-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding private issues functionality #17711
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this PR is WIP, but I wanted to give you early feedback that you can integrate then early on.
Codecov Report
@@ Coverage Diff @@
## main #17711 +/- ##
=======================================
Coverage ? 45.50%
=======================================
Files ? 807
Lines ? 89960
Branches ? 0
=======================================
Hits ? 40932
Misses ? 42480
Partials ? 6548
Continue to review full report at Codecov.
|
Done, sorry for the late action, school got me busy this month. |
96b556e
to
3187673
Compare
Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Gary Kim <gary@garykim.dev>
3187673
to
241d735
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs a docs update in
| Confidential issues | [✘](https://github.com/go-gitea/gitea/issues/3217) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ | |
@@ -108,6 +108,8 @@ const ( | |||
CommentTypeDismissReview | |||
// 33 Change issue ref | |||
CommentTypeChangeIssueRef | |||
// 34 Change confidential | |||
CommentTypeConfidentialChanged |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs an update of string list below
Line 149 in c560ddb
"change_issue_ref", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any update? It's 2022 and there's $215 up for grabs at https://app.bountysource.com/issues/52815258-confidential-private-issues-on-public-repo
I think you should honor open source work a bit more. The last update was just 24 days ago which is not too much. I would estimate that this would be worth more than $215 if you would actually pay somebody to develop this. Also I don't think this should be rushed as this is security critical code. Approving is usually meaning you did a full code review and approve the code and I don't think you did. |
Thank you for politely calling me out on this and explaining the situation to me. You are right on all accounts.
I agree. I too often take for granted the countless man-hours that go into the development, maintenance, and upkeep of the 71,791 packages presently in my Linux Mint install.
A lot more.
I agree. I had read through the entire discussion at #3217, so there's no excuse.
Moreover on this, I do not know the Go language, which makes up the majority of the changes, so it's not possible for me to contribute any meaningful analysis of the code. |
please resolve conflicts :) |
I feel like the current path I'm taking is very hacky and not secure-by-design. We currently have Repository already under the context( This way I can personally ensure the security of this PR is good and not your usual "Yeah, I think this seems fine", otherwise I feel like we're just opening ourselves to security leaks etc. Any objections or better suggestions? Adding status/wip is it's obviously not ready to be merged. |
I will close this PR, as this is too outdated and I strongly feel that this architecture(bunch of if checks are your security) isn't safe to be shipped. There needs to go more thoughts and decisions into a future PR for this issue in order to make sure it's safe for this to be used. |
Add the base functionality for private issues.
Resolves #3217
TODOs:
Optional TODOs: