Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding private issues functionality #17711

Closed
wants to merge 85 commits into from
Closed

Conversation

Gusted
Copy link
Contributor

@Gusted Gusted commented Nov 18, 2021

Add the base functionality for private issues.

Resolves #3217

TODOs:

Optional TODOs:

  • Allow to assign users to private issues, so they have access to it too (as long as they are assigned)

@Gusted Gusted changed the title WIP: Private comments WIP: Private issues Nov 18, 2021
Copy link
Member

@delvh delvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this PR is WIP, but I wanted to give you early feedback that you can integrate then early on.

models/error.go Outdated Show resolved Hide resolved
services/issue/issue.go Show resolved Hide resolved
routers/web/repo/issue.go Outdated Show resolved Hide resolved
routers/web/repo/issue.go Outdated Show resolved Hide resolved
routers/web/repo/issue.go Outdated Show resolved Hide resolved
models/repo_permission.go Outdated Show resolved Hide resolved
routers/api/v1/repo/issue.go Outdated Show resolved Hide resolved
routers/web/repo/issue.go Outdated Show resolved Hide resolved
routers/web/repo/issue.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 18, 2021
@codecov-commenter
Copy link

codecov-commenter commented Nov 19, 2021

Codecov Report

❗ No coverage uploaded for pull request base (main@a8fd765). Click here to learn what that means.
The diff coverage is 24.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##             main   #17711   +/-   ##
=======================================
  Coverage        ?   45.50%           
=======================================
  Files           ?      807           
  Lines           ?    89960           
  Branches        ?        0           
=======================================
  Hits            ?    40932           
  Misses          ?    42480           
  Partials        ?     6548           
Impacted Files Coverage Δ
models/error.go 38.42% <0.00%> (ø)
models/issue_comment.go 52.69% <ø> (ø)
models/org_team.go 56.21% <0.00%> (ø)
routers/api/v1/repo/issue.go 46.56% <0.00%> (ø)
routers/web/org/teams.go 0.00% <0.00%> (ø)
services/forms/org.go 0.00% <ø> (ø)
services/forms/repo_form.go 41.25% <ø> (ø)
services/issue/issue.go 24.74% <0.00%> (ø)
models/issue.go 56.83% <26.92%> (ø)
routers/web/repo/issue.go 38.87% <28.57%> (ø)
... and 4 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a8fd765...75c8a34. Read the comment docs.

@Gusted
Copy link
Contributor Author

Gusted commented Dec 15, 2021

Please resolve conflicts

Done, sorry for the late action, school got me busy this month.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Gary Kim <gary@garykim.dev>
@Gusted Gusted mentioned this pull request Jan 23, 2022
@Gusted Gusted added this to the 1.17.0 milestone Feb 28, 2022
Copy link
Contributor

@qwerty287 qwerty287 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a docs update in

| Confidential issues | [](https://github.com/go-gitea/gitea/issues/3217) |||||||

@@ -108,6 +108,8 @@ const (
CommentTypeDismissReview
// 33 Change issue ref
CommentTypeChangeIssueRef
// 34 Change confidential
CommentTypeConfidentialChanged
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs an update of string list below

"change_issue_ref",

Copy link

@anonyco anonyco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mohe2015
Copy link
Contributor

mohe2015 commented Apr 8, 2022

Any update? It's 2022 and there's $215 up for grabs at https://app.bountysource.com/issues/52815258-confidential-private-issues-on-public-repo

I think you should honor open source work a bit more. The last update was just 24 days ago which is not too much. I would estimate that this would be worth more than $215 if you would actually pay somebody to develop this. Also I don't think this should be rushed as this is security critical code. Approving is usually meaning you did a full code review and approve the code and I don't think you did.

@anonyco
Copy link

anonyco commented Apr 8, 2022

Thank you for politely calling me out on this and explaining the situation to me. You are right on all accounts.

I think you should honor open source work a bit more. The last update was just 24 days ago which is not too much.

I agree. I too often take for granted the countless man-hours that go into the development, maintenance, and upkeep of the 71,791 packages presently in my Linux Mint install.

I would estimate that this would be worth more than $215 if you would actually pay somebody to develop this.

A lot more.

Also I don't think this should be rushed as this is security critical code.

I agree. I had read through the entire discussion at #3217, so there's no excuse.

Approving is usually meaning you did a full code review and approve the code and I don't think you did.

Moreover on this, I do not know the Go language, which makes up the majority of the changes, so it's not possible for me to contribute any meaningful analysis of the code.

models/issue.go Show resolved Hide resolved
@6543
Copy link
Member

6543 commented Apr 28, 2022

please resolve conflicts :)

@Gusted Gusted added the pr/wip This PR is not ready for review label May 3, 2022
@Gusted
Copy link
Contributor Author

Gusted commented May 3, 2022

I feel like the current path I'm taking is very hacky and not secure-by-design. We currently have Repository already under the context(ctx.Repo) and thus has one function that fetch the repo and do some standard checks. I think we might want to consider doing the same for Issues.

This way I can personally ensure the security of this PR is good and not your usual "Yeah, I think this seems fine", otherwise I feel like we're just opening ourselves to security leaks etc.

Any objections or better suggestions?

Adding status/wip is it's obviously not ready to be merged.

@Gusted Gusted modified the milestones: 1.17.0, 1.18.0 May 12, 2022
@Gusted Gusted mentioned this pull request Jun 19, 2022
@Gusted
Copy link
Contributor Author

Gusted commented Aug 20, 2022

I will close this PR, as this is too outdated and I strongly feel that this architecture(bunch of if checks are your security) isn't safe to be shipped. There needs to go more thoughts and decisions into a future PR for this issue in order to make sure it's safe for this to be used.

@Gusted Gusted closed this Aug 20, 2022
@lunny lunny removed this from the 1.18.0 milestone Dec 20, 2022
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. pr/wip This PR is not ready for review type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Confidential (private) issues on public repo