forgejo-federation/templates/repo/issue/view_content.tmpl
silverwind cda44750cb
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-05 01:49:33 -04:00

227 lines
9 KiB
Cheetah

<div class="ui stackable grid">
{{if .Flash}}
<div class="sixteen wide column">
{{template "base/alert" .}}
</div>
{{end}}
{{if not .Issue.IsPull}}
{{template "repo/issue/view_title" .}}
{{end}}
{{ $createdStr:= TimeSinceUnix .Issue.CreatedUnix $.Lang }}
<div class="twelve wide column comment-list prevent-before-timeline">
<ui class="ui timeline">
<div id="{{.Issue.HashTag}}" class="timeline-item comment first">
{{if .Issue.OriginalAuthor }}
<span class="timeline-avatar"><img src="/img/avatar_default.png"></span>
{{else}}
<a class="timeline-avatar" {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>
<img src="{{.Issue.Poster.RelAvatarLink}}">
</a>
{{end}}
<div class="content">
<div class="ui top attached header">
{{if .Issue.OriginalAuthor }}
<span class="text black">
<i class="fa {{MigrationIcon .Repository.GetOriginalURLHostname}}" aria-hidden="true"></i>
{{ .Issue.OriginalAuthor }}
</span>
<span class="text grey">
{{ .i18n.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr | Safe }}
</span>
<span class="text migrate">
{{if .Repository.OriginalURL}} ({{$.i18n.Tr "repo.migrated_from" .Repository.OriginalURL .Repository.GetOriginalURLHostname | Safe }}){{end}}
</span>
{{else}}
<span class="text grey">
<a class="author"{{if gt .Issue.Poster.ID 0}} href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.GetDisplayName}}</a>
{{.i18n.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr | Safe}}
</span>
{{end}}
{{if not $.Repository.IsArchived}}
<div class="ui right actions">
{{if gt .Issue.ShowTag 0}}
<div class="item tag">
{{if eq .Issue.ShowTag 2}}
{{$.i18n.Tr "repo.issues.collaborator"}}
{{else if eq .Issue.ShowTag 3}}
{{$.i18n.Tr "repo.issues.owner"}}
{{end}}
</div>
{{end}}
{{template "repo/issue/view_content/add_reaction" Dict "ctx" $ "ActionURL" (Printf "%s/issues/%d/reactions" $.RepoLink .Issue.Index)}}
{{template "repo/issue/view_content/context_menu" Dict "ctx" $ "item" .Issue "delete" false "diff" false "IsCommentPoster" $.IsIssuePoster}}
</div>
{{end}}
</div>
<div class="ui attached segment">
<div class="render-content markdown">
{{if .Issue.RenderedContent}}
{{.Issue.RenderedContent|Str2html}}
{{else}}
<span class="no-content">{{.i18n.Tr "repo.issues.no_content"}}</span>
{{end}}
</div>
<div id="comment-{{.Issue.ID}}" class="raw-content hide">{{.Issue.Content}}</div>
<div class="edit-content-zone hide" data-write="issue-{{.Issue.ID}}-write" data-preview="issue-{{.Issue.ID}}-preview" data-update-url="{{$.RepoLink}}/issues/{{.Issue.Index}}/content" data-context="{{.RepoLink}}" data-attachment-url="{{$.RepoLink}}/issues/{{.Issue.Index}}/attachments" data-view-attachment-url="{{$.RepoLink}}/issues/{{.Issue.Index}}/view-attachments"></div>
{{if .Issue.Attachments}}
<div class="ui clearing divider"></div>
<div class="ui middle aligned padded grid">
{{template "repo/issue/view_content/attachments" Dict "ctx" $ "Attachments" .Issue.Attachments}}
</div>
{{end}}
</div>
{{$reactions := .Issue.Reactions.GroupByType}}
{{if $reactions}}
<div class="ui attached segment reactions">
{{template "repo/issue/view_content/reactions" Dict "ctx" $ "ActionURL" (Printf "%s/issues/%d/reactions" $.RepoLink .Issue.Index) "Reactions" $reactions}}
</div>
{{end}}
</div>
</div>
{{ template "repo/issue/view_content/comments" . }}
{{if and .Issue.IsPull (not $.Repository.IsArchived)}}
{{ template "repo/issue/view_content/pull". }}
{{end}}
{{if .IsSigned}}
{{ if and (or .IsRepoAdmin .HasIssuesOrPullsWritePermission (not .Issue.IsLocked)) (not .Repository.IsArchived) }}
<div class="timeline-item comment form">
<a class="timeline-avatar" href="{{.SignedUser.HomeLink}}">
<img src="{{.SignedUser.RelAvatarLink}}">
</a>
<div class="content">
<form class="ui segment form" id="comment-form" action="{{$.RepoLink}}/issues/{{.Issue.Index}}/comments" method="post">
{{template "repo/issue/comment_tab" .}}
{{.CsrfTokenHtml}}
<input id="status" name="status" type="hidden">
<div class="field footer">
<div class="text right">
{{if and (or .HasIssuesOrPullsWritePermission .IsIssuePoster) (not .DisableStatusChange)}}
{{if .Issue.IsClosed}}
<div id="status-button" class="ui green basic button" tabindex="6" data-status="{{.i18n.Tr "repo.issues.reopen_issue"}}" data-status-and-comment="{{.i18n.Tr "repo.issues.reopen_comment_issue"}}" data-status-val="reopen">
{{.i18n.Tr "repo.issues.reopen_issue"}}
</div>
{{else}}
<div id="status-button" class="ui red basic button" tabindex="6" data-status="{{.i18n.Tr "repo.issues.close_issue"}}" data-status-and-comment="{{.i18n.Tr "repo.issues.close_comment_issue"}}" data-status-val="close">
{{.i18n.Tr "repo.issues.close_issue"}}
</div>
{{end}}
{{end}}
<button class="ui green button" tabindex="5">
{{.i18n.Tr "repo.issues.create_comment"}}
</button>
</div>
</div>
</form>
</div>
</div>
{{ else if .Repository.IsArchived }}
<div class="ui warning message">
{{if .Issue.IsPull}}
{{.i18n.Tr "repo.archive.pull.nocomment"}}
{{else}}
{{.i18n.Tr "repo.archive.issue.nocomment"}}
{{end}}
</div>
{{ end }}
{{else}}
{{if .Repository.IsArchived}}
<div class="ui warning message">
{{if .Issue.IsPull}}
{{.i18n.Tr "repo.archive.pull.nocomment"}}
{{else}}
{{.i18n.Tr "repo.archive.issue.nocomment"}}
{{end}}
</div>
{{else}}
{{if .IsSigned}}
{{if .Repository.IsArchived}}
<div class="timeline-item comment form">
<a class="timeline-avatar" href="{{.SignedUser.HomeLink}}">
<img src="{{.SignedUser.RelAvatarLink}}">
</a>
<div class="content">
<form class="ui segment form" id="comment-form" action="{{$.RepoLink}}/issues/{{.Issue.Index}}/comments" method="post">
{{template "repo/issue/comment_tab" .}}
{{.CsrfTokenHtml}}
<input id="status" name="status" type="hidden">
<div class="field footer">
<div class="text right">
{{if and (or .HasIssuesOrPullsWritePermission .IsIssuePoster) (not .DisableStatusChange)}}
{{if .Issue.IsClosed}}
<div id="status-button" class="ui green basic button" tabindex="6" data-status="{{.i18n.Tr "repo.issues.reopen_issue"}}" data-status-and-comment="{{.i18n.Tr "repo.issues.reopen_comment_issue"}}" data-status-val="reopen">
{{.i18n.Tr "repo.issues.reopen_issue"}}
</div>
{{else}}
<div id="status-button" class="ui red basic button" tabindex="6" data-status="{{.i18n.Tr "repo.issues.close_issue"}}" data-status-and-comment="{{.i18n.Tr "repo.issues.close_comment_issue"}}" data-status-val="close">
{{.i18n.Tr "repo.issues.close_issue"}}
</div>
{{end}}
{{end}}
<button class="ui green button" tabindex="5">
{{.i18n.Tr "repo.issues.create_comment"}}
</button>
</div>
</div>
</form>
</div>
</div>
{{end}}
{{else}}
<div class="ui warning message">
{{.i18n.Tr "repo.issues.sign_in_require_desc" .SignInLink | Safe}}
</div>
{{end}}
{{end}}
{{end}}
</ui>
</div>
{{ template "repo/issue/view_content/sidebar" . }}
</div>
<div class="hide" id="edit-content-form">
<div class="ui comment form">
<div class="ui top tabular menu">
<a class="active write item">{{$.i18n.Tr "write"}}</a>
<a class="preview item" data-url="{{$.Repository.APIURL}}/markdown" data-context="{{$.RepoLink}}">{{$.i18n.Tr "preview"}}</a>
</div>
<div class="field">
<div class="ui bottom active tab write">
<textarea tabindex="1" name="content"></textarea>
</div>
<div class="ui bottom tab preview markdown">
{{$.i18n.Tr "loading"}}
</div>
</div>
{{if .IsAttachmentEnabled}}
<div class="field">
<div class="comment-files"></div>
{{template "repo/upload" .}}
</div>
{{end}}
<div class="field footer">
<div class="text right edit">
<div class="ui basic blue cancel button" tabindex="3">{{.i18n.Tr "repo.issues.cancel"}}</div>
<div class="ui green save button" tabindex="2">{{.i18n.Tr "repo.issues.save"}}</div>
</div>
</div>
</div>
</div>
<div class="hide" id="no-content">
<span class="no-content">{{.i18n.Tr "repo.issues.no_content"}}</span>
</div>
<div class="ui small basic delete modal">
<div class="ui icon header">
<i class="trash icon"></i>
{{.i18n.Tr "repo.branch.delete" .HeadTarget }}
</div>
<div class="content">
<p>{{.i18n.Tr "repo.branch.delete_desc" | Str2html}}</p>
</div>
{{template "base/delete_modal_actions" .}}
</div>