From 833d9830a51ea464172330ba7970ac662fb73667 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Thu, 28 Sep 2023 11:26:05 +0800 Subject: [PATCH 1/3] fix --- routers/web/repo/issue_content_history.go | 10 ++++++++-- web_src/css/modules/modal.css | 7 ++++++- web_src/css/repo.css | 2 ++ web_src/js/features/repo-issue-content.js | 7 ++++--- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go index 3dd7725c21506..6a6cd7e93ec42 100644 --- a/routers/web/repo/issue_content_history.go +++ b/routers/web/repo/issue_content_history.go @@ -93,9 +93,15 @@ func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue history *issues_model.ContentHistory, ) bool { canSoftDelete := false - if ctx.Repo.IsOwner() { + // CanWrite means the doer can manage the issue list + if ctx.Repo.IsOwner() || ctx.Repo.CanWrite(unit.TypeIssues) { canSoftDelete = true - } else if ctx.Repo.CanWrite(unit.TypeIssues) { + } else { + // for read-only users, they could still post issues or comments, + // they should be able to delete the history related to their own issue/comment, a case is: + // 1. the user posts some sensitive data + // 2. then the repo owner edits the post but didn't remove the sensitive data + // 3. the poster wants to delete the edited history revision if comment == nil { // the issue poster or the history poster can soft-delete canSoftDelete = ctx.Doer.ID == issue.PosterID || ctx.Doer.ID == history.PosterID diff --git a/web_src/css/modules/modal.css b/web_src/css/modules/modal.css index 96bc8be8983b5..54a4ef81ca19d 100644 --- a/web_src/css/modules/modal.css +++ b/web_src/css/modules/modal.css @@ -3,13 +3,18 @@ width: fit-content; } -.ui.modal.g-modal-confirm > .inside.close { +.ui.modal.g-modal-confirm > .inside.close.icon { padding: 0; width: 1em; height: 1em; top: 1.2em; } +.ui.modal > .close.icon[height="16"] { + top: 0.7em; /* fomantic uses absolute layout, so if we have special icon size, it needs this trick to align vertically */ + color: var(--color-text-dark); +} + .ui.modal > .header { /* can't use display:flex, because some headers have space-separated elements, eg: delete branch modal */ color: var(--color-text-dark); diff --git a/web_src/css/repo.css b/web_src/css/repo.css index b7b14f740791c..8e751ef88e1f9 100644 --- a/web_src/css/repo.css +++ b/web_src/css/repo.css @@ -2578,12 +2578,14 @@ tbody.commit-list { .comment-diff-data { background: var(--color-code-bg); + min-height: 12em; max-height: calc(100vh - 10.5rem); overflow-y: auto; } .comment-diff-data pre { line-height: 18px; + margin: 1em; white-space: pre-wrap; word-break: break-all; overflow-wrap: break-word; diff --git a/web_src/js/features/repo-issue-content.js b/web_src/js/features/repo-issue-content.js index 3ada166c5b009..7832641687d1c 100644 --- a/web_src/js/features/repo-issue-content.js +++ b/web_src/js/features/repo-issue-content.js @@ -17,14 +17,15 @@ function showContentHistoryDetail(issueBaseUrl, commentId, historyId, itemTitleH ${svg('octicon-x', 16, 'close icon inside')}
${itemTitleHtml}
-
- ${i18nTextOptions}${svg('octicon-triangle-down', 14, 'dropdown icon')} +
+ ${i18nTextOptions} + ${svg('octicon-triangle-down', 14, 'dropdown icon')}
${i18nTextDeleteFromHistory}
-
+
`); $dialog.appendTo($('body')); $dialog.find('.dialog-header-options').dropdown({ From f10db1ffc23f68dba30beb6c99b33d3abad8e478 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Thu, 28 Sep 2023 11:52:52 +0800 Subject: [PATCH 2/3] check issue/PR writable --- routers/web/repo/issue_content_history.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go index 6a6cd7e93ec42..d2ff628a88f41 100644 --- a/routers/web/repo/issue_content_history.go +++ b/routers/web/repo/issue_content_history.go @@ -93,8 +93,8 @@ func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue history *issues_model.ContentHistory, ) bool { canSoftDelete := false - // CanWrite means the doer can manage the issue list - if ctx.Repo.IsOwner() || ctx.Repo.CanWrite(unit.TypeIssues) { + // CanWrite means the doer can manage the issue/PR list + if ctx.Repo.IsOwner() || (!issue.IsPull && ctx.Repo.CanWrite(unit.TypeIssues)) || (issue.IsPull && ctx.Repo.CanWrite(unit.TypePullRequests)) { canSoftDelete = true } else { // for read-only users, they could still post issues or comments, From 4d58be06883c503a42d3cda92ed0863562c8f5c3 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Thu, 28 Sep 2023 11:59:50 +0800 Subject: [PATCH 3/3] fix & lint --- routers/web/repo/issue_content_history.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go index d2ff628a88f41..5c378fe9d79df 100644 --- a/routers/web/repo/issue_content_history.go +++ b/routers/web/repo/issue_content_history.go @@ -11,7 +11,6 @@ import ( "code.gitea.io/gitea/models/avatars" issues_model "code.gitea.io/gitea/models/issues" - "code.gitea.io/gitea/models/unit" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" @@ -91,10 +90,9 @@ func GetContentHistoryList(ctx *context.Context) { // Admins or owners can always delete history revisions. Normal users can only delete own history revisions. func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue, comment *issues_model.Comment, history *issues_model.ContentHistory, -) bool { - canSoftDelete := false +) (canSoftDelete bool) { // CanWrite means the doer can manage the issue/PR list - if ctx.Repo.IsOwner() || (!issue.IsPull && ctx.Repo.CanWrite(unit.TypeIssues)) || (issue.IsPull && ctx.Repo.CanWrite(unit.TypePullRequests)) { + if ctx.Repo.IsOwner() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { canSoftDelete = true } else { // for read-only users, they could still post issues or comments,