f-4151-b2c6-4d67bf493c2f)

![after](https://github.com/go-gitea/gitea/assets/50507092/badfb81f-056d-4a2f-9838-1cba9c15768d)

(cherry picked from commit 94f86964b4)
2023-08-21 07:27:20 +02:00
KN4CK3R 471138829b
Fix NuGet search endpoints (#25613) (#26499)
Backport of #25613

Fixes #25564
Fixes #23191

- Api v2 search endpoint should return only the latest version matching
the query
- Api v3 search endpoint should return `take` packages not package
versions

(cherry picked from commit 762d4245fb)
2023-08-21 07:27:20 +02:00
Earl Warren 6ab5735e90
[UPGRADE] add sanity checks for [storage*]
Refs: https://forgejo.org/2023-08-release-v1-20-3-0/
(cherry picked from commit a266dd0ce3)
2023-08-21 07:22:19 +02:00
Earl Warren fe55c78fb1
[UPGRADE] run sanity checks before the database is upgraded
(cherry picked from commit 69741e4e66)
2023-08-21 07:22:19 +02:00
Earl Warren 03f33a0320
[SEMVER] store SemVer in ForgejoSemVer after a database upgrade
(cherry picked from commit b7fe7cf401)
2023-08-21 07:22:18 +02:00
Earl Warren 2605e121d4
[DB] forgejo migration v2: create the forgejo_sem_ver table
(cherry picked from commit 86b26436af)

Conflicts:
	models/forgejo_migrations/migrate.go
	trivial context conflict
2023-08-21 07:22:18 +02:00
Giteabot 46ba658cc2
Bypass MariaDB performance bug of the "IN" sub-query, fix incorrect IssueIndex (#26279) (#26368)
Backport #26279 by @wxiaoguang

Close #26277
Fix #26285

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit cb1a4da5c2)
2023-08-21 07:22:17 +02:00
Earl Warren d83135c204
Revert "[GITEA] Use join for the deleting issue actions query"
This reverts commit 9b71369be9.
2023-08-21 07:22:17 +02:00
Giteabot 2f6b7ce91a
Fix log typo in task.go (#26337) (#26343)
Backport #26337 by @cassiozareck

Signed-off-by: cassiozareck <cassiomilczareck@gmail.com>
(cherry picked from commit 8a97cdd91b)
2023-08-21 07:22:17 +02:00
Giteabot 33c52556a3
Fix bug with sqlite load read (#26305) (#26339)
Backport #26305 by @lunny

Possible fix #26280

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 9be9042479)
2023-08-21 07:22:16 +02:00
Giteabot 9e4be39acb
Fix the topic validation rule and suport dots (#26286) (#26303)
Backport #26286 by @wxiaoguang

1. Allow leading and trailing spaces by user input, these spaces have
already been trimmed at backend
2. Allow using dots in the topic

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit fcd055c34a)
2023-08-21 07:22:16 +02:00
Giteabot c2f2fed57a
Fix pull request check list is limited (#26179) (#26245)
Backport #26179 by @CaiCandong

In the original implementation, we can only get the first 30 records of
the commit status (the default paging size), if the commit status is
more than 30, it will lead to the bug #25990. I made the following two
changes.
- On the page, use the ` db.ListOptions{ListAll: true}` parameter
instead of `db.ListOptions{}`
- The `GetLatestCommitStatus` function makes a determination as to
whether or not a pager is being used.

fixed #25990

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 060026995a)
2023-08-21 07:22:15 +02:00
JakobDev d89003cc1b Fix API leaking Usermail if not logged in (#25097)
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit ea385f5d39)
2023-08-05 11:43:54 +00:00
Gusted 9b71369be9 [GITEA] Use join for the deleting issue actions query
- The action tables can become very large as it's a dumpster for every
action that an user does on an repository.
- The following query: `DELETE FROM action WHERE comment_id IN (SELECT id FROM comment WHERE
issue_id=?)` is not using indexes for `comment_id` and is instead using
an full table scan by MariaDB.
- Rewriting the query to use an JOIN will allow MariaDB to use the
index.
- More information: https://codeberg.org/Codeberg-Infrastructure/techstack-support/issues/9
- Backport https://codeberg.org/forgejo/forgejo/pulls/1154
2023-07-31 10:14:30 +00:00
Giteabot 5afb0294f4
Fix access check for org-level project (#26182) (#26223)
Backport #26182 by @Zettat123

Fix #25934

Add `ignoreGlobal` parameter to `reqUnitAccess` and only check global
disabled units when `ignoreGlobal` is true. So the org-level projects
and user-level projects won't be affected by global disabled
`repo.projects` unit.

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 3a29712e0a)
2023-07-30 07:46:19 +02:00
Giteabot 751028549d
Prevent primary key update on migration (#26192) (#26199)
Backport #26192 by @KN4CK3R

Fixes #25918

The migration fails on MSSQL because xorm tries to update the primary
key column. xorm prevents this if the column is marked as auto
increment:

c622cdaf89/internal/statements/update.go (L38-L40)

I think it would be better if xorm would check for primary key columns
here because updating such columns is bad practice. It looks like if
that auto increment check should do the same.

fyi @lunny

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit ecfbcced46)
2023-07-30 07:46:18 +02:00
Lunny Xiao 4640c53386
Fix bug when pushing to a pull request which enabled dismiss approval automatically (#25882) (#26158)
Fix #25858
Backport #25882

The option `dissmiss stale approvals` was listed on protected branch but
never implemented. This PR fixes that.

<img width="1006" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/60bfa968-4db7-4c24-b8be-2e5978f91bb9">

<img width="1021" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/8dabc14d-2dfe-40c2-94ed-24fcbf6e0e8f">

(cherry picked from commit 666038a06d)
2023-07-30 07:46:18 +02:00
Giteabot 9654d71bb2
Fix bugs in LFS meta garbage collection (#26122) (#26157)
Backport #26122 by @Zettat123

This PR

- Fix #26093. Replace `time.Time` with `timeutil.TimeStamp`
- Fix #26135. Add missing `xorm:"extends"` to `CountLFSMetaObject` for
LFS meta object query
- Add a unit test for LFS meta object garbage collection

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit a12d036a68)
2023-07-30 07:43:05 +02:00
Giteabot df5200e814
Remove "misc" scope check from public API endpoints (#26134) (#26149)
Backport #26134 by @wxiaoguang

Fix #26035

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a8445e9320)
2023-07-26 13:51:46 +02:00
Lunny Xiao 7099ef15b6
Update xorm version (#26128) (#26150)
backport #26128 to fix some serious bug.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit bc73e6a85c)
2023-07-26 13:50:10 +02:00
Giteabot e2101ae572
Fix wrong workflow status when rerun a job in an already finished workflow (#26119) (#26124)
Backport #26119 by @yp05327

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/fb687592-b117-4cd5-b076-2ca5ca847ea4)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/c9b0683e-e81d-410b-8c35-fbe54327fab4)

After workflow finished, if you rerun a single job, the workflow status
will become to `Running` which is not correct as no jobs are running in
this workflow.

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 08cdc0da3d)
2023-07-26 13:49:15 +02:00
Earl Warren b65d458c3a
Merge remote-tracking branch 'forgejo/v1.20/forgejo-dependency' into v1.20/forgejo 2023-07-17 08:01:29 +02:00
Earl Warren 1371196064
Merge remote-tracking branch 'forgejo/v1.20/forgejo-moderation' into v1.20/forgejo 2023-07-17 08:01:23 +02:00
Earl Warren 8924d15dec
[GITEA] silently ignore obsolete sudo scope
Fixes: https://codeberg.org/forgejo/forgejo/issues/820
(cherry picked from commit 6a7022ebbb)
(cherry picked from commit 764eac47b5)
(cherry picked from commit 14480339f0)
(cherry picked from commit fb930bd719)
(cherry picked from commit 97d1166aba)
(cherry picked from commit 97b2abc767)
(cherry picked from commit 3854c9112f)
2023-07-17 00:27:19 +02:00
Gusted 73776d6195
[MODERATION] add user blocking API
- Follow up for: #540, #802
- Add API routes for user blocking from user and organization
perspective.
- The new routes have integration testing.
- The new model functions have unit tests.
- Actually quite boring to write and to read this pull request.

(cherry picked from commit f3afaf15c7)
(cherry picked from commit 6d754db3e5)
(cherry picked from commit d0fc8bc9d3)
(cherry picked from commit 9a53b0d1a0)
(cherry picked from commit 44a2a4fd48)
(cherry picked from commit 182025db9c)
(cherry picked from commit 558a35963e)
2023-07-17 00:26:42 +02:00
Gusted cdf6318f51
[MODERATION] organization blocking a user (#802)
- Resolves #476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a10421)
(cherry picked from commit 37b4e6ef9b)
(cherry picked from commit 217475385a)
(cherry picked from commit f2c38ce5c2)
(cherry picked from commit 1edfb68137)
(cherry picked from commit 2cbc12dc74)
(cherry picked from commit 79ff020f18)
2023-07-17 00:26:42 +02:00
Gusted dc9499bdf9
[MODERATION] user blocking
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480)
(cherry picked from commit 0c32a4fde5)
(cherry picked from commit 1791130e3c)
(cherry picked from commit 00f411819f)
(cherry picked from commit e0c039b0e8)
(cherry picked from commit b5a058ef00)
(cherry picked from commit 5ff5460d28)
(cherry picked from commit 97bc6e619d)
2023-07-17 00:26:42 +02:00
Gusted f2ecd46d96
[BRANDING] Use `forgejo` binary name
- Use `forgejo` binary name for migration suggestions.
- Resolves https://codeberg.org/forgejo/forgejo/issues/869#issuecomment-944501

(cherry picked from commit 418a0bed8f)
(cherry picked from commit 734579ce9b)
(cherry picked from commit 8b7cf605f2)
(cherry picked from commit c59e1a4e61)
(cherry picked from commit e3877892e1)
(cherry picked from commit d7249a4b84)
2023-07-17 00:25:56 +02:00
Loïc Dachary 133b7dcd7f
[BRANDING] reserve forgejo-actions username
(cherry picked from commit 2a25be788b)
(cherry picked from commit b270d5815c)
(cherry picked from commit e7382cc71e)
(cherry picked from commit 665400ea1e)
(cherry picked from commit f5b2c691f1)
(cherry picked from commit 3df97adfef)
(cherry picked from commit 494f6eafc1)
(cherry picked from commit 822e3d2c83)
(cherry picked from commit 7460f12568)
(cherry picked from commit f6cd70881e)
(cherry picked from commit c669ce8173)
(cherry picked from commit 1d5a433e02)
(cherry picked from commit c1a4dc150c)
(cherry picked from commit dd1c971c6c)
(cherry picked from commit 8d2dcd9b1e)
(cherry picked from commit b6bb8fd275)
(cherry picked from commit d4b71fe96e)
(cherry picked from commit c9a905f588)
(cherry picked from commit c9930563b2)
(cherry picked from commit 8e8fbf4950)
(cherry picked from commit d3b8e54778)
(cherry picked from commit ee63800789)
2023-07-17 00:25:56 +02:00
Gusted 82e4ff7e88
[DB] Forgejo database migrations
- Implements https://codeberg.org/forgejo/discussions/issues/32#issuecomment-918737
- Allows to add Forgejo-specific migrations that don't interfere with Gitea's migration logic. Please do note that we cannot liberally add migrations for Gitea tables, as they might do their own migrations in a future version on that table, and that could undo our migrations. Luckily,  we don't have a scenario where that's needed and thus not taken into account.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/795
(cherry picked from commit 8ee32978c0)
(cherry picked from commit c240b34f59)
(cherry picked from commit 03936c6492)
(cherry picked from commit 8bd051e6df)
(cherry picked from commit 2c55a40c79)
(cherry picked from commit 260d938e92)
(cherry picked from commit cf7c08031f)
(cherry picked from commit 59c1547517)
2023-07-16 23:44:22 +02:00
Earl Warren d6efefbb63
[CLI] implement forgejo-cli actions register
(cherry picked from commit 2f95143000)
(cherry picked from commit cf77f1e6d9)
(cherry picked from commit 0983b62ca0)
2023-07-16 23:21:45 +02:00
Giteabot c334be8284
Fix empty project displayed in issue sidebar (#25802) (#25854)
Backport #25802 by @yp05327

You can confirm this issue in
https://try.gitea.io/yp05327/testrepo/issues/2

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/1ab476dc-2f9b-4c85-9e87-105fc73af1ee)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/786f984d-5c27-4eff-b3d9-159f68034ce4)

This issue comes from the change in #25468.
`LoadProject` will always return at least one record, so we use
`ProjectID` to check whether an issue is linked to a project in the old
code.
As other `issue.LoadXXX` functions, we need to check the return value
from `xorm.Session.Get`.

In recent unit tests, we only test `issueList.LoadAttributes()` but
don't test `issue.LoadAttributes()`. So I added a new test for
`issue.LoadAttributes()` in this PR.

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Denys Konovalov <privat@denyskon.de>
2023-07-12 19:07:03 +02:00
Giteabot 052e65e63f
Fix incorrect oldest sort in project list (#25806) (#25835)
Backport #25806 by @yp05327

sort type `oldest` should be `Asc`.
Added a test for this.

I see we have `SearchOrderBy` in db model, but we are using many
different ways to define the sort type.
~Maybe we can improve this later.~
↑ Improved in this PR

Co-authored-by: yp05327 <576951401@qq.com>
2023-07-12 13:22:17 +08:00
Giteabot 2b79d3fd52
For API attachments, use API URL (#25639) (#25814)
Backport #25639 by @lunny

Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-10 12:56:16 +00:00
Giteabot a1bc2aa05e
Avoid amending the Rebase and Fast-forward merge if there is no message template (#25779) (#25809)
Backport #25779 by @wxiaoguang

Related #22669. Close #25177

After the fix:


![image](https://github.com/go-gitea/gitea/assets/2114189/0e900927-ea72-4f8f-bde6-5ed927cb02f4)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-10 10:23:54 +00:00
Giteabot 372b622c2b
Revert package access change from #23879 (#25707) (#25785)
Backport #25707 by @KN4CK3R

Fixes (?) #25538
Fixes https://codeberg.org/forgejo/forgejo/issues/972

Regression #23879

#23879 introduced a change which prevents read access to packages if a
user is not a member of an organization.

That PR also contained a change which disallows package access if the
team unit is configured with "no access" for packages. I don't think
this change makes sense (at the moment). It may be relevant for private
orgs. But for public or limited orgs that's useless because an
unauthorized user would have more access rights than the team member.
This PR restores the old behaviour "If a user has read access for an
owner, they can read packages".

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-07-09 21:00:42 +00:00