From b41ccb06273ea317f3e9e968fbae78a353f6955e Mon Sep 17 00:00:00 2001 From: GiteaBot Date: Sun, 7 Dec 2025 00:42:24 +0000 Subject: [PATCH 1/2] [skip ci] Updated translations via Crowdin --- options/locale/locale_ga-IE.ini | 1 + options/locale/locale_pt-PT.ini | 1 + 2 files changed, 2 insertions(+) diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini index 6b9ae41e9b..6f348b1b71 100644 --- a/options/locale/locale_ga-IE.ini +++ b/options/locale/locale_ga-IE.ini @@ -215,6 +215,7 @@ more=Níos mó buttons.heading.tooltip=Cuir ceannteideal leis buttons.bold.tooltip=Cuir téacs trom leis buttons.italic.tooltip=Cuir téacs iodálach leis +buttons.strikethrough.tooltip=Cuir téacs trína chéile buttons.quote.tooltip=Téacs luaigh buttons.code.tooltip=Cuir cód leis buttons.link.tooltip=Cuir nasc leis diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini index 0b2e57ea00..f0a5f2142a 100644 --- a/options/locale/locale_pt-PT.ini +++ b/options/locale/locale_pt-PT.ini @@ -215,6 +215,7 @@ more=Mais buttons.heading.tooltip=Adicionar cabeçalho buttons.bold.tooltip=Adicionar texto em negrito buttons.italic.tooltip=Adicionar texto em itálico +buttons.strikethrough.tooltip=Adicionar texto rasurado buttons.quote.tooltip=Citar texto buttons.code.tooltip=Adicionar código-fonte buttons.link.tooltip=Adicionar uma ligação From 98ef79d73a6a546241dd02959ae17f136369b604 Mon Sep 17 00:00:00 2001 From: a1012112796 <1012112796@qq.com> Date: Mon, 8 Dec 2025 02:07:04 +0800 Subject: [PATCH 2/2] allow action user have read permission in public repo like other user (#36095) related #28187 --------- Signed-off-by: a1012112796 <1012112796@qq.com> --- models/perm/access/repo_permission.go | 8 ++- .../api_actions_permission_test.go | 54 +++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 tests/integration/api_actions_permission_test.go diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go index 15526cb1e6..d343ae6e35 100644 --- a/models/perm/access/repo_permission.go +++ b/models/perm/access/repo_permission.go @@ -276,8 +276,14 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito if !actionsCfg.IsCollaborativeOwner(taskRepo.OwnerID) || !taskRepo.IsPrivate { // The task repo can access the current repo only if the task repo is private and // the owner of the task repo is a collaborative owner of the current repo. - // FIXME allow public repo read access if tokenless pull is enabled // FIXME should owner's visibility also be considered here? + + // check permission like simple user but limit to read-only + perm, err = GetUserRepoPermission(ctx, repo, user_model.NewActionsUser()) + if err != nil { + return perm, err + } + perm.AccessMode = min(perm.AccessMode, perm_model.AccessModeRead) return perm, nil } accessMode = perm_model.AccessModeRead diff --git a/tests/integration/api_actions_permission_test.go b/tests/integration/api_actions_permission_test.go new file mode 100644 index 0000000000..072e2635a9 --- /dev/null +++ b/tests/integration/api_actions_permission_test.go @@ -0,0 +1,54 @@ +// Copyright 2025 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package integration + +import ( + "net/http" + "testing" + + "code.gitea.io/gitea/modules/setting" + api "code.gitea.io/gitea/modules/structs" + "code.gitea.io/gitea/modules/test" + "code.gitea.io/gitea/tests" + + "github.com/stretchr/testify/assert" +) + +func testActionUserSignIn(t *testing.T) { + req := NewRequest(t, "GET", "/api/v1/user"). + AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a") + resp := MakeRequest(t, req, http.StatusOK) + + var u api.User + DecodeJSON(t, resp, &u) + assert.Equal(t, "gitea-actions", u.UserName) +} + +func testActionUserAccessPublicRepo(t *testing.T) { + req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/raw/README.md"). + AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a") + resp := MakeRequest(t, req, http.StatusOK) + assert.Equal(t, "file", resp.Header().Get("x-gitea-object-type")) + + defer test.MockVariableValue(&setting.Service.RequireSignInViewStrict, true)() + + req = NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/raw/README.md"). + AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a") + resp = MakeRequest(t, req, http.StatusOK) + assert.Equal(t, "file", resp.Header().Get("x-gitea-object-type")) +} + +func testActionUserNoAccessOtherPrivateRepo(t *testing.T) { + req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo2/raw/README.md"). + AddTokenAuth("8061e833a55f6fc0157c98b883e91fcfeeb1a71a") + MakeRequest(t, req, http.StatusNotFound) +} + +func TestActionUserAccessPermission(t *testing.T) { + defer tests.PrepareTestEnv(t)() + + t.Run("ActionUserSignIn", testActionUserSignIn) + t.Run("ActionUserAccessPublicRepo", testActionUserAccessPublicRepo) + t.Run("ActionUserNoAccessOtherPrivateRepo", testActionUserNoAccessOtherPrivateRepo) +}