The fix in 56bce741176f was incorrect, as it robbed the login dialog of its panel styling. Using on .panel-primary instead of #main solves this.
Additionally, while the rules deleted in a90acf3a1422 were indeed unused, it didn't actually solve the problem of select2 dropdowns being white on white, due to a separate selector also causing this effect. This should be fixed now.
In practice, Kallithea has the 'usergroup.admin' permission imply the 'usergroup.write' permission, which again implies 'usergroup.read'.
This codifies this practice by replacing the HasUserGroupPermissionAny "perm function" with the new HasUserGroupLevel function, reducing the risk of errors and saving quite a lot of typing.
In practice, Kallithea has the 'group.admin' permission imply the 'group.write' permission, which again implies 'group.read'.
This codifies this practice by replacing HasRepoGroupPermissionAny "perm function" with the new HasRepoGroupLevel function, reducing the risk of errors and saving quite a lot of typing.
In practice, Kallithea has the 'repository.admin' permission imply the 'repository.write' permission, which again implies 'repository.read'.
This codifies/enforces this practice by replacing HasRepoPermissionAny "perm function" with the new HasRepositoryLevel function, reducing the risk of errors and saving quite a lot of typing.
The purpose of this check is to ensure that we don't recursively assign "default" user perms for a repo with the "private" flag set (because in that case, the "default" user perms should always be "no access").
(The check, and this fix, is of course only applicable to Kallithea instances that have anonymous access enabled to begin with.)
However, the check was only functional if the user was specified as a username. This is apparently always the case when Kallithea is running, but was not e.g. the case in the test suite, which consistently passed a user ID instead of a username.
This commit ensures that the user is always resolved before the check is made. There's no significant overhead to this, as the code immediately calls RepoModel().grant_user_permission, which resolved the user anyway. This change just moves the database lookup a bit earlier.
Fixing this revealed the matching test case to be broken, so it has been fixed as well.
Down the road, we should eliminate Kallithea's bizarre practice of passing around usernames and user IDs, in favor of passing actual User objects. That'll get rid of mistakes like these, as well as repeated needless database lookups.
comments: for PR comments, link directly to comment on PR page
Comments with approval changes made in the context of PRs also show up on the individual PR changesets, and currently link to the (top of the) PR page. If the user wants to see the surrounding comments, it can be difficult to find the comment.
This change makes the link go to the comment anchor on the PR page, so the user immediately sees the relevant comment thread. The PR metadata is still readily available (by scrolling up or pressing "Home").
Checkboxes are a bit off-alignment throughout Kallithea, but floating them left makes it noticably worse, and also seems like an odd thing to do (checkboxes are usually rendered inline with the label).
Remove rule coloring "#content div.panel div.panel-heading .pull-left a" (and ditto .pull-right) white, as it caused the branch filter drop-down box on the changelog page to become white-on-white.
I have not found anywhere this rule actually serves a purpose.
On several pages, the rules matched our standard grey buttons, but was overruled by an !important style for .btn elements.
On repository group pages, it matches the repo group parent path link, and in /_admin/journal, it matches the "Watched Repositories" and "My Repositories" links; but all of these are already white from the "#content div.panel div.panel-heading a" rule.
auth: when a auth plugin can't be imported try the next one instead of breaking completly
Some authentication modules depend on external services. This may cause the import to fail. Or another scenario is that a (third party) authentication module has been removed and can't be imported anymore.
vcs: remove confusing and unnecessary local variable
This removes the "username" local variable, substituting the equivalent "user.username". The function also has another, unrelated use of the same local variable name; this OTHER "username" variable is untouched.
The relevant code is duplicated between Hg and Git... and thus also this change.
__get_action can only return "pull" or "push"; any other value is an error on our end. And indeed, if not, the old code would crash further down in the function (under "CHECK LOCKING") because the "user" local variable was not assigned.
This also corrects the comment that incorrectly suggests the perm check is only relevant for anonymous access.
The relevant code is duplicated between Hg and Git... and thus also this change.
(Diff becomes clearer if whitespace changes are ignored.)
css: fix vertical alignment in repo and PR summaries etc.
In several table-like layouts (not actual HTML tables) with separate "label" and "value" columns, this 10px margin-top (which only applies to the "value") caused the "cells" to be out of alignment:
- The repository summary (clone URL, description, etc.) - The pull request "summary" (description, origin, target, etc.) - Settings pages of all sorts
'<span class="repotag">git' does not actually appear in JS, so move it above the comment saying so. For the rest, tighten the checks to actually ensure they match JS, and not e.g. the same text in plain HTML elsewhere on the page.
indexers: use correct full repository name, which contains group name, at indexing
Before this revision, searching under the specific repository could cause unexpected result, because repository names used for indexing didn't contain the group name.
This issue was introduced by 8b7c0ef62427, which uses repo.name_unicode as repository name instead of safe_unicode(repo_name) to reduce unicode conversion cost while repetition at indexing.
To use correct repository name at indexing, this revision replaces repo.name_unicode by safe_unicode(repo_name). Reducing cost of repeated unicode conversion cost while will (and should) be addressed in the future.
This revision also adds a comment to BaseRepository.name property, to avoid similar misunderstandings in the future.
Therefore, username related conditions with "this", "a", "you", and so on are completely ignored, even if they are valid username components.
To prevent username related conditions from removing "stop words", this revision explicitly specifies "analyzer" for username related fields of SCHEMA and CHGSETS_SCHEMA.
Difference between EMAILADDRANALYZER and default analyzer of TEXT is whether "stop words" are preserved or not. Tokenization is still applied on usernames.
For future changing, this revision doesn't make EMAILADDRANALYZER share analyzer definition with PATHANALYZER, even though their definitions are identical with each other at this revision.
This revision requires full re-building index tables, because indexing schemas are changed.
Original patch has been modified by Mads Kiilerich - tests of 'owner' will be addressed separately.
Therefore, pathname related conditions with "this", "a", "you", and so on are completely ignored, even if they are valid pathname components.
To prevent pathname related conditions from removing "stop words", this revision explicitly specifies "analyzer" for pathname related fields of SCHEMA and CHGSETS_SCHEMA.
Difference between PATHANALYZER and default analyzer of TEXT is whether "stop words" are preserved or not. Tokenization is still applied on pathnames.
This revision requires full re-building index tables, because indexing schemas are changed.
search: make "repository:" condition work case-insensitively as expected
Before this revision, "repository:" condition at searching for "Commit messages" never shows revisions in a repository, of which name uses upper case letter.
Using ID for "repository" of CHGSETS_SCHEMA preserves case of repository name at indexing. On the other hand, search condition itself is forcibly lowered before parsing.
- files in repository "FOO" is indexed as "FOO" in "repository" field - "repository:FOO" condition is treated as "repository:foo:
Then, indexing search itself is executed case-sensitively. Therefore, "repository:FOO" condition never show revisions in repository "FOO".
But just making "repository" of CHGSETS_SCHEMA case-insensitive isn't reasonable enough, because it breaks assumptions below, if there is case-insensitive name collision between repositories, even though Kallithea itself can manage such repositories at same time.
- combination of "raw_id" (= revision hash ID) and "repository" is unique between all known revisions under Kallithea
CHGSETS_SCHEMA assumes this.
This unique-ness is required by Whoosh library to determine whether index table should be updated or not for that repository.
- searching in a repository shows only revisions in that repository
Before this revision, this filtering is achieve by "repository:" condition with case-preserved repository name from requested URL.
To make "repository:" search condition work case-insensitively as expected (without any violation of assumptions above), this revision does:
- make "repository" of CHGSETS_SCHEMA case-insensitive by "analyzer=ICASEIDANALYZER"
- introduce "repository_rawname" into SCHEMA and CHGSETS_SCHEMA, to ensure assumptions described above, by preserving case of repository name
"repository_rawname" of SCHEMA uses not ID but TEXT, because the former disable "positions" feature, which is required for highlight-ing file content (see previous revision for detail).
This revision requires full re-building index tables, because indexing schemas are changed.
search: make "repository:" condition work as expected
Before this revision, "repository:foo" condition at searching for "File contents" or "File names" shows files in repositories below.
- foo - foo/bar - foo-bar - and so on ...
Whoosh library, which is used to parse text for indexing and seaching, does:
- treat almost all non-alphanumeric characters as delimiter both at indexing search items and at parsing search condition - make each fields for a search item be indexed by multiple values
For example, files in "foo/bar" repository are indexed by "foo" and "bar" in "repository" field. This tokenization make "repository:foo" search condition match against files in "foo/bar" repository, too.
In addition to it, using plain TEXT also causes unintentional ignorance of "stop words" in search conditions. For example, "this", "a", "you", and so on are ignored at indexing and parsing, because these are too generic words (from point of view of generic "text search").
This issue can't be resolved by using ID instead of TEXT for "repository" of SCHEMA, like as previous revisions for JOURNAL_SCHEMA, because:
- highlight-ing file content requires SCHEMA to support "positions" feature, but using ID instead of TEXT disables it - using ID violates current case-insensitive search policy, because it preserves case of text
To make "repository:" condition work as expected, this revision explicitly specifies "analyzer", which does:
- avoid tokenization - match case-insensitively - avoid removing "stop words" from text
This revision requires full re-building index tables, because indexing schema is changed.
BTW, "repository:" condition at searching for "Commit messages" uses CHGSETS_SCHEMA instead of SCHEMA. The former uses ID for "repository", and it does:
- avoid issues by tokenization and removing "stop words"
- disable "positions" feature of CHGSETS_SCHEMA
But highlight-ing file content isn't needed at searching for "Commit messages". Therefore, this can be ignored.
- preserve case of text
This violates current case-insensitive search policy, This issue will be fixed by subsequent revision, because fixing it isn't so simple.
journal: make "repository:" filtering condition work as expected (Issue #261)
Before this revision, journal filtering conditions like as below never match against any entry, even if there are corresponded repositories.
- repository:foo/bar - repository:foo-bar
Whoosh library, which is used to parse filtering condition, does:
- treat almost all non-alphanumeric characters as delimiter at parsing condition - join each conditions at filtering by "AND", by default
For example, filtering condition "repository:foo/bar" is translated as "repository:foo AND repository:bar". This combined condition never matches against any entry, because it is impossible that "repository" field in DBMS table "user_logs" has both "foo" and "bar" values at same time.
Using TEXT for "repository" of JOURNAL_SCHEMA causes this issue, because TEXT assumes tokenization at parsing.
In addition to it, using TEXT also causes unintentional ignorance of "stop words" in filtering conditions. For example, "this", "a", "you", and so on are ignored at parsing, because these are too generic words (from point of view of generic "text search").
To make "repository:" filtering condition work as expected, this revision uses ID instead of TEST for "repository" of JOURNAL_COLUMN. ID avoids both tokenization and removing "stop words".
This replacement should be safe with already existing DBMS instance, because:
- JOURNAL_SCHEMA is used only to parse filtering condition - DBMS table "user_logs" itself is defined by UserLog class (in kallithea/model/db.py)
BTW, using ID also avoids normalization by lowercase-ing. But this doesn't violate current case-insensitive search policy, because LOWER-ing in actual SQL query is achieved by get_filterion() or so in kallithea/controllers/admin/admin.py.
tests: introduce more test coverage of whoosh filtering
This has been extracted from other changesets by Mads Kiilerich to establish a test baseline so we clearly can see what the following fixes are fixing.
Some of these tests will thus demonstrate bad behaviour - that will be fixed later.
* drop support for 'cache.' prefix - it is only 'beaker.config.' that ever has been documented or used in examples * make prefix stripping more safe (if the prefix should appear twice in the key) * trust exactly what has been configured - drop stripping of strings * drop int conversion of 'expire' - beaker documentation suggests strings are fine
The second argument to the guess_instance classmethod is in practice fixed for Gist, Permission, RepoGroup, Repository, User, UserGroup; so might as well move this logic into per-class specializations of guess_instance.
Since the test repositories are created in the database by scanning the file system, their IDs depends on the (non-deterministic) order in which files are listed by the file system.
The solution, of course, is to ask the database for the ID instead of assuming it will be ID 1.
This refactoring simply emphasizes that the origin reference used to generate the default title is not always the same as the one actually used to create the pull request; for PRs not from a branch head, the branch name is stored so it can be used for creating new iterations.
auth: simplify the double invoked auth classes used for permission checking
Also avoid storing request state in the Has Permission instances. The instances er temporary and only used once and there is thus not real problem, but it is simpler and cleaner this way.
controllers: avoid setting request state in controller instances - set it in the thread global request variable
In TurboGears, controllers are singletons and we should avoid using instance variables for any volatile data. Instead, use the "global thread local" request context.
With everything in request, some use of c is dropped.
Note: kallithea/controllers/api/__init__.py still use instance variables that will cause problems with TurboGears.
controllers: avoid setting constants as controller instance variables in __before__
Setting constants in __before__ is a weird pattern and we can do fine without doing it. That makes it more clear that there is no state in the controller instances.
Real constants can just be set at the module level.
Some values depend on configuration and can thus probably not be set as constants at module import time but could perhaps be set in __init__. But reading configuration directly when needed will probably be just as good.
This type of code examples are not present in other files. It is unclear whether this example is still accurate. And it is equally unclear whether they provide real value compared to 'real' code.
The markup in base.html is a bit misleading. The "quick login" drop down menu is not just the quick login box but also the "current user info" box.
When the user is logged in, the "real" quick login box isn't shown and the drop menu's aria-describedby="quick_login_h" thus becomes an invalid reference.
To fix the reference, also call the user info for quick_login_h - that is approximately correct.