pullrequest/compare: add logical changeset index to clarify the order
Is the parent-most changeset in a changeset the one at the top or at the bottom? When the revision numbers are not shown, it is not obvious to determine this.
This commit adds a logical changeset index to the commit list in a pullrequest or compare view. The index starts at 1 (the parent-most commit) and has no relation whatsoever with the commit hash or revision number.
select2: move "exact prefix matches" to the top of the search
Further improvements to this could be to sort by the position of your filter in the results so searching for foo means that release/foo comes before a/branch/of/doom//foo .
issue: when deleting comments in a list of comments on the same line, sometimes the add new comment button stops working
root cause: when deleting a comment in a list of comments that are all on the same line, the wrong previous tr is chosen, the chosen tr could be an inline comments instead of a line tr, resulting in the fact that injectinlineform function will return immediatly
solution: loop over the found tr until its no longer an inline comment
remark: could probably be optimised futher to immediatly search for the line tr object
The Last Revision column of the file browser linked to URLs with the changeset as: r14:abcdef0123 which is not a valid changeset id. Instead, use .raw_id.
comments: refactor the DOM handling for previous/next comment links
Make it more clear which div the links are put into and set the whole content of that div instead of appending. This prepares for repeatedly re-linking the comments when new comments or comment forms are inserted in the text.
tests: move pytest settings from kallithea/tests/pytest.ini to setup.cfg
pytest.ini was added in 9b8ba0f1c87b but didn't work. pytest only uses one configuration file and does not merge settings from multiple files [1]. The first detected file is setup.cfg thus should contain all relevant configuration.
tests: restrict pytest test collection to kallithea/tests
When the kallithea root directory contains a populated virtualenv, pytest would also collect tests in python packages installed there.
Restrict the tests to be considered to any test_*.py file inside kallithea/tests.
Additionally, by renaming unwanted test files in kallithea/tests/scripts to _not_ match this pattern, we can completely get rid of the 'norecursedirs' option.
Change the template to use CSS classes names compatible with what Bootstrap provides. That would allow the login page to have sane appearance with Bootstrap CSS immediately.
The template changes also remove extra vertical space between the ‘Log in’ button and extra links at the bottom for the sake of having a simpler markup.
middleware: use secure cookies over secure connections
HTTP cookie spec defines secure cookies, which are transmitted only over secure connections (HTTPS). Using them helps protect against some attacks, but cookies shouldn't be made secure when we don't have HTTPS configured. As it is now, it's left at user's discretion, but probably it's a good idea to force secure cookies when they can be used.
In the current implementation, cookies are issued to users before they actually try to log in, on the first page load. So if that happens over HTTPS, it's probably safe to assume secure cookies can be used, and to default to normal "insecure" cookies if HTTPS isn't available.
It's not easy to sneak into Beaker's internals, and it doesn't support selective secureness, so we use our own wrapper around Beaker's SessionMiddleware class to give secure cookies over HTTPS connections. Beaker's built-in mechanism for secure cookies is forced to add the flag when needed only.
comments: fix permalink symbol appearance on hover
It broke when 293066605a43 did that the permalink a no longer was immediate child of a div. Instead, accept an intermediate span ... and thus make the hover target bigger.
middleware: apply HttpsFixup to Hg/Git operations too (Issue #132)
Fix regression from 6a0964373a30. 'Require SSL for vcs operations' might make the protocol operations depend on the protocol type reported by a proxy even though they don't generate URLs.
auth: return early in LoginRequired on API key validation
Simplify the logic in the LoginRequired decorator when Kallithea is accessed using an API key. Either: - the key is valid and API access is allowed for the accessed method (continue), or - the key is invalid (redirect to login page), or - the accessed method does not allow API access (403 Forbidden)
In none of these cases does it make sense to continue checking for user authentication, so return early.
Simplify the code of the LoginRequired decorator by returning early when an unacceptable condition is met.
Note: the 'return' of redirect_to_login() is not strictly needed since we should not return from that function (redirection occurs). Adding it, however, is a security measure in case redirect_to_login does not do what it should do.
notifications: use stupid mail static-except-[] subjects to please gmail and its broken threading
This gives reasonable threading, both with gmail and proper mail clients, at the cost of making the email subjects slightly obscure.
Gmail is clueless - also about mail threading, ignoring our References headers and the wisdom of jwz. Gmail will start a new thread for each subject. The only way to make all mails related to the same PR belong to the same thread is thus to let all mails for a PR have the same subject. Gmail will however ignore content in square brackets at the beginning of the subject so we can put the interesting parts there.
* display the ellipsis just once and centered instead of showing in twice in both - and + columns * expand column width as needed to accomodate longer numbers (previously, the column width was fixed) * enable box-sizing: border-box for the number links to make it easier to set paddings
rst: in @mention parser, escape spaces so they don't go to HTML
This eliminates extra spaces around @mentions. Every time mention was followed by a comma, for example:
@username, have you seen it?
it turned into:
@username , have you seen it?
So an extra space was inserted. It was inserted because otherwise rst parser might not recognise the markup (i.e. @user1,@user2 is replaced by **user1**,**user2** — that would be interpreted as <b>user1**,**user2</b>).
Currently, a pull request id is referenced as #5, and the '#' symbol is fixed and repeated in several places. This commit adds a class method make_nice_id, that returns a string reference to a pull request, currently in the form '#5'.
This function could be overridden by an organization if they need references in another form, for example PR-5.
The method nice_id uses this for the pullrequest's own id.
diff view: do not hide overflow on very long lines that cannot be wrapped
When a change contains very long lines that cannot be wrapped because they contain very long 'words' without spaces, the overflow is currently not visible at all. This occurrence of such very long non-wrappable words is pretty uncommon, but can for example happen in comma-separated value files.
Not touching the existing behavior of trying to wrap long lines, this patch adds horizontal scrollbars for these exceptional cases of unavoidable overflow. On normal lines and long lines that can be wrapped, the diff block remains the same as before.
permissions: by default, don't show entities with no access
There might be a lot of entities the user/group don't have access and it is much more important to be able to see at a glance what the user/group has to access to than what it doesn't have access to.
comments: avoid storing 'No comments' text when changing status
When a general comment (with or without status change) is added to a changeset or pull request, and no text was added, Kallithea automatically used 'No comments' as text. The stub text is added to the database as if it has been entered by the user and it can thus not easily be identified as an automatic comment.
This commit makes following changes: - allow adding an empty comment to the database when there is a status change. An empty comment without status change is ignored. - do not add a stub text to the database, but generate it on demand - the stub text is shown in italic font to differentiate it from user-entered text
Currently there is a large amount of duplication between controllers/changeset.py and controllers/pullrequests.py, which is to be cleaned up in a later commit.