forgejo/services
Gusted 618eb8e72a security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.

(cherry picked from commit 266e0b2ce9)
2024-10-28 06:04:45 +00:00
..
actions Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246) 2024-10-22 07:28:30 +02:00
agit fix(agit): run full pr checks on force-push 2024-08-12 09:00:41 +02:00
asymkey Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
attachment Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth Merge pull request '[CHORE] Move to new sessioner library' (#5090) from gusted/forgejo-sessioner-fork into forgejo 2024-08-26 07:31:56 +00:00
automerge Fix agit automerge (#31207) 2024-08-25 10:47:37 +02:00
context fix: correct documentation for non 200 responses in swagger 2024-10-15 20:05:40 +00:00
contexttest [TESTS] Fix usage of LoadRepoCommit 2024-08-26 08:03:48 +02:00
convert Fix /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename (#32017) 2024-09-14 17:53:55 +02:00
cron Clear up old Actions logs (#31735) 2024-08-04 18:24:10 +02:00
doctor [BUG] Don't allow owner team with incorrect unit access 2024-10-14 19:59:17 +00:00
externalaccount allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
f3 feat: upgrade F3 to v3.7.0 2024-08-18 19:39:20 +02:00
federation feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853) 2024-08-07 05:45:24 +00:00
feed Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forgejo Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forms [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
gitdiff feat: Improve diff being generated 2024-08-26 13:58:17 +02:00
indexer Update issue indexer after merging a PR (#30715) 2024-05-12 20:03:10 +02:00
issue [BUG] Don't fire notification for comment of pending review 2024-08-18 17:04:00 +02:00
lfs feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
mailer chore: remove extra go-sqlite3 imports 2024-09-06 09:36:08 +00:00
markup Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
migrations Support allowed hosts for migrations to work with proxy (#32025) 2024-09-14 17:52:54 +02:00
mirror [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
notify Clean up log messages (#30313) 2024-04-15 20:01:35 +02:00
org Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
packages fix arch pkg 2024-10-21 05:10:13 +00:00
pull Fix the logic of finding the latest pull review commit ID (#32139) 2024-10-06 11:34:08 +02:00
release Handle invalid target when creating releases using API (#31841) 2024-09-14 18:45:18 +02:00
remote Enable unparam linter (#31277) 2024-06-16 13:42:58 +02:00
repository security: add permission check to 'delete branch after merge' 2024-10-28 06:04:45 +00:00
secrets Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
task feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
uinotification Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
user Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
webhook fix: improve discord webhook api conformance 2024-10-09 16:07:34 +00:00
wiki Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00