Propagate changes of md-rendered checkboxes to the server

[j2L4e]

Markdown rendered checkboxes are now enabled/clickable in comment blocks, markdown is changed accordingly and the raw comment is updated on the server.

Attaches change handlers to the markdown rendered checkboxes.
When a checkbox value changes, the corresponding [ ] or [x] in the markdown string is set accordingly and sent to the server.
On success it updates the raw-content on error it resets the checkbox to its original value.
While a request is in-flight, all checkboxes within the same markdown block are disabled.

#7097

[codecov-io]

Codecov Report

Merging #14258 (4ac7ad5) into master (126c933) will decrease coverage by 0.10%.
The diff coverage is 26.75%.

@@            Coverage Diff             @@
##           master   #14258      +/-   ##
==========================================
- Coverage   41.97%   41.87%   -0.11%     
==========================================
  Files         735      742       +7     
  Lines       78933    79324     +391     
==========================================
+ Hits        33132    33214      +82     
- Misses      40346    40647     +301     
- Partials     5455     5463       +8     

Impacted Files	Coverage Δ
modules/auth/admin.go	0.00% <ø> (ø)
modules/auth/auth.go	61.53% <ø> (-2.51%)	⬇️
modules/auth/sso/reverseproxy.go	9.52% <0.00%> (ø)
modules/middlewares/cookie.go	0.00% <0.00%> (ø)
modules/middlewares/locale.go	0.00% <0.00%> (ø)
modules/middlewares/redis.go	2.15% <2.15%> (ø)
routers/admin/users.go	27.77% <26.66%> (-0.08%)	⬇️
modules/templates/base.go	28.57% <28.57%> (ø)
routers/routes/recovery.go	29.41% <29.41%> (ø)
modules/middlewares/virtual.go	32.29% <32.29%> (ø)
... and 24 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4ef5f17...4ac7ad5. Read the comment docs.

[noerw]

Thank you! 🎉

Two edge cases to consider:

1. Your markdown <-> checkbox matching fails for pathologic markdown like the following:

   [x]
   - [ ] foobar

   This should be fixable with a stricter regex like ^- \[[ x]\]

2. The checkboxes are still interactive when user can't edit a comment. For accessibility I'd prefer if these checkboxes remain disabled. You could check if a sibling matching .comment-container .comment-header-right .menu .item.edit-content exists, or (cleaner) add a data-attr to the comment indicating if it is editable. For the cleaner solution, edit templates/repo/issue/view_content/comments.tmpl with a similar check to

   gitea/templates/repo/issue/view_content/context_menu.tmpl

   Line 13 in f76c300

   {{if or .ctx.Permission.IsAdmin .IsCommentPoster .ctx.HasIssuesOrPullsWritePermission}}

[zeripath]

Thank you!

Two edge cases to consider:

1. Your markdown <-> checkbox matching fails for pathologic markdown like the following:

   [x]
   - [ ] foobar
   

   This should be fixable with a stricter regex like ^- \[[ x]\]

as I showed in #14258 (comment) the regexp route cannot work - we need to store the index in the raw markdown of the checkbox as described here: #14258 (comment) (and some kind of hash of the raw markdown too to ensure it hasn't changed in the intervening period) then switch the checkbox that way.

2. The checkboxes are still interactive when user can't edit a comment. For accessibility I'd prefer if these checkboxes remain disabled. You could check if a sibling matching .comment-container .comment-header-right .menu .item.edit-content exists, or (cleaner) add a data-attr to the comment indicating if it is editable. For the cleaner solution, edit templates/repo/issue/view_content/comments.tmpl with a similar check to

   gitea/templates/repo/issue/view_content/context_menu.tmpl

   Line 13 in f76c300

   {{if or .ctx.Permission.IsAdmin .IsCommentPoster .ctx.HasIssuesOrPullsWritePermission}}

Agreed - these should be disabled if the user does not have permission to edit.

We can pass in the permission check as part of render config to goldmark to get it to render actual forms for the checkboxes - although getting that past the sanitizer as currently constituted could be difficult - or just get javascript to enable them - by passing in the permission flag as part of the render.

[lunny]

• The markdown or orgmode renderer should give the line number of the checkbox on original document.
• All checkboxes should accept an event to request backend to update the markdown/orgmode and then update the frontend document via ajax .

[j2L4e]

I'm still up for this, but having a lot on my plate right now. I'll get it done when I find the time to read up on go a little, so I don't just blindly apply zeripath's diff (thanks for that) but know how it works. Shouldn't be that long.

If anyone's willing to do it right away, go ahead. Will report back here once I start working on it again