The right to force merge is uses the wrong predicate and
applies to instance admins:
ctx.user.IsAdmin
It must apply to repository admins and use the following predicate:
ctx.userPerm.IsAdmin()
This regression is from the ApplyToAdmins implementation in
79b7089360.
Fixes: https://codeberg.org/forgejo/forgejo/issues/3780
This exception existed for both instance admins and repo admins
before ApplyToAdmins was introduced in
79b7089360.
It should have been kept for instance admins only because they are not
subject to permission checks.
Verify variations of branch protection that are in play when merging a
pull request as:
* instance admin
* repository admin / owner
* user with write permissions on the repository
In all cases the result is expected to be the same when merging
the pull request via:
* API
* web
Although the implementations are different.
* split into testPullMergeForm which can be called directly if
the caller wants to specify extra parameters.
* testPullMergeForm can expect something different than StatusOK
* http.StatusMethodNotAllowed can be expected: only retry if the
error message is "Please try again later"
* split into doAPIMergePullRequestForm which can be called directly if
the caller wants to specify extra parameters.
Use the same padding horizontally and vertically, so the views like readme look a bit nicer. Just slightly adjusted two values, nothing really test-able here.
## Motivation
I came to the conclusion that they should be the same myself, later I checked GitHub and it turned out to also use the same paddings. I would like to notice that the padding here (2em = 32px) is the same as GitHub uses too.
I find this as a logical UI change because the paddings are usually same on both axis across the UI (like on PR sidebar).
Also updated paddings for when the files are shown in profile, but copied the `1.5em` that GitHub uses. This, once again, makes sense, because the overview markdown isn't the primary content, or as primary as the readme on the repo is, taking the full usable width.
## Preview
https://codeberg.org/attachments/55f6685c-1978-410a-a17b-9fac91f0642e
---
https://codeberg.org/attachments/d9016a1c-13cf-4ea6-a8e4-2619d93f3560
## Note
`.non-diff-file-content .plain-text` is left untouched with `1em 2em`, because the plaintext seems to add it's own margins, so it would make it look worse.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3944
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Remove CSS code that was made unused by some changes in Gitea. I was working on a layout change here but was bothered a bit by these. I dug a bit into the git history to find out how they were made unused but it's relatively uneasy.
- remove rule that was setting `width: 100%;`: the exactly same selector setting this exact value is duplicated below
- remove rules with `followers` in selectors: we don't use this class in templates (would be nice if someone double-checks)
- my editor forced EoF fix
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3937
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
When performing migrations, and need to remap external users to local
ones, when no local mapping is possible, map the external user to Ghost,
rather than the user who initiated the migration.
Mapping the external user to the migration initiator has the potential
of breaking assumptions elsewhere, like only having one review per pull
request per user. Mapping these migrated, locally unavailable users to
Ghost makes sure these - often hidden - assumptions do not break.
Fixes#3860.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
When installing Forgejo via the on-line installer, force
DisableRegistration to true, to discourage creating instances with open
registration. Because open registration requires constant vigil to fight
off spammers of all kinds, it is not a great default. It should be a
conscious decision. This change is made in an effort to make the choice
of running an instance with open registration a conscious choice, rather
than simply the default.
Partially addresses #3925.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Having an instance with open registration requires work, otherwise it
will be overrun by spammers of all kinds. Yet, the setting to disable
open registration on the installation page is hidden behind "optional
settings", a place hardly anyone ever looks.
To improve the situation, lift the setting out of that, and place it
more prominently, just above the update checker setting.
Partially addresses #3925.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Following gitea#28981, set `X-Forgejo-Sender` and `X-Forgejo-Recipient`
to the username of the respective users, rather than their display name.
The username is more appropriate for these headers, for filtering
purposes. The display name is already included in the From header.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Cherry-pick of 2ced31e81d adapted to Forgejo releases UI.
Percentage-based `border-radius` [creates undesirable
ellipse](https://jsfiddle.net/silverwind/j9ko5wnt/4/) on non-square
content. Instead, use pixel value and use same wording `full` like
tailwind does, but increast to 99999px over their 9999px.
(cherry picked from commit 2ced31e81dd9e45659660c1abff529d0192fd8ed)