Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access to repositories ... if that is enabled.
The refactoring was too strict when it missed that not all repo permission checks require a logged in user. Read access can be granted to the default user ... but not write or admin.
Instead of the commands used in aa25ef34ebab, the following commands are used to consistently also allow the default user in all decorators where we only need repo read access:
# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani` sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani` # The primary case: Replace @NotAnonymous with removal of allow_default_user=True perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani` # If there is a global permission check, no anonymous is ever allowed perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani` # Repo access for write or admin also assume no default user perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`
- use table-layout: fixed Since we already use a fixed width for the most cells, this makes it easier (faster) for the browser to render specially big tables. And it allows to use 'text-overflow: ellipsis'. The old ellipsis settings have no effect.
- use nowrap and 'text-overflow: ellipsis' for all cells A table is easier (faster) to read for a user if all the row have the same height. Therefore don't wrap lines and in case of overflow use ellipsis.
- remove unnecessary height Up until now the row was bigger then 31px so this had no effect. And it look wrong to make the row bigger then its content.
- remove unnecessary border-color bootstrap default is almost the same color
- remove unnecessary text-align left is the default
- remove font-size or use bootstrap .small Making fonts too small hurts the readability.
- remove some padding and margin
- don't use special colors The differences are hardly noticable or in case of the gray dates hurt readability.
less: we should be consistent with diffstat-ish colors
With this change, on the changeset page, the 'change counters' for the whole changeset (in the top right corner) use the same colors as the counters for the lines (a little bit below) and the line change highlighting.
- move .changed from kallithea.less to kallithea-diff.less - be more generic with selectors in kallithea-diff - remove remaining style from kallithea.less
less: cleanup nav-pills menu style used in settings
- remove obsolete padding for li - remove style for 'li > a' that is aready set by bootstrap via .nav-pills - use usual color: inherit only for non active elements - override nav-pills-active-link-hover-color and nav-pills-active-link-hover-bg instead custom style
- use official dataTables.bootstrap.css and dataTables.bootstrap.js - add datatable less style block to use kallithea font icons - move dataTables related style to this new block to have them in one place - remove style that is obsolete, overrides or gets overriden by dataTables.bootstrap.css
In the future we'll probably use it to manage more then just less/css stuff. So the less directory is the wrong place. The most common place is the root directory, so lets put it there. Also, this way the --prefix parameter for npm is no longer required.
Where the additional spacing is needed, we already have a padding-right, so these spaces are unnecessary. But more importantly they cause trouble if text-decoration is used (i.e. underline on hover).
auth: refactor to introduce @LoginRequired(allow_default_user=True) and deprecate @NotAnonymous()
It was error prone that @LoginRequired defaulted to allow anonymous users (if 'default' user is enabled). See also 245b4e3abf39.
Refactor code to make it more explicit and safe by default: Deprecate @NotAnonymous by making it the default of @LoginRequired. That will make it safe by default.
To preserve same functionality, set allow_default_user=True in all the cases where @LoginRequired was *not* followed by @NotAnonymous or other permission checks - that was done with some script hacks: sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani` sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani` perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired()/g' `hg mani` perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@Has(Repo)?Permission)/\@LoginRequired()\1/g' `hg mani`
It has been reviewed that all uses of allow_default_user=True are in places where the there indeed wasn't any checking for default user before. These may or may not be correct, but now they are explicit and can be spotted and fixed.
The few remaining uses of @NotAnonymous should probably be removed somehow.
css: use pseudo-content trick to prevent diff line numbers from being pasted to text
When copy-pasting a diff from Chrome to a text editor, line numbers (on separate lines) would be pasted as well. Even though 'user-select: none' prevents text from being visually selected, in Chrome, the text still gets copied to the clipboard when the user for example presses ctrl-c. (It worked in Firefox.)
Instead, don't put the line numbers directly in the DOM, but put them in a data attribute and render them as :before. That will give the same rendering as before but prevent it from being copied.
(Firefox will however still add empty lines - that is how <pre> is hardcoded to be rendered when pasting to text.)
Instead of using a hack, that removes the 'set' parameter from the request, don't give the submit button a name and therefore don't submit the parameter in the first place.
tests: git changeset authors need to have the format 'username <user@example.com>'
New verions of dulwich caused tests like test_compare_forks_on_branch_extra_commits_git to fail because of this. Since this is fixed now, re-allow dulwich versions 0.18.6 and newer.
less: base .metatag styling on Bootstrap .label styling
Metatags kind of are and kind of look like labels, except some differences: Labels use smaller but bold font. The sizing is also different, as labels are not inline-block and will not expand the line height but might overflow into previous/next line, especially if these also have labels.
We still keep the custom colors for font and background.
Alternatively, we could put the "label" class in the markup and just let the metatag markup set the colors, similar to what Bootstrap "label-*" does.
style: fix changeset tag container - fix vertical alignment of right aligned tags
Tags and comment count were not aligned with the line text at all, and a solid background were hiding the separator lines and made it look even more messy.
extra-container and comments-container are now simplified with top right positioning and less margin tweaking.
Minimal changes to the tags - just touching some external sizing so it fits in the container: line-height and margin.
- use default font weight for footer - it doesn't need special attention and doesn't have to be bold - use class selector for the footer instead of ID selector - add comment for the styling that is removing margin below footer
less: run lessc with --relative-urls so relative paths are rewritten
25e079891ff5 broke select2 - it did for example no longer display the search symbol in the input field. The css had a relative path to 'select2.png' which no longer was correct when the literal reference moved to style.css .
Bootstrap had the same issue with '../fonts/glyphicons-halflings-regular.*' ... but we do not rely much on that.
As a quick fix, just adjust the relative reference and keep pointing at the original location.
A next step might be to copy files around in a cross platform compliant way, reliably at the right point in the development/build/install process.
MANIFEST: only include bootstrap from node_modules when packaging or installing
With the 'less' source folder placed under 'public', the whole folder happened to be fully included in source distribution and installed. *If* 'npm install' has been run, 'kallithea/public/less/node_modules/' will contain both build/development tools ('less' and dependencies) and the source of Bootstrap.
We do want Bootstrap source to be included so it automatically gets 'vendored', but we don't want all the build tools.
We thus prune the whole 'node_modules' directory, but add 'node_modules/bootstrap' back in.
This is exactly what it is. It might seem a bit fragile: There is no verification that it only is the 'bootstrap' directory that should be added back in, and there is no verification that it actually is present and included.
- there are no #quick_login .links elements - there are no #quick_login .buttons elements - there are no #quick_login .form-group elements - there are no #quick_login .unread elements - there are no #quick_login .notifications elements - color is already set on #quick_login * - background and padding is already set for all dropdown menus - h4 already has margin-bottom 10px
less: use default Bootstrap styling for buttons, customized with variables
The gradient styling of buttons is dropped, but we still use grey buttons (using the average color from the gradient) instead of the Bootstrap default of white buttons.
less: build custom Bootstrap from bootstrap.less instead of using plain upstream version
- add current version of bootstrap to package.json dependencies - import bootstrap.less in main.less - remove bootstrap.css from root.html (the file will be removed later)
When the whole list is made scrollable, the graph can no longer be positioned absolute. Instead, make it relative so it scrolls with the content ... and 0 height (with the graph overflowing) so the table content will be shown next to the overflowing graph.
less: change markup and styling for the logo shown in the top left corner
Based on work by Dominik Ruf, but in this changeset, the goal is just to improve markup and styling while keeping exactly the same look and feel. In that process, it also fixes some browser specific issues that gave odd spacing/positioning.
All styling (especially the logo image URL) is moved to CSS/LESS, using background-image styling instead of an img tag.
The logo image is made a :before on the site branding text and will usually have to align with this text, so we use inline-block to align to the baseline.
We set the right amount of negative margin-bottom so the image can go below the baseline.
We use a "big enough" negative margin-top to allow the image to bleed outside the line height and into the 12px top padding.
We assume the background image doesn't need cropping or panning and do thus not set background-size, background-position, or background-repeat.
less: simplify positioning of the +/- symbols on diff lines
As before, we place the +/- symbols in the pre:before so they default to the same font and styling as the line content.
Instead of giving the pre a wide left margin and put the :before out there using negative positing and visible overflow, just give the :before a fixed width on all lines.
Commit 30d61922f24eb144190052818c3fc6a24562f42b (auth: fix crash on invalid bcrypt password) left a debug print statement of the user's password in plaintext and its hashed equivalent.
- remove unnecessary float: left for .reviewer_status - remove unnecessary height and padding for .reviewers_member - there is no .email_entry, .ip_entry, .pullrequests_section_head, .pr-desc - remove unnecessary margin for .msg-div
- #legend_data default padding is fine - #legend_container border: none is unnecessary - #legend_choices is invisible - #legend_container width: auto is unnecessary - with many commiters less padding and height is actually better - there is no .legend ul