This adds a markdown renderer for images, so that images
that are referenced by their repository path are resolved
correctly. In this case, the content rest endpoint is
rendered as source url. For this, two new contexts
(RepositoryContext and RepositoryRevisionContext)
have been added, that make the repository and the
current revision available, so that the content url can
be resolved properly. These new contexts may be used
by plugins like the scm-readme-plugin.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Reviewed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
An accessibility requirement dictates that our custom shortcut system must be allowed to be disabled. A new accessibility settings page has been added to the user profile, similar to the theme settings. It is persisted in local storage.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
In `751343f` we forced words to wrap in a variety of places in the SCM-Manager to prevent unintentional overflow breaking the layout. This was also added to the markdown view which had implications for tables in these views including long headers that would now break in a not so pretty fashion. After investigating potential implications and checking other usages of the markdown view, we removed the problematic class again in this particular instance as it was seemingly not serving any positive purpose and removing it had no negative impact.
A new api is introduced to allow focus-based list iteration through keyboard shortcuts. The api is initially considered closed and only used in the repository overview.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
The plugin center cache was not invalidated when the proxy configuration was changed in the global settings. This caused stale and inconsistent state to be displayed to the user while there was no feedback that something was wrong.
Global Modals as components, and as a result their registration hooks, have a lifecycle that spans the whole application. Because of this, they never get unmounted. The registration hook will simply be re-rendered with an updated "active" flag. Because the hook did not reset to its initial state when switching from "active" to "deactive", it decremented the modal count twice. Once in the cleanup of the previous hook render and once in the else block ("inactive").
Cloning repositories with LFS data via ssh requires the creation of access tokens using a subject authenticated with an already scoped token (the first scoped token is created by the ssh lfs authentication command; with this token the further requests are issued which will create further tokens for the individual lfs download requests). This failed, because such a creation was rejected without further checks. Now we test, whether the requested scope is permitted by the current scope.
This adds the possibility to load files managed by lfs to the repository import of git repositories.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Sometimes it happens that a git diff command request is performed with a non-existent target branch. This is usually fine but the underlying system might have already garbage-collected the revisions associated with that branch. In this case, the revision for that deleted branch might turn up null which currently causes a 500 error. We catch this specific corner-case and throw the correct NotFoundException instead.
In recent weeks we have created an api for declaring keyboard shortcuts and tested its usage in internal modules. After successfully verifying it, we are now exposing it for plugins to use. The api has also received some tweaks in the process to make it more flexible, such as allowing bound shortcuts not to appear in the documentation dialog or allowing shortcuts to explicitly allow event bubbling.
The pending queue is updated after all the plugins to be installed are collected, and then we already may have duplicate entries. Because of this we check right on the collecting step if the plugin was already added during this single action.
If a new branch is pushed in Git without new commits (the branch
is created on a commit that already exists in the SCM-Manager repository
and pushed without any further commit), all ancestors of the commit
the branch points to have been treated as if they were new by the
hook changeset provider. This led to severe errors like wrong
push logs (by the pushlog plugin) or re-evaluated commit messages
by the commit message checker plugin.
This fixes this wrong behaviour. If new commits are not provided by
the pack parser, no commit will be treated as a new one.
There is currently no documentation which shortcuts are available to the end user, neither within the application nor the documentation published on scm-manager.org. This PR adds the missing documentation in both places and introduces a new api for developers to add documentation when using `useShortcut`. It also improves the api for conditional shortcuts significantly.
If a POST request is submitted to the rest api for repostory permissions, the regex validator ignores the name field if it is null, which leads to an internal server error and breaks any further attempts to interact with that repository. An additional not-null constraint resolves this problem.
The global navigation can be accessed with the following key combination:
Option-R = Repositories
Option-U = User
Option-G = Groups
Option-A = Administration
The navigation within a repository can be accessed with a combination with g:
gi = Information
gb = Branches
gt = Tags
gc = Code
gs = Settings
Enable users to jump to the global search bar by pressing the "/" key from anywhere. Open modals block this shortcut. This PR also introduces a generic system for declaring global shortcuts by utilizing the third-party library mousetrap.
This reduces the amount of lines logged with log level
'trace' from the DefaultRealm. This is done by concatenating
the single permissions and roles in a single line.
A log with the new layout looks something like this (the [...]
would list all further permissions in the real log output):
TRACE sonia.scm.security.DefaultRealm - authorization summary:
username : scmadmin
roles : user
scope :
permissions: repository:*:ChTG0dBeUH , group:autocomplete , repository:*:[...]
In contrast, with the old layout it looks like this:
TRACE sonia.scm.security.DefaultRealm - authorization summary:
username : scmadmin
roles :
- user
scope :
permissions:
- repository:*:ChTG0dBeUH
- group:autocomplete
- repository:*:5DTFWwBTiY
- repository:*:ASTGBIVz11D
- user:changeApiKeys:scmadmin
- user:changePassword:scmadmin
- user:changePublicKeys:scmadmin
- user:readAuthorizedKeys,writeAuthorizedKeys:scmadmin
- *
- user:read:scmadmin
- user:autocomplete
- repository:*:4rT7VPex5J
The lazy loading feature implemented for git was broken,
because the repeated usage in the BrowserResultCollapser
has overwritten the request in the command. Therefore
the command could no longer update the cache in the
BrowseCommandBuilder.
To fix this, we now use a browse command factory (represented
by a simple supplier) that will create a dedicated command
implementation for each request issued in the collapser.
Using plus symbol in global search led to a space in the query parameter of the URL. We now encode the query string properly in global search and additionally fixed the expert search documentation.
Due to unexpected and largely unchangeable behavior by both react-router and the browser, square brackets are not correctly encoded in the url when clicking a file link in the source view where the filename contains either of these characters. The source view then tries to use the useSources hook to get the file content but fails, because the path param for the file path it gets from the url has unencoded square brackets in them which are illegal in urls except for declaring IPv6 addresses. We have created a catch for exactly this scenario at the latest possible point before the actual http request is fired, which is in the useSources hook. It seems like the square brackets are the only affected special characters so we force encoding on them specifically. Only the path portion of the URL is checked so the host portion of the url may still contain unencoded square brackets which are left untouched.
We stumbled upon errors accessing index from plugins which were not yet initialized. To prevent this errors we use our own No-Op IndexReader for missing indices.
The new docker health check respects the jetty configuration and uses the configured port and context path.
It supports ssl listeners and follows redirects.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Enhance search result view by sorting the categories after their translation (repositories will still be sticky on top). Further disable categories with no search results and be more explicit with the text displayed if no search results were found.
Adds a new button to repository settings to allow users to manually delete and re-create search indices. The actual re-indexing is happening in plugins that subscribe to the newly created event.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
On some pages with pagination, the user is led to believe that no data is available if a page with page number which it too high is accessed. However, since we show the page number to the outside and the user can access it through the URL, we must also provide appropriate handling. The underlying data can change and so can the number of pages. Now, if a bookmark was saved from an older version, the link should still lead to a destination.
Adds the CLI commands that are available to handle repository permissions on repositories for namespaces.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
