Merge ab61e4577360334408807e5160f8b962c15e52c4 into c2e23d3301b1be2b2ad667184030087f92ad2470

Fix PR web route permission check (#33636 )
See the FIXME comment in code. Otherwise, if a repo's issue unit is disabled, then the PRs can't be edited anymore. By the way, make the permission log output look slightly better. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: metiftikci <metiftikci@hotmail.com>
2025-02-20 11:43:57 +08:00 · 2025-02-19 13:28:14 +08:00 · 2025-02-19 00:55:19 +00:00 · 2025-02-18 16:29:17 -08:00 · 2025-02-17 12:25:45 -08:00 · 2025-02-16 23:09:16 -08:00
8 changed files with 109 additions and 21 deletions
--- a/models/packages/descriptor.go
+++ b/models/packages/descriptor.go
@ -110,9 +110,12 @@ func GetPackageDescriptor(ctx context.Context, pv *PackageVersion) (*PackageDesc
 	if err != nil {
 		return nil, err
 	}
-	repository, err := repo_model.GetRepositoryByID(ctx, p.RepoID)
-	if err != nil && !repo_model.IsErrRepoNotExist(err) {
-		return nil, err
+	var repository *repo_model.Repository
+	if p.RepoID > 0 {
+		repository, err = repo_model.GetRepositoryByID(ctx, p.RepoID)
+		if err != nil && !repo_model.IsErrRepoNotExist(err) {
+			return nil, err
+		}
 	}
 	creator, err := user_model.GetUserByID(ctx, pv.CreatorID)
 	if err != nil {
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@ -152,7 +152,7 @@ func (p *Permission) ReadableUnitTypes() []unit.Type {
 }

 func (p *Permission) LogString() string {
-	format := "<Permission AccessMode=%s, %d Units, %d UnitsMode(s): [ "
+	format := "<Permission AccessMode=%s, %d Units, %d UnitsMode(s): ["
 	args := []any{p.AccessMode.ToString(), len(p.units), len(p.unitsMode)}

 	for i, u := range p.units {
@ -164,14 +164,16 @@ func (p *Permission) LogString() string {
 				config = err.Error()
 			}
 		}
-		format += "\nUnits[%d]: ID: %d RepoID: %d Type: %s Config: %s"
+		format += "\n\tunits[%d]: ID=%d RepoID=%d Type=%s Config=%s"
 		args = append(args, i, u.ID, u.RepoID, u.Type.LogString(), config)
 	}
 	for key, value := range p.unitsMode {
-		format += "\nUnitMode[%-v]: %-v"
+		format += "\n\tunitsMode[%-v]: %-v"
 		args = append(args, key.LogString(), value.LogString())
 	}
-	format += " ]>"
+	format += "\n\teveryoneAccessMode: %-v"
+	args = append(args, p.everyoneAccessMode)
+	format += "\n\t]>"
 	return fmt.Sprintf(format, args...)
 }

--- a/modules/log/logger_impl.go
+++ b/modules/log/logger_impl.go
@ -5,6 +5,7 @@ package log

 import (
 	"context"
+	"reflect"
 	"runtime"
 	"strings"
 	"sync"
@ -175,6 +176,20 @@ func (l *LoggerImpl) IsEnabled() bool {
 	return l.level.Load() < int32(FATAL) && len(l.eventWriters) > 0
 }

+func asLogStringer(v any) LogStringer {
+	if s, ok := v.(LogStringer); ok {
+		return s
+	} else if a := reflect.ValueOf(v); a.Kind() == reflect.Struct {
+		// in case the receiver is a pointer, but the value is a struct
+		vp := reflect.New(a.Type())
+		vp.Elem().Set(a)
+		if s, ok := vp.Interface().(LogStringer); ok {
+			return s
+		}
+	}
+	return nil
+}
+
 // Log prepares the log event, if the level matches, the event will be sent to the writers
 func (l *LoggerImpl) Log(skip int, level Level, format string, logArgs ...any) {
 	if Level(l.level.Load()) > level {
@ -207,11 +222,11 @@ func (l *LoggerImpl) Log(skip int, level Level, format string, logArgs ...any) {
 	// handle LogStringer values
 	for i, v := range msgArgs {
 		if cv, ok := v.(*ColoredValue); ok {
-			if s, ok := cv.v.(LogStringer); ok {
-				cv.v = logStringFormatter{v: s}
+			if ls := asLogStringer(cv.v); ls != nil {
+				cv.v = logStringFormatter{v: ls}
 			}
-		} else if s, ok := v.(LogStringer); ok {
-			msgArgs[i] = logStringFormatter{v: s}
+		} else if ls := asLogStringer(v); ls != nil {
+			msgArgs[i] = logStringFormatter{v: ls}
 		}
 	}

--- a/modules/log/logger_test.go
+++ b/modules/log/logger_test.go
@ -116,6 +116,14 @@ func (t testLogString) LogString() string {
 	return "log-string"
 }

+type testLogStringPtrReceiver struct {
+	Field string
+}
+
+func (t *testLogStringPtrReceiver) LogString() string {
+	return "log-string-ptr-receiver"
+}
+
 func TestLoggerLogString(t *testing.T) {
 	logger := NewLoggerWithWriters(context.Background(), "test")

@ -124,9 +132,13 @@ func TestLoggerLogString(t *testing.T) {
 	logger.AddWriters(w1)

 	logger.Info("%s %s %#v %v", testLogString{}, &testLogString{}, testLogString{Field: "detail"}, NewColoredValue(testLogString{}, FgRed))
+	logger.Info("%s %s %#v %v", testLogStringPtrReceiver{}, &testLogStringPtrReceiver{}, testLogStringPtrReceiver{Field: "detail"}, NewColoredValue(testLogStringPtrReceiver{}, FgRed))
 	logger.Close()

-	assert.Equal(t, []string{"log-string log-string log.testLogString{Field:\"detail\"} \x1b[31mlog-string\x1b[0m\n"}, w1.GetLogs())
+	assert.Equal(t, []string{
+		"log-string log-string log.testLogString{Field:\"detail\"} \x1b[31mlog-string\x1b[0m\n",
+		"log-string-ptr-receiver log-string-ptr-receiver &log.testLogStringPtrReceiver{Field:\"detail\"} \x1b[31mlog-string-ptr-receiver\x1b[0m\n",
+	}, w1.GetLogs())
 }

 func TestLoggerExpressionFilter(t *testing.T) {
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -1702,7 +1702,9 @@ issues.time_estimate_invalid = Time estimate format is invalid
 issues.start_tracking_history = started working %s
 issues.tracker_auto_close = Timer will be stopped automatically when this issue gets closed
 issues.tracking_already_started = `You have already started time tracking on <a href="%s">another issue</a>!`
+issues.stop_tracking = Stop Timer
 issues.stop_tracking_history = worked for <b>%[1]s</b> %[2]s
+issues.cancel_tracking = Discard
 issues.cancel_tracking_history = `canceled time tracking %s`
 issues.del_time = Delete this time log
 issues.add_time_history = added spent time <b>%[1]s</b> %[2]s
--- a/routers/api/packages/composer/api.go
+++ b/routers/api/packages/composer/api.go
@ -66,6 +66,7 @@ type PackageMetadataResponse struct {
 }

 // PackageVersionMetadata contains package metadata
+// https://getcomposer.org/doc/05-repositories.md#package
 type PackageVersionMetadata struct {
 	*composer_module.Metadata
 	Name    string    `json:"name"`
@ -73,6 +74,7 @@ type PackageVersionMetadata struct {
 	Type    string    `json:"type"`
 	Created time.Time `json:"time"`
 	Dist    Dist      `json:"dist"`
+	Source  Source    `json:"source"`
 }

 // Dist contains package download information
@ -82,6 +84,13 @@ type Dist struct {
 	Checksum string `json:"shasum"`
 }

+// Source contains package source information
+type Source struct {
+	URL       string `json:"url"`
+	Type      string `json:"type"`
+	Reference string `json:"reference"`
+}
+
 func createPackageMetadataResponse(registryURL string, pds []*packages_model.PackageDescriptor) *PackageMetadataResponse {
 	versions := make([]*PackageVersionMetadata, 0, len(pds))

@ -94,7 +103,7 @@ func createPackageMetadataResponse(registryURL string, pds []*packages_model.Pac
 			}
 		}

-		versions = append(versions, &PackageVersionMetadata{
+		pkg := PackageVersionMetadata{
 			Name:     pd.Package.Name,
 			Version:  pd.Version.Version,
 			Type:     packageType,
@ -105,7 +114,16 @@ func createPackageMetadataResponse(registryURL string, pds []*packages_model.Pac
 				URL:      fmt.Sprintf("%s/files/%s/%s/%s", registryURL, url.PathEscape(pd.Package.LowerName), url.PathEscape(pd.Version.LowerVersion), url.PathEscape(pd.Files[0].File.LowerName)),
 				Checksum: pd.Files[0].Blob.HashSHA1,
 			},
-		})
+		}
+		if pd.Repository != nil {
+			pkg.Source = Source{
+				URL:       pd.Repository.HTMLURL(),
+				Type:      "git",
+				Reference: pd.Version.Version,
+			}
+		}
+
+		versions = append(versions, &pkg)
 	}

 	return &PackageMetadataResponse{
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -1196,6 +1196,10 @@ func registerRoutes(m *web.Router) {
 			})
 		})
 	}
+	// FIXME: many "pulls" requests are sent to "issues" endpoints correctly, so the issue endpoints have to tolerate pull request permissions at the moment
+	m.Group("/{username}/{reponame}/{type:issues}", addIssuesPullsViewRoutes, optSignIn, context.RepoAssignment, context.RequireUnitReader(unit.TypeIssues, unit.TypePullRequests))
+	m.Group("/{username}/{reponame}/{type:pulls}", addIssuesPullsViewRoutes, optSignIn, context.RepoAssignment, reqUnitPullsReader)
+
 	m.Group("/{username}/{reponame}", func() {
 		m.Get("/comments/{id}/attachments", repo.GetCommentAttachments)
 		m.Get("/labels", repo.RetrieveLabelsForList, repo.Labels)
@ -1203,9 +1207,6 @@ func registerRoutes(m *web.Router) {
 		m.Get("/milestone/{id}", context.RepoRef(), repo.MilestoneIssuesAndPulls)
 		m.Get("/issues/suggestions", repo.IssueSuggestions)
 	}, optSignIn, context.RepoAssignment, reqRepoIssuesOrPullsReader) // issue/pull attachments, labels, milestones
-
-	m.Group("/{username}/{reponame}/{type:issues}", addIssuesPullsViewRoutes, optSignIn, context.RepoAssignment, reqUnitIssuesReader)
-	m.Group("/{username}/{reponame}/{type:pulls}", addIssuesPullsViewRoutes, optSignIn, context.RepoAssignment, reqUnitPullsReader)
 	// end "/{username}/{reponame}": view milestone, label, issue, pull, etc

 	m.Group("/{username}/{reponame}/{type:issues}", func() {
@ -1224,7 +1225,7 @@ func registerRoutes(m *web.Router) {
 			m.Get("/search", repo.SearchRepoIssuesJSON)
 		}, reqUnitIssuesReader)

-		addIssuesPullsRoutes := func() {
+		addIssuesPullsUpdateRoutes := func() {
 			// for "/{username}/{reponame}/issues" or "/{username}/{reponame}/pulls"
 			m.Group("/{index}", func() {
 				m.Post("/title", repo.UpdateIssueTitle)
@ -1267,8 +1268,9 @@ func registerRoutes(m *web.Router) {
 			m.Delete("/unpin/{index}", reqRepoAdmin, repo.IssueUnpin)
 			m.Post("/move_pin", reqRepoAdmin, repo.IssuePinMove)
 		}
-		m.Group("/{type:issues}", addIssuesPullsRoutes, reqUnitIssuesReader, context.RepoMustNotBeArchived())
-		m.Group("/{type:pulls}", addIssuesPullsRoutes, reqUnitPullsReader, context.RepoMustNotBeArchived())
+		// FIXME: many "pulls" requests are sent to "issues" endpoints incorrectly, so the issue endpoints have to tolerate pull request permissions at the moment
+		m.Group("/{type:issues}", addIssuesPullsUpdateRoutes, context.RequireUnitReader(unit.TypeIssues, unit.TypePullRequests), context.RepoMustNotBeArchived())
+		m.Group("/{type:pulls}", addIssuesPullsUpdateRoutes, reqUnitPullsReader, context.RepoMustNotBeArchived())

 		m.Group("/comments/{id}", func() {
 			m.Post("", repo.UpdateCommentContent)
@ -1292,7 +1294,7 @@ func registerRoutes(m *web.Router) {
 			m.Post("/delete", repo.DeleteMilestone)
 		}, reqRepoIssuesOrPullsWriter, context.RepoRef())

-		// FIXME: need to move these routes to the proper place
+		// FIXME: many "pulls" requests are sent to "issues" endpoints incorrectly, need to move these routes to the proper place
 		m.Group("/issues", func() {
 			m.Post("/request_review", repo.UpdatePullReviewRequest)
 			m.Post("/dismiss_review", reqRepoAdmin, web.Bind(forms.DismissReviewForm{}), repo.DismissReview)
--- a/tests/integration/api_packages_composer_test.go
+++ b/tests/integration/api_packages_composer_test.go
@ -13,6 +13,7 @@ import (

 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/packages"
+	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	composer_module "code.gitea.io/gitea/modules/packages/composer"
@ -217,5 +218,38 @@ func TestPackageComposer(t *testing.T) {
 		assert.Equal(t, "4f5fa464c3cb808a1df191dbf6cb75363f8b7072", pkgs[0].Dist.Checksum)
 		assert.Len(t, pkgs[0].Bin, 1)
 		assert.Equal(t, packageBin, pkgs[0].Bin[0])
+
+		// Test package linked to repository
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeComposer)
+		assert.NoError(t, err)
+		assert.Len(t, pvs, 1)
+
+		err = packages.SetRepositoryLink(db.DefaultContext, pvs[0].ID, repo1.ID)
+		assert.NoError(t, err)
+
+		req = NewRequest(t, "GET", fmt.Sprintf("%s/p2/%s/%s.json", url, vendorName, projectName)).
+			AddBasicAuth(user.Name)
+		resp = MakeRequest(t, req, http.StatusOK)
+
+		result = composer.PackageMetadataResponse{}
+		DecodeJSON(t, resp, &result)
+
+		assert.Contains(t, result.Packages, packageName)
+		pkgs = result.Packages[packageName]
+		assert.Len(t, pkgs, 1)
+		assert.Equal(t, packageName, pkgs[0].Name)
+		assert.Equal(t, packageVersion, pkgs[0].Version)
+		assert.Equal(t, packageType, pkgs[0].Type)
+		assert.Equal(t, packageDescription, pkgs[0].Description)
+		assert.Len(t, pkgs[0].Authors, 1)
+		assert.Equal(t, packageAuthor, pkgs[0].Authors[0].Name)
+		assert.Equal(t, "zip", pkgs[0].Dist.Type)
+		assert.Equal(t, "4f5fa464c3cb808a1df191dbf6cb75363f8b7072", pkgs[0].Dist.Checksum)
+		assert.Len(t, pkgs[0].Bin, 1)
+		assert.Equal(t, packageBin, pkgs[0].Bin[0])
+		assert.Equal(t, repo1.HTMLURL(), pkgs[0].Source.URL)
+		assert.Equal(t, "git", pkgs[0].Source.Type)
+		assert.Equal(t, packageVersion, pkgs[0].Source.Reference)
 	})
 }
Author	SHA1	Message	Date
Lunny Xiao	ae44ac7b68	Merge ab61e4577360334408807e5160f8b962c15e52c4 into c2e23d3301b1be2b2ad667184030087f92ad2470	2025-02-19 13:28:14 +08:00
wxiaoguang	c2e23d3301	Fix PR web route permission check (#33636 ) Some checks are pending release-nightly / nightly-binary (push) Waiting to run Details release-nightly / nightly-docker-rootful (push) Waiting to run Details release-nightly / nightly-docker-rootless (push) Waiting to run Details See the FIXME comment in code. Otherwise, if a repo's issue unit is disabled, then the PRs can't be edited anymore. By the way, make the permission log output look slightly better. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: metiftikci <metiftikci@hotmail.com>	2025-02-19 00:55:19 +00:00
metiftikci	84d2159ef6	fix: add missing locale (#33641 ) this removed in #23113 but still using in `head_navbar.tmpl`	2025-02-18 16:29:17 -08:00
Lunny Xiao	ab61e45773	Merge branch 'main' into lunny/add_composor_source	2025-02-17 12:25:45 -08:00
Lunny Xiao	a3aad88542	Merge branch 'main' into lunny/add_composor_source	2025-02-16 23:09:16 -08:00
Lunny Xiao	357080bf67	Fix lint	2025-02-16 23:09:12 -08:00
Lunny Xiao	e0fc681954	Merge branch 'main' into lunny/add_composor_source	2025-02-16 21:17:48 -08:00
Lunny Xiao	d192e8cb6f	Add test	2025-02-16 21:17:08 -08:00
Lunny Xiao	5c1d4c4f66	Merge branch 'main' into lunny/add_composor_source	2025-02-16 19:40:54 -08:00
Lunny Xiao	00a56ef532	Add composor source field	2025-02-04 21:51:14 -08:00