Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix javascript error when an anonymous user visiting migration page #32144

Merged
merged 15 commits into from
Oct 2, 2024
Merged

Fix javascript error when an anonymous user visiting migration page #32144

merged 15 commits into from
Oct 2, 2024

Conversation

lunny
Copy link
Member

@lunny lunny commented Sep 27, 2024
edited
Loading

This PR fixes javascript errors when an anonymous user visits the migration page.
It also makes task view checking more restrictive.

The router moved from /user/task/{id}/status to /username/reponame/-/migrate/status because it's a migrate status.

@lunny lunny added type/bug backport/v1.22 This PR should be backported to Gitea 1.22 labels Sep 27, 2024
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 27, 2024
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Sep 27, 2024
@lunny lunny added this to the 1.23.0 milestone Sep 27, 2024
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 27, 2024
yp05327
yp05327 approved these changes Sep 27, 2024
View reviewed changes
Copy link
Contributor

@yp05327 yp05327 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How to reproduce?

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 27, 2024
@lunny
Copy link
Member Author

lunny commented Sep 27, 2024

How to reproduce?

migrate a big repository and visit the repository with anonymous.

@wxiaoguang
Copy link
Contributor

JS: foo()?.bar()

@pull-request-size pull-request-size bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 27, 2024
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Sep 27, 2024
@lunny
Copy link
Member Author

lunny commented Sep 27, 2024

JS: foo()?.bar()

e0a9e25

yp05327
yp05327 reviewed Sep 27, 2024
View reviewed changes
routers/web/user/task.go Outdated Show resolved Hide resolved
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 28, 2024
@wxiaoguang
Copy link
Contributor

wxiaoguang commented Sep 29, 2024
edited
Loading

-> Fix view repo migration task logic #32152

Ideally it should be like this.

Update: 32152 is just an example about the XORM usage problem.

Actually, the "repo migrating" page has a lot of problems.

This PR is far from ideal either (actually I wouldn't say this PR is right).

  1. The "repo migrating" page is shown under /{owner}/{repo} routing path, but it uses /user/task/{id} to query the task information. It breaks the repo's permission model.
  2. The permission check is quite messy. For example: /user/task/{id} checks doer_id, but on the page it checks IsAdmin (what if another admin would like to manage the task?). Ideally it shouldn't check doer ID, but just respect the repo's permission.

To make things right, it needs to use something like /{owner}/{repo}/-/migrating-task to query the current repo's task state, and allow "admin" roles to delete or retry.

@lunny lunny removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 29, 2024
@pull-request-size pull-request-size bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 30, 2024
@github-actions github-actions bot added the modifies/templates This PR modifies the template files label Sep 30, 2024
@lunny lunny marked this pull request as draft September 30, 2024 02:43
wxiaoguang
wxiaoguang reviewed Sep 30, 2024
View reviewed changes
routers/web/web.go Outdated Show resolved Hide resolved
@lunny lunny marked this pull request as ready for review October 2, 2024 04:00
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Oct 2, 2024
@lunny lunny enabled auto-merge (squash) October 2, 2024 04:19
@lunny lunny merged commit a989404 into go-gitea:main Oct 2, 2024
26 checks passed
@GiteaBot
Copy link
Collaborator

GiteaBot commented Oct 2, 2024

I was unable to create a backport for 1.22. @lunny, please send one manually. 🍵

go run ./contrib/backport 32144
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added backport/manual No power to the bots! Create your backport yourself! and removed reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Oct 2, 2024
@lunny lunny deleted the lunny/fix_js_error_migrating branch October 2, 2024 04:59
lunny added a commit to lunny/gitea that referenced this pull request Oct 2, 2024
@lunny @wxiaoguang
Fix javascript error when an anonymous user visiting migration page (g…
9d7becf 
…o-gitea#32144)

This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.

The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.

---------

Co-authored-by: wxiaoguang <[email protected]>
@lunny lunny mentioned this pull request Oct 2, 2024
Merged
@lunny lunny added the backport/done All backports for this PR have been created label Oct 2, 2024
zjjhot added a commit to zjjhot/gitea that referenced this pull request Oct 2, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
4f27d60 
* giteaofficial/main:
  Fix javascript error when an anonymous user visiting migration page (go-gitea#32144)
  Make oauth2 code clear. Move oauth2 provider code to their own packages/files (go-gitea#32148)
  Support repo license (go-gitea#24872)
  Fix the logic of finding the latest pull review commit ID (go-gitea#32139)
  Ensure `GetCSRF` doesn't return an empty token (go-gitea#32130)
  Bump minio-go to latest version (go-gitea#32156)
techknowlogick pushed a commit that referenced this pull request Oct 4, 2024
@lunny @wxiaoguang
Fix javascript error when an anonymous user visiting migration page (#…
2e3a191 
…32144) (#32179)

backport #32144

This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.

The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.

Co-authored-by: wxiaoguang <[email protected]>
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@yp05327 yp05327 yp05327 approved these changes

@wxiaoguang wxiaoguang wxiaoguang left review comments

@Zettat123 Zettat123 Zettat123 approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! backport/v1.22 This PR should be backported to Gitea 1.22 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/frontend modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files size/L Denotes a PR that changes 100-499 lines, ignoring generated files. type/bug
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.
5 participants
@lunny @wxiaoguang @GiteaBot @Zettat123 @yp05327