1.5.0 changelog

* site admin could create repos even MAX_CREATION_LIMIT=0

* Optimize if structure

CHANGELOG.md

@@ -4,9 +4,11 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
-## [1.5.0-RC2](https://github.com/go-gitea/gitea/releases/tag/v1.5.0-rc2) - 2018-07-21
+## [1.5.0](https://github.com/go-gitea/gitea/releases/tag/v1.5.0) - 2018-08-10
 * SECURITY
   * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
+  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
+  * Do not allow to reuse TOTP passcode (#3878)
 * BUGFIXES
   * Fix column droping for MSSQL that need new transaction for that (#4440) (#4484)
   * Redirect to correct page after using scratch token (#4458) (#4472)
@@ -15,11 +17,12 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Add default merge options when adding new repository (#4369) (#4373)
   * Fix repository last updated time update when delete a user who watched the repo (#4363) (#4371)
   * Fix html entity escaping in branch deletion message (#4471) (#4485)
-
-## [1.5.0-RC1](https://github.com/go-gitea/gitea/releases/tag/v1.5.0-rc1) - 2018-07-04
-* SECURITY
-  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
-  * Do not allow to reuse TOTP passcode (#3878)
+  * Fix out-of-transaction query in removeOrgUser (#4521) (#4524)
+  * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519)
+  * Fix panic issue on update avatar email (#4580) (#4590)
+  * Fix bugs when too many IN variables (#4594) (#4597)
+  * Push whitelist now doesn't apply to branch deletion (#4601) (#4640)
+  * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645) (#4650)
 * FEATURE
   * Add cli commands to regen hooks & keys (#3979)
   * Add support for FIDO U2F (#3971)

models/branches.go

@@ -74,7 +74,7 @@ func (protectBranch *ProtectedBranch) CanUserMerge(userID int64) bool {
 		return true
 	}
 
-	if len(protectBranch.WhitelistTeamIDs) == 0 {
+	if len(protectBranch.MergeWhitelistTeamIDs) == 0 {
 		return false
 	}
 
@@ -184,6 +184,24 @@ func (repo *Repository) IsProtectedBranch(branchName string, doer *User) (bool,
 		BranchName: branchName,
 	}
 
+	has, err := x.Exist(protectedBranch)
+	if err != nil {
+		return true, err
+	}
+	return has, nil
+}
+
+// IsProtectedBranchForPush checks if branch is protected for push
+func (repo *Repository) IsProtectedBranchForPush(branchName string, doer *User) (bool, error) {
+	if doer == nil {
+		return true, nil
+	}
+
+	protectedBranch := &ProtectedBranch{
+		RepoID:     repo.ID,
+		BranchName: branchName,
+	}
+
 	has, err := x.Get(protectedBranch)
 	if err != nil {
 		return true, err

models/issue_list.go

@@ -9,6 +9,11 @@ import "fmt"
 // IssueList defines a list of issues
 type IssueList []*Issue
 
+const (
+	// default variables number on IN () in SQL
+	defaultMaxInSize = 50
+)
+
 func (issues IssueList) getRepoIDs() []int64 {
 	repoIDs := make(map[int64]struct{}, len(issues))
 	for _, issue := range issues {
@@ -26,11 +31,20 @@ func (issues IssueList) loadRepositories(e Engine) ([]*Repository, error) {
 
 	repoIDs := issues.getRepoIDs()
 	repoMaps := make(map[int64]*Repository, len(repoIDs))
-	err := e.
-		In("id", repoIDs).
-		Find(&repoMaps)
-	if err != nil {
-		return nil, fmt.Errorf("find repository: %v", err)
+	var left = len(repoIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		err := e.
+			In("id", repoIDs[:limit]).
+			Find(&repoMaps)
+		if err != nil {
+			return nil, fmt.Errorf("find repository: %v", err)
+		}
+		left = left - limit
+		repoIDs = repoIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -61,11 +75,20 @@ func (issues IssueList) loadPosters(e Engine) error {
 
 	posterIDs := issues.getPosterIDs()
 	posterMaps := make(map[int64]*User, len(posterIDs))
-	err := e.
-		In("id", posterIDs).
-		Find(&posterMaps)
-	if err != nil {
-		return err
+	var left = len(posterIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		err := e.
+			In("id", posterIDs[:limit]).
+			Find(&posterMaps)
+		if err != nil {
+			return err
+		}
+		left = left - limit
+		posterIDs = posterIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -99,23 +122,34 @@ func (issues IssueList) loadLabels(e Engine) error {
 	}
 
 	var issueLabels = make(map[int64][]*Label, len(issues)*3)
-	rows, err := e.Table("label").
-		Join("LEFT", "issue_label", "issue_label.label_id = label.id").
-		In("issue_label.issue_id", issues.getIssueIDs()).
-		Asc("label.name").
-		Rows(new(LabelIssue))
-	if err != nil {
-		return err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var labelIssue LabelIssue
-		err = rows.Scan(&labelIssue)
+	var issueIDs = issues.getIssueIDs()
+	var left = len(issueIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		rows, err := e.Table("label").
+			Join("LEFT", "issue_label", "issue_label.label_id = label.id").
+			In("issue_label.issue_id", issueIDs[:limit]).
+			Asc("label.name").
+			Rows(new(LabelIssue))
 		if err != nil {
 			return err
 		}
-		issueLabels[labelIssue.IssueLabel.IssueID] = append(issueLabels[labelIssue.IssueLabel.IssueID], labelIssue.Label)
+
+		for rows.Next() {
+			var labelIssue LabelIssue
+			err = rows.Scan(&labelIssue)
+			if err != nil {
+				rows.Close()
+				return err
+			}
+			issueLabels[labelIssue.IssueLabel.IssueID] = append(issueLabels[labelIssue.IssueLabel.IssueID], labelIssue.Label)
+		}
+		rows.Close()
+		left = left - limit
+		issueIDs = issueIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -141,11 +175,20 @@ func (issues IssueList) loadMilestones(e Engine) error {
 	}
 
 	milestoneMaps := make(map[int64]*Milestone, len(milestoneIDs))
-	err := e.
-		In("id", milestoneIDs).
-		Find(&milestoneMaps)
-	if err != nil {
-		return err
+	var left = len(milestoneIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		err := e.
+			In("id", milestoneIDs[:limit]).
+			Find(&milestoneMaps)
+		if err != nil {
+			return err
+		}
+		left = left - limit
+		milestoneIDs = milestoneIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -165,23 +208,35 @@ func (issues IssueList) loadAssignees(e Engine) error {
 	}
 
 	var assignees = make(map[int64][]*User, len(issues))
-	rows, err := e.Table("issue_assignees").
-		Join("INNER", "`user`", "`user`.id = `issue_assignees`.assignee_id").
-		In("`issue_assignees`.issue_id", issues.getIssueIDs()).
-		Rows(new(AssigneeIssue))
-	if err != nil {
-		return err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var assigneeIssue AssigneeIssue
-		err = rows.Scan(&assigneeIssue)
+	var issueIDs = issues.getIssueIDs()
+	var left = len(issueIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		rows, err := e.Table("issue_assignees").
+			Join("INNER", "`user`", "`user`.id = `issue_assignees`.assignee_id").
+			In("`issue_assignees`.issue_id", issueIDs[:limit]).
+			Rows(new(AssigneeIssue))
 		if err != nil {
 			return err
 		}
 
-		assignees[assigneeIssue.IssueAssignee.IssueID] = append(assignees[assigneeIssue.IssueAssignee.IssueID], assigneeIssue.Assignee)
+		for rows.Next() {
+			var assigneeIssue AssigneeIssue
+			err = rows.Scan(&assigneeIssue)
+			if err != nil {
+				rows.Close()
+				return err
+			}
+
+			assignees[assigneeIssue.IssueAssignee.IssueID] = append(assignees[assigneeIssue.IssueAssignee.IssueID], assigneeIssue.Assignee)
+		}
+		rows.Close()
+
+		left = left - limit
+		issueIDs = issueIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -207,21 +262,32 @@ func (issues IssueList) loadPullRequests(e Engine) error {
 	}
 
 	pullRequestMaps := make(map[int64]*PullRequest, len(issuesIDs))
-	rows, err := e.
-		In("issue_id", issuesIDs).
-		Rows(new(PullRequest))
-	if err != nil {
-		return err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var pr PullRequest
-		err = rows.Scan(&pr)
+	var left = len(issuesIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		rows, err := e.
+			In("issue_id", issuesIDs[:limit]).
+			Rows(new(PullRequest))
 		if err != nil {
 			return err
 		}
-		pullRequestMaps[pr.IssueID] = &pr
+
+		for rows.Next() {
+			var pr PullRequest
+			err = rows.Scan(&pr)
+			if err != nil {
+				rows.Close()
+				return err
+			}
+			pullRequestMaps[pr.IssueID] = &pr
+		}
+
+		rows.Close()
+		left = left - limit
+		issuesIDs = issuesIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -236,22 +302,34 @@ func (issues IssueList) loadAttachments(e Engine) (err error) {
 	}
 
 	var attachments = make(map[int64][]*Attachment, len(issues))
-	rows, err := e.Table("attachment").
-		Join("INNER", "issue", "issue.id = attachment.issue_id").
-		In("issue.id", issues.getIssueIDs()).
-		Rows(new(Attachment))
-	if err != nil {
-		return err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var attachment Attachment
-		err = rows.Scan(&attachment)
+	var issuesIDs = issues.getIssueIDs()
+	var left = len(issuesIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		rows, err := e.Table("attachment").
+			Join("INNER", "issue", "issue.id = attachment.issue_id").
+			In("issue.id", issuesIDs[:limit]).
+			Rows(new(Attachment))
 		if err != nil {
 			return err
 		}
-		attachments[attachment.IssueID] = append(attachments[attachment.IssueID], &attachment)
+
+		for rows.Next() {
+			var attachment Attachment
+			err = rows.Scan(&attachment)
+			if err != nil {
+				rows.Close()
+				return err
+			}
+			attachments[attachment.IssueID] = append(attachments[attachment.IssueID], &attachment)
+		}
+
+		rows.Close()
+		left = left - limit
+		issuesIDs = issuesIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -266,22 +344,33 @@ func (issues IssueList) loadComments(e Engine) (err error) {
 	}
 
 	var comments = make(map[int64][]*Comment, len(issues))
-	rows, err := e.Table("comment").
-		Join("INNER", "issue", "issue.id = comment.issue_id").
-		In("issue.id", issues.getIssueIDs()).
-		Rows(new(Comment))
-	if err != nil {
-		return err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var comment Comment
-		err = rows.Scan(&comment)
+	var issuesIDs = issues.getIssueIDs()
+	var left = len(issuesIDs)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
+		rows, err := e.Table("comment").
+			Join("INNER", "issue", "issue.id = comment.issue_id").
+			In("issue.id", issuesIDs[:limit]).
+			Rows(new(Comment))
 		if err != nil {
 			return err
 		}
-		comments[comment.IssueID] = append(comments[comment.IssueID], &comment)
+
+		for rows.Next() {
+			var comment Comment
+			err = rows.Scan(&comment)
+			if err != nil {
+				rows.Close()
+				return err
+			}
+			comments[comment.IssueID] = append(comments[comment.IssueID], &comment)
+		}
+		rows.Close()
+		left = left - limit
+		issuesIDs = issuesIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -307,25 +396,35 @@ func (issues IssueList) loadTotalTrackedTimes(e Engine) (err error) {
 		}
 	}
 
-	// select issue_id, sum(time) from tracked_time where issue_id in (<issue ids in current page>) group by issue_id
-	rows, err := e.Table("tracked_time").
-		Select("issue_id, sum(time) as time").
-		In("issue_id", ids).
-		GroupBy("issue_id").
-		Rows(new(totalTimesByIssue))
-	if err != nil {
-		return err
-	}
+	var left = len(ids)
+	for left > 0 {
+		var limit = defaultMaxInSize
+		if left < limit {
+			limit = left
+		}
 
-	defer rows.Close()
-
-	for rows.Next() {
-		var totalTime totalTimesByIssue
-		err = rows.Scan(&totalTime)
+		// select issue_id, sum(time) from tracked_time where issue_id in (<issue ids in current page>) group by issue_id
+		rows, err := e.Table("tracked_time").
+			Select("issue_id, sum(time) as time").
+			In("issue_id", ids[:limit]).
+			GroupBy("issue_id").
+			Rows(new(totalTimesByIssue))
 		if err != nil {
 			return err
 		}
-		trackedTimes[totalTime.IssueID] = totalTime.Time
+
+		for rows.Next() {
+			var totalTime totalTimesByIssue
+			err = rows.Scan(&totalTime)
+			if err != nil {
+				rows.Close()
+				return err
+			}
+			trackedTimes[totalTime.IssueID] = totalTime.Time
+		}
+		rows.Close()
+		left = left - limit
+		ids = ids[limit:]
 	}
 
 	for _, issue := range issues {

models/org.go

@@ -454,7 +454,7 @@ func AddOrgUser(orgID, uid int64) error {
 func removeOrgUser(sess *xorm.Session, orgID, userID int64) error {
 	ou := new(OrgUser)
 
-	has, err := x.
+	has, err := sess.
 		Where("uid=?", userID).
 		And("org_id=?", orgID).
 		Get(ou)

models/repo.go

@@ -1407,7 +1407,7 @@ func createRepository(e *xorm.Session, doer, u *User, repo *Repository) (err err
 
 // CreateRepository creates a repository for the user/organization u.
 func CreateRepository(doer, u *User, opts CreateRepoOptions) (_ *Repository, err error) {
-	if !u.CanCreateRepo() {
+	if !doer.IsAdmin && !u.CanCreateRepo() {
 		return nil, ErrReachLimitOfRepo{u.MaxRepoCreation}
 	}
 

modules/context/repo.go

@@ -85,9 +85,9 @@ func (r *Repository) CanCreateBranch() bool {
 }
 
 // CanCommitToBranch returns true if repository is editable and user has proper access level
-//   and branch is not protected
+//   and branch is not protected for push
 func (r *Repository) CanCommitToBranch(doer *models.User) (bool, error) {
-	protectedBranch, err := r.Repository.IsProtectedBranch(r.BranchName, doer)
+	protectedBranch, err := r.Repository.IsProtectedBranchForPush(r.BranchName, doer)
 	if err != nil {
 		return false, err
 	}

routers/user/setting/profile.go

@@ -119,7 +119,7 @@ func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm, ctxUser *mo
 		ctxUser.AvatarEmail = form.Gravatar
 	}
 
-	if form.Avatar.Filename != "" {
+	if form.Avatar != nil && form.Avatar.Filename != "" {
 		fr, err := form.Avatar.Open()
 		if err != nil {
 			return fmt.Errorf("Avatar.Open: %v", err)

templates/status/404.tmpl

@@ -4,6 +4,5 @@
 	<div class="ui divider"></div>
 	<br>
 	{{if .ShowFooterVersion}}<p>Application Version: {{AppVer}}</p>{{end}}
-	<p>If you think this is an error, please open an issue on <a href="https://github.com/go-gitea/gitea/issues/new">GitHub</a>.</p>
 </div>
 {{template "base/footer" .}}