public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-25 16:08:46 +09:00
Code Issues Packages Projects Releases Wiki Activity
20,842 Commits 28 Branches 251 Tags
2e96e8227fa2df08197cb29d2d9051fe56aa8a8a
Commit Graph

8 Commits

Author SHA1 Message Date
Lunny Xiao
f2a1271f16 fix: Unify public-only token filtering in API queries and repo access checks (#37118) 
This PR closes remaining `public-only` token gaps in the API by making
the restriction apply consistently across repository, organization,
activity, notification, and authenticated `/api/v1/user/...` routes.

Previously, `public-only` tokens were still able to:
- receive private results from some list/search/self endpoints,
- access repository data through ID-based lookups,
- and reach several authenticated self routes that should remain
unavailable for public-only access.

This change treats `public-only` as a cross-cutting visibility boundary:
- list/search endpoints now filter private resources consistently,
- repository lookups enforce the same restriction even when addressed
indirectly,
- and self routes that inherently expose or mutate private account state
now reject `public-only` tokens.

---
Generated by a coding agent with Codex 5.2

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
 2026-05-18 11:36:42 -07:00
junoberryferry
151ef80e28 use experimental go json v2 library (#35392) 
details: https://pkg.go.dev/encoding/json/v2

---------

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2025-09-28 08:03:36 +00:00
TheFox0x7
ee3c82f874 Enable addtional linters (#34085) 
enable mirror, usestdlibbars and perfsprint 
part of: https://github.com/go-gitea/gitea/issues/34083

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2025-04-01 10:14:01 +00:00
TheFox0x7
0fde8ecd55 Enable testifylint rules (#34075) 
enable testifylint rules disabled in:
https://github.com/go-gitea/gitea/pull/34054
 2025-03-31 01:53:48 -04:00
Lunny Xiao
d6d3c96e65 Fix bug when a token is given public only (#32204) 2024-10-08 12:51:09 +03:00
Kyle D
33439b733a Disable query token param in integration tests (#28592) 
Follow up to https://github.com/go-gitea/gitea/pull/28484, this PR
enables the setting for integration tests and migrates a few additional
test queries.
 2023-12-23 11:29:51 +08:00
Nanguan Lin
da50be7360 Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052) 
Currently 'userxx' and 'orgxx' are both used as username in test files
when the user type is org, which is confusing. This PR replaces all
'userxx' with 'orgxx' when the user type is org(`user.type==1`).
Some non-trivial changes
1. Rename `user3` dir to `org3` in `tests/git-repositories-meta` 
2. Change `end` in `issue reference` because 'org3' is one char shorter
than 'user3'

![ksnip_20230913-112819](https://github.com/go-gitea/gitea/assets/70063547/442988c5-4cf4-49b8-aa01-4dd6bf0ca954)
3. Change the search result number of `user/repo2` because
`user3/repo21` can't be searched now

![ksnip_20230913-112931](https://github.com/go-gitea/gitea/assets/70063547/d9ebeba4-479f-4110-9a85-825efbc981fd)
4. Change the first org name getting from API because the result is
ordered by alphabet asc and now `org 17` is before `org25`
![JW8U7NIO(J$H
_YCRB36H)T](https://github.com/go-gitea/gitea/assets/70063547/f55a685c-cf24-40e5-a87f-3a2327319548)
![)KFD411O4I8RB5ZOH7E0
Z3](https://github.com/go-gitea/gitea/assets/70063547/a0dc3299-249c-46f6-91cb-d15d4ee88dd5)

Other modifications are just find all and replace all.
Unit tests with SQLite are all passed.

---------

Co-authored-by: caicandong <1290147055@qq.com>
 2023-09-14 02:59:53 +00:00
Lunny Xiao
de981c39e6 Fix bug of branches API with tests (#25578) 
Fix #25558
Extract from #22743

This PR added a repository's check when creating/deleting branches via
API. Mirror repository and archive repository cannot do that.
 2023-07-01 10:52:52 +08:00