Add `Poll` model and `CreatePoll` function.
The poll is ineffective, no one can vote. (yet)
Add `Judgment` creation and update.
There can be at most one judgment per trio of poll, judge and candidate.
Each Judge may emit one Judgment per Candidate of a Poll.
Mop up and oust a reminiscent bug.
Add the Poll Create, Update and Delete forms and logic.
We can't tally a Poll yet.
Nor can we judge issues.
Add the Judgment forms for each Poll of each issue.
Everything works so far without javascript.
We added CSS like monkeys, until we figure out what to do with it.
Use emotes Chromium can print as well.
Fix some warnings.
Prepare for the far future.
Add scoring pseudo-code for fast deliberation.
This was entertaining, but it's perhaps wrong,
although we can't find any reason why so far.
We contacted the world's top specialist on the matter.
…
Three gods, A, B, and C are called,
in no particular order, True, False, and Random.
True always speaks truly, False always speaks falsely,
but whether Random speaks truly or falsely is a
completely random matter.
Your task is to determine the identities of A, B, and C
by asking three yes-no questions; each question
must be put to exactly one god. The gods understand
English, but will answer all questions in
their own language, in which the words for yes
and no are da and ja, in some order.
You do not know which word means which.
Add a naive tallier.
I wish I had a feature suite in Gherkin here…
Add some tests to the deliberator and implement them.
Still waiting for input from the specialist(s)
before delving into implementation details.
Use unsigned integers where it makes sense.
(or not)
Provision more tests for the deliberator.
We've got some answers — still confused, though.
Implement a very naive deliberator.
Fix a fix for the label's hover area.
Let's barf as little as possible on existing CSS.
Fill the missing judgments as REJECT judgments.
This should be optional.
Add a battery of tests to GetMedian
We're now going to be able to implement it properly,
not like the cheap cheat we had so far.
Adapt label color to median grade.
This is a cheap implementation that will probably need a rewrite
for complete support of other gradations.
Add more tests to expose the limitations of the current scoring implementation.
Now we can work some more on the scoring.
Implement a less naive score calculus.
So far it holds.
The score is a bit long (90chars = 15 chars per possible grade)
but it won't get any longer with more judges,
unless we have to go over 500 billion judges.
Fix poll's CRUD subheaders I18N.
Make sure judgments can be emitted with keyboard only.
`:focus-within` <3 U CSS
Add a basic page to view a poll.
Move Poll CSS to LESS.
Clean up.
Tease about what will come next.
Add a repo header nav item for polls.
Ideally this whole thing should be a plugin and not a fork.
Not sure how to add new Db models and Routes.
We'd also need a custom spot in the issue view template,
but that can probably be merged upstream.
Clean up.
We'd love to move the routes to their own file.
And then being able to add them via `custom/`.
Disable event sourcing until /user/events do not hang for a minute,
because it makes browsing gitea rapidly impossible.
Add french translations for the polling UI.
Rename `Judgment` into `PollJudgment`.
After careful consideration, it's probably best to namespace.
Also, explicit is better than implicit. :)
BREAKING CHANGE: Not sure how the migrations will operate here.
This is why it's best to do it now than once we're actually using it.
Tweak the poll's labels for mobile with a CSS media query.
Thanks @pierre-louis for the bug report !
Review.
docs: explicit is better than implicit
chore: "missing" is more explicit than "lost"
feat: add radial merit profiles, in SVG
Ignore the gitea-repositories directory.
chore: clean up the radial merit profile SVG template
test: expose an issue with the tally
The returned amounts for each grade are wrong.
How could this happen, you ask?
Lack of unit-testing, that's why!
(also, shallow copy shenanigans)
chore: spacing
Still experimenting with the spacing in templates.
I know Gitea does not use spaces.
My sight is not getting any better,
and spacing helps a lot.
Yes, I'm already using bigger fonts.
test: refine the tests about the critical bug found
… so that it does not happen again!
fix: elbow grease the copy mechanism to fix The Bug®
fix: hide the description if none is provided.
Should we mention that it is a bad practice ?
It feels like it is. … To deliberate.
chore: review naive deliberator
feat: add the issue title to the list of issues of a poll
Also naive and inefficient, but if we paginate, we'll be ok.
And if not, we can probably improve this by batching the queries.
fix: remove a debugging tweak that was overlooked
Also, remove the need to translate the word `Issue`.
Oddly enough, it is never translated by itself,
it is only in plural form opr inside a sentence.
feat: add the merit profile behind the median grade
Usual CSS woes
- Really not confident about positioning top and left with `em`.
- Z-index shenanigans to skip unexpected offset in positioning,
where the absolute of a child in a relative container
won't point to top left but to bottom of other child in static
(try moving the merit profile below the input.emote, and remove z-indices)
Right now the merit profile is shown to all logged in, whether they judged or not. This is not the intended final behavior. Ideally we'd have settings fdr this.
chore: clean up before the next stage
* Fix some API bugs (#16184)
* Repository object only count releases as releases (fix#16144)
* EditOrg respect RepoAdminChangeTeamAccess option (fix#16013)
* adjut to v1.14
Backport #15895
Storing these credentials is a liability.
* Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue)
- security in depth: helps when attacker has access to DB only, but not app.ini
* Delete all credentials (even encrypted) from the task table, once the migration is done, for safety
- security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini
Backport #16155
There is an inefficiency in the design of our processors which means that Emoji
and other processors run in order n^2 time.
This PR forces the processors to process the entirety of text node before passing
back up. The fundamental inefficiency remains but it should be significantly
ameliorated.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16163
Bluemonday sanitizer regexp rules are not additive, so the addition of the icons,
emojis and chroma syntax policy has led to this being stripped.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backprt #16164
Gitea will currently check every if every password is an access token even though
most passwords are not and cannot be access tokens.
By creation access tokens are 40 byte hexadecimal strings therefore only these should
be checked.
Signed-off-by: Andrew Thornton <art27@cantab.net>
In #16055 it appears that the simple 5s deadline doesn't work for large
file writes. Now we can't - or at least shouldn't just set no deadline
as go will happily let these connections block indefinitely. However,
what seems reasonable is to set some minimum rate we expect for writing.
This PR suggests the following algorithm:
* Every write has a minimum timeout of 5s (adjustable at compile time.)
* If there has been a previous write - then consider its previous
deadline, add half of the minimum timeout + 2s per kb about to written.
* If that new deadline is after the minimum timeout use that.
Fix#16055
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
* Fix data URI scramble (#16098)
* Removed unused method.
* No prefix for data uris.
* Added test to prevent regressions.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #16045
If you change the case of a username the change needs to be propagated to their
repositories.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16037
The i_like_gitea cookie appears to be missing the SameSite settings. I think they
were present at some point but may have been removed in a merge.
This PR ensures that they are set.
Fix#15972
Signed-off-by: Andrew Thornton <art27@cantab.net>
Revert change for account / org dashboard where IssueRefURLs do not
contain the full repo URL (case RepoLink is not true)
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Backport #15825
* Restore PAM user autocreation functionality
PAM autoregistration of users currently fails due to email invalidity.
This PR adds a new setting to PAM to allow an email domain to be set
or just sets the email to the noreply address and if that fails falls
back to uuid@localhost
Fix#15702
Signed-off-by: Andrew Thornton <art27@cantab.net>
* As per KN4CKER
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Backport #15855
The Tor browser does not use the system-ui font and no other fonts in the stack match
its default fonts. In fact it is possible that it will in future only
match generic fonts. This means that all rendering will first try the
emoji fonts before falling back to the sans-serif font for glyphs.
In this case has the emoji fall back fonts for Tor contains empty glyphs
for numbers - in order to protect privacy - and leads to numbers being
rendered as empty glyphs. This is clearly not ideal and whilst we could
use the Arimo font - as I state above I suspect that Tor will eventually
ban detecting this and we should instead move the sans-serif font higher
in the stack so that it matches before the emoji fonts.
Partial fix of #15844
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #15861
* Only write config in environment-to-ini if there are changes
Only write the new config in environment-to-ini if there are changes or the
destination is not the same as the customconf.
Fix#15719Fix#15857
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
Backport #15642
This PR is an alternative to #15628 and makes the go get handler a
handler.
Fix#15625Close#15628
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Backport #15831
In #15826 it has become apparent that there are a few occasions when a response can
hang during writing, and because there is no timeout go will happily just block
interminably. This PR adds a fixed 5 second timeout to all writes to a connection.
Fix#15826
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #15862
Fixes http: superfluous response.WriteHeader call from code.gitea.io/gitea/modules/context.(*Response).WriteHeader (response.go:67)
* Looking again we don't need this writeHeader as all of our downstream
implementations will always do it for us
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #15849
A common bug report is the otherwise harmless sshd logging:
```
Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory
```
This PR simply checks if these files exist before creation of sshd_config and if
they do not exist, doesn't add a reference to them.
Fix#14110 amongst others.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Backport #15835
Unfortunately some old repositories can have tags with empty Tagger, Commit
or Author. Go-Git variants will always have empty values for these whereas
the native git variant leaves them at nil. The simplest solution is just to
always have these set to empty Signatures.
v156 migration also makes the incorrect assumption that these cannot be empty.
Therefore add some handling to this and add logging and adjust broken
logging elsewhere in this migration.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Backport #15733
* Queue manager FlushAll can loop rapidly - add delay
Add delay within FlushAll to prevent rapid loop when workers are busy
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per lunny
Signed-off-by: Andrew Thornton <art27@cantab.net>