Review comment fixes

2026-01-25 08:30:57 +01:00 · 2025-12-24 02:49:37 +01:00 · 2025-12-24 02:49:37 +01:00 · 9bd8b8109d
commit 9bd8b8109d
parent 50f300b421
6 changed files with 4 additions and 75 deletions
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@ -176,8 +176,6 @@ const (
 	ActionsTokenPermissionModePermissive ActionsTokenPermissionMode = "permissive"
 	// ActionsTokenPermissionModeRestricted - read access by default
 	ActionsTokenPermissionModeRestricted ActionsTokenPermissionMode = "restricted"
-	// ActionsTokenPermissionModeCustom - user-defined permissions
-	ActionsTokenPermissionModeCustom ActionsTokenPermissionMode = "custom"
 )

 // ActionsTokenPermissions defines the permissions for different repository units
--- a/routers/web/org/setting/actions.go
+++ b/routers/web/org/setting/actions.go
@ -33,8 +33,6 @@ func ActionsGeneral(ctx *context.Context) {
 	ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode()
 	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
 	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
-	ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom
-	ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
 	ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()

 	ctx.Data["AllowCrossRepoAccess"] = actionsCfg.AllowCrossRepoAccess
@ -57,37 +55,10 @@ func ActionsGeneralPost(ctx *context.Context) {
 	// Update Token Permission Mode
 	permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode"))
 	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted ||
-		permissionMode == repo_model.ActionsTokenPermissionModePermissive ||
-		permissionMode == repo_model.ActionsTokenPermissionModeCustom {
+		permissionMode == repo_model.ActionsTokenPermissionModePermissive {
 		actionsCfg.TokenPermissionMode = permissionMode
 	}

-	if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
-		// Custom mode uses radio buttons for each permission scope
-		parsePerm := func(name string) perm.AccessMode {
-			value := ctx.FormString(name)
-			switch value {
-			case "write":
-				return perm.AccessModeWrite
-			case "read":
-				return perm.AccessModeRead
-			default:
-				return perm.AccessModeNone
-			}
-		}
-
-		actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{
-			Actions:      parsePerm("perm_actions"),
-			Contents:     parsePerm("perm_contents"),
-			Issues:       parsePerm("perm_issues"),
-			Packages:     parsePerm("perm_packages"),
-			PullRequests: parsePerm("perm_pull_requests"),
-			Wiki:         parsePerm("perm_wiki"),
-		}
-	} else {
-		actionsCfg.DefaultTokenPermissions = nil
-	}
-
 	// Update Maximum Permissions (radio buttons: none/read/write)
 	parseMaxPerm := func(name string) perm.AccessMode {
 		value := ctx.FormString("max_" + name)
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@ -41,8 +41,6 @@ func ActionsGeneralSettings(ctx *context.Context) {
 	ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode()
 	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
 	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
-	ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom
-	ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
 	ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()

 	if ctx.Repo.Repository.IsPrivate {
@ -146,8 +144,7 @@ func UpdateTokenPermissions(ctx *context.Context) {
 	// Update permission mode
 	permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode"))
 	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted ||
-		permissionMode == repo_model.ActionsTokenPermissionModePermissive ||
-		permissionMode == repo_model.ActionsTokenPermissionModeCustom {
+		permissionMode == repo_model.ActionsTokenPermissionModePermissive {
 		actionsCfg.TokenPermissionMode = permissionMode
 	} else {
 		ctx.Flash.Error("Invalid token permission mode")
@ -155,32 +152,6 @@ func UpdateTokenPermissions(ctx *context.Context) {
 		return
 	}

-	if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
-		// Custom mode uses radio buttons for each permission scope
-		parsePerm := func(name string) perm.AccessMode {
-			value := ctx.FormString(name)
-			switch value {
-			case "write":
-				return perm.AccessModeWrite
-			case "read":
-				return perm.AccessModeRead
-			default:
-				return perm.AccessModeNone
-			}
-		}
-
-		actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{
-			Actions:      parsePerm("perm_actions"),
-			Contents:     parsePerm("perm_contents"),
-			Issues:       parsePerm("perm_issues"),
-			Packages:     parsePerm("perm_packages"),
-			PullRequests: parsePerm("perm_pull_requests"),
-			Wiki:         parsePerm("perm_wiki"),
-		}
-	} else {
-		actionsCfg.DefaultTokenPermissions = nil
-	}
-
 	// Update Maximum Permissions (radio buttons: none/read/write)
 	parseMaxPerm := func(name string) perm.AccessMode {
 		value := ctx.FormString("max_" + name)
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@ -241,12 +241,9 @@ func TestActionsTokenPermissionsClamping(t *testing.T) {
 				RepoID: repository.ID,
 				Type:   unit_model.TypeActions,
 				Config: &repo_model.ActionsConfig{
-					TokenPermissionMode: repo_model.ActionsTokenPermissionModeCustom,
-					DefaultTokenPermissions: &repo_model.ActionsTokenPermissions{
-						Contents: perm.AccessModeWrite, // Default is Write
-					},
+					TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive,
 					MaxTokenPermissions: &repo_model.ActionsTokenPermissions{
-						Contents: perm.AccessModeRead, // Max is Read
+						Contents: perm.AccessModeRead, // Max is Read - will clamp default Write to Read
 					},
 				},
 			})
--- a/web_src/js/features/repo-settings-actions.ts
+++ b/web_src/js/features/repo-settings-actions.ts
@ -1,6 +0,0 @@
-// initRepoSettingsActionsPermissions is currently a no-op placeholder.
-// The permission mode radio buttons work via standard HTML form submission
-// without requiring JavaScript for toggling visibility.
-export function initRepoSettingsActionsPermissions(): void {
-  // No-op - form submission handles permission updates
-}
--- a/web_src/js/index-domready.ts
+++ b/web_src/js/index-domready.ts
@ -64,7 +64,6 @@ import {initGlobalButtonClickOnEnter, initGlobalButtons, initGlobalDeleteButton}
 import {initGlobalComboMarkdownEditor, initGlobalEnterQuickSubmit, initGlobalFormDirtyLeaveConfirm} from './features/common-form.ts';
 import {callInitFunctions} from './modules/init.ts';
 import {initRepoViewFileTree} from './features/repo-view-file-tree.ts';
-import {initRepoSettingsActionsPermissions} from './features/repo-settings-actions.ts';

 const initStartTime = performance.now();
 const initPerformanceTracer = callInitFunctions([
@ -159,7 +158,6 @@ const initPerformanceTracer = callInitFunctions([
  initOAuth2SettingsDisableCheckbox,

  initRepoFileView,
-  initRepoSettingsActionsPermissions,
 ]);

 // it must be the last one, then the "querySelectorAll" only needs to be executed once for global init functions.