Skip to content

Commit

Permalink
Merge remote-tracking branch 'giteaofficial/main'
Browse files Browse the repository at this point in the history
* giteaofficial/main:
  Document that all unmerged feature PRs will be moved to next milestone when the feature freeze time comes (go-gitea#29578)
  Make admin pages wider because of left sidebar added and some tables become too narrow (go-gitea#29581)
  Refactor star/watch button (go-gitea#29576)
  Remove unnecessary SanitizeHTML from code (go-gitea#29575)
  Add missing database transaction for new issue (go-gitea#29490)
  Fix incorrect package link method calls in templates (go-gitea#29580)
  Move some asymkey functions to service layer (go-gitea#28894)
  Add user blocking (go-gitea#29028)

# Conflicts:
#	templates/repo/issue/view_content/context_menu.tmpl
  • Loading branch information
zjjhot committed Mar 4, 2024
2 parents 65964a4 + 76789bd commit 79032d9
Show file tree
Hide file tree
Showing 140 changed files with 3,099 additions and 740 deletions.
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,7 @@ We assume in good faith that the information you provide is legally binding.
We adopted a release schedule to streamline the process of working on, finishing, and issuing releases. \
The overall goal is to make a major release every three or four months, which breaks down into two or three months of general development followed by one month of testing and polishing known as the release freeze. \
All the feature pull requests should be
merged before feature freeze. And, during the frozen period, a corresponding
merged before feature freeze. All feature pull requests haven't been merged before this feature freeze will be moved to next milestone, please notice our feature freeze announcement on discord. And, during the frozen period, a corresponding
release branch is open for fixes backported from main branch. Release candidates
are made during this period for user testing to
obtain a final version that is maintained in this branch.
Expand Down
4 changes: 2 additions & 2 deletions cmd/admin_regenerate.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
package cmd

import (
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/modules/graceful"
asymkey_service "code.gitea.io/gitea/services/asymkey"
repo_service "code.gitea.io/gitea/services/repository"

"github.com/urfave/cli/v2"
Expand Down Expand Up @@ -42,5 +42,5 @@ func runRegenerateKeys(_ *cli.Context) error {
if err := initDB(ctx); err != nil {
return err
}
return asymkey_model.RewriteAllPublicKeys(ctx)
return asymkey_service.RewriteAllPublicKeys(ctx)
}
2 changes: 1 addition & 1 deletion docs/content/administration/mail-templates.en-us.md
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ Please check [Gitea's logs](administration/logging-config.md) for error messages
{{if not (eq .Body "")}}
<h3>Message content</h3>
<hr>
{{.Body | SanitizeHTML}}
{{.Body}}
{{end}}
</p>
<hr>
Expand Down
2 changes: 1 addition & 1 deletion docs/content/administration/mail-templates.zh-cn.md
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ _主题_ 和 _邮件正文_ 由 [Golang的模板引擎](https://go.dev/pkg/text/
{{if not (eq .Body "")}}
<h3>消息内容:</h3>
<hr>
{{.Body | SanitizeHTML}}
{{.Body}}
{{end}}
</p>
<hr>
Expand Down
56 changes: 56 additions & 0 deletions docs/content/usage/blocking-users.en-us.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
---
date: "2024-01-31T00:00:00+00:00"
title: "Blocking a user"
slug: "blocking-user"
sidebar_position: 25
toc: false
draft: false
aliases:
- /en-us/webhooks
menu:
sidebar:
parent: "usage"
name: "Blocking a user"
sidebar_position: 30
identifier: "blocking-user"
---

# Blocking a user

Gitea supports blocking of users to restrict how they can interact with you and your content.

You can block a user in your account settings, from the user's profile or from comments created by the user.
The user is not directly notified about the block, but they can notice they are blocked when they attempt to interact with you.
Organization owners can block anyone who is not a member of the organization too.
If a blocked user has admin permissions, they can still perform all actions even if blocked.

### When you block a user

- the user stops following you
- you stop following the user
- the user's stars are removed from your repositories
- your stars are removed from their repositories
- the user stops watching your repositories
- you stop watching their repositories
- the user's issue assignments are removed from your repositories
- your issue assignments are removed from their repositories
- the user is removed as a collaborator on your repositories
- you are removed as a collaborator on their repositories
- any pending repository transfers to or from the blocked user are canceled

### When you block a user, the user cannot

- follow you
- watch your repositories
- star your repositories
- fork your repositories
- transfer repositories to you
- open issues or pull requests on your repositories
- comment on issues or pull requests you've created
- comment on issues or pull requests on your repositories
- react to your comments on issues or pull requests
- react to comments on issues or pull requests on your repositories
- assign you to issues or pull requests
- add you as a collaborator on their repositories
- send you notifications by @mentioning your username
- be added as team member (if blocked by an organization)
66 changes: 6 additions & 60 deletions models/asymkey/ssh_key_authorized_keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"path/filepath"
"strings"
"sync"
"time"

"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/modules/log"
Expand Down Expand Up @@ -44,6 +43,12 @@ const (

var sshOpLocker sync.Mutex

func WithSSHOpLocker(f func() error) error {
sshOpLocker.Lock()
defer sshOpLocker.Unlock()
return f()
}

// AuthorizedStringForKey creates the authorized keys string appropriate for the provided key
func AuthorizedStringForKey(key *PublicKey) string {
sb := &strings.Builder{}
Expand Down Expand Up @@ -114,65 +119,6 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
return nil
}

// RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.
// Note: db.GetEngine(ctx).Iterate does not get latest data after insert/delete, so we have to call this function
// outside any session scope independently.
func RewriteAllPublicKeys(ctx context.Context) error {
// Don't rewrite key if internal server
if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile {
return nil
}

sshOpLocker.Lock()
defer sshOpLocker.Unlock()

if setting.SSH.RootPath != "" {
// First of ensure that the RootPath is present, and if not make it with 0700 permissions
// This of course doesn't guarantee that this is the right directory for authorized_keys
// but at least if it's supposed to be this directory and it doesn't exist and we're the
// right user it will at least be created properly.
err := os.MkdirAll(setting.SSH.RootPath, 0o700)
if err != nil {
log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err)
return err
}
}

fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
tmpPath := fPath + ".tmp"
t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
if err != nil {
return err
}
defer func() {
t.Close()
if err := util.Remove(tmpPath); err != nil {
log.Warn("Unable to remove temporary authorized keys file: %s: Error: %v", tmpPath, err)
}
}()

if setting.SSH.AuthorizedKeysBackup {
isExist, err := util.IsExist(fPath)
if err != nil {
log.Error("Unable to check if %s exists. Error: %v", fPath, err)
return err
}
if isExist {
bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix())
if err = util.CopyFile(fPath, bakPath); err != nil {
return err
}
}
}

if err := RegeneratePublicKeys(ctx, t); err != nil {
return err
}

t.Close()
return util.Rename(tmpPath, fPath)
}

// RegeneratePublicKeys regenerates the authorized_keys file
func RegeneratePublicKeys(ctx context.Context, t io.StringWriter) error {
if err := db.GetEngine(ctx).Where("type != ?", KeyTypePrincipal).Iterate(new(PublicKey), func(idx int, bean any) (err error) {
Expand Down
40 changes: 0 additions & 40 deletions models/asymkey/ssh_key_principals.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,51 +9,11 @@ import (
"strings"

"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
)

// AddPrincipalKey adds new principal to database and authorized_principals file.
func AddPrincipalKey(ctx context.Context, ownerID int64, content string, authSourceID int64) (*PublicKey, error) {
dbCtx, committer, err := db.TxContext(ctx)
if err != nil {
return nil, err
}
defer committer.Close()

// Principals cannot be duplicated.
has, err := db.GetEngine(dbCtx).
Where("content = ? AND type = ?", content, KeyTypePrincipal).
Get(new(PublicKey))
if err != nil {
return nil, err
} else if has {
return nil, ErrKeyAlreadyExist{0, "", content}
}

key := &PublicKey{
OwnerID: ownerID,
Name: content,
Content: content,
Mode: perm.AccessModeWrite,
Type: KeyTypePrincipal,
LoginSourceID: authSourceID,
}
if err = db.Insert(dbCtx, key); err != nil {
return nil, fmt.Errorf("addKey: %w", err)
}

if err = committer.Commit(); err != nil {
return nil, err
}

committer.Close()

return key, RewriteAllPrincipalKeys(ctx)
}

// CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines
func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error) {
if setting.SSH.Disabled {
Expand Down
50 changes: 31 additions & 19 deletions models/fixtures/access.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,120 +42,132 @@

-
id: 8
user_id: 15
user_id: 10
repo_id: 21
mode: 2

-
id: 9
user_id: 10
repo_id: 32
mode: 2

-
id: 10
user_id: 15
repo_id: 21
mode: 2

-
id: 11
user_id: 15
repo_id: 22
mode: 2

-
id: 10
id: 12
user_id: 15
repo_id: 23
mode: 4

-
id: 11
id: 13
user_id: 15
repo_id: 24
mode: 4

-
id: 12
id: 14
user_id: 15
repo_id: 32
mode: 2

-
id: 13
id: 15
user_id: 18
repo_id: 21
mode: 2

-
id: 14
id: 16
user_id: 18
repo_id: 22
mode: 2

-
id: 15
id: 17
user_id: 18
repo_id: 23
mode: 4

-
id: 16
id: 18
user_id: 18
repo_id: 24
mode: 4

-
id: 17
id: 19
user_id: 20
repo_id: 24
mode: 1

-
id: 18
id: 20
user_id: 20
repo_id: 27
mode: 4

-
id: 19
id: 21
user_id: 20
repo_id: 28
mode: 4

-
id: 20
id: 22
user_id: 29
repo_id: 4
mode: 2

-
id: 21
id: 23
user_id: 29
repo_id: 24
mode: 1

-
id: 22
id: 24
user_id: 31
repo_id: 27
mode: 4

-
id: 23
id: 25
user_id: 31
repo_id: 28
mode: 4

-
id: 24
id: 26
user_id: 38
repo_id: 60
mode: 2

-
id: 25
id: 27
user_id: 38
repo_id: 61
mode: 1

-
id: 26
id: 28
user_id: 39
repo_id: 61
mode: 1

-
id: 27
id: 29
user_id: 40
repo_id: 61
mode: 4
Loading

0 comments on commit 79032d9

Please sign in to comment.