From 9bd8b8109d9b68e167c561e37e35f28378f95751 Mon Sep 17 00:00:00 2001 From: Excellencedev Date: Wed, 24 Dec 2025 02:49:37 +0100 Subject: [PATCH] Review comment fixes --- models/repo/repo_unit.go | 2 -- routers/web/org/setting/actions.go | 31 +------------------- routers/web/repo/setting/actions.go | 31 +------------------- tests/integration/actions_job_token_test.go | 7 ++--- web_src/js/features/repo-settings-actions.ts | 6 ---- web_src/js/index-domready.ts | 2 -- 6 files changed, 4 insertions(+), 75 deletions(-) delete mode 100644 web_src/js/features/repo-settings-actions.ts diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go index e84a52439c..a04023462a 100644 --- a/models/repo/repo_unit.go +++ b/models/repo/repo_unit.go @@ -176,8 +176,6 @@ const ( ActionsTokenPermissionModePermissive ActionsTokenPermissionMode = "permissive" // ActionsTokenPermissionModeRestricted - read access by default ActionsTokenPermissionModeRestricted ActionsTokenPermissionMode = "restricted" - // ActionsTokenPermissionModeCustom - user-defined permissions - ActionsTokenPermissionModeCustom ActionsTokenPermissionMode = "custom" ) // ActionsTokenPermissions defines the permissions for different repository units diff --git a/routers/web/org/setting/actions.go b/routers/web/org/setting/actions.go index 949ceb1a2a..44c6b58bda 100644 --- a/routers/web/org/setting/actions.go +++ b/routers/web/org/setting/actions.go @@ -33,8 +33,6 @@ func ActionsGeneral(ctx *context.Context) { ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode() ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted - ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom - ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false) ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions() ctx.Data["AllowCrossRepoAccess"] = actionsCfg.AllowCrossRepoAccess @@ -57,37 +55,10 @@ func ActionsGeneralPost(ctx *context.Context) { // Update Token Permission Mode permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode")) if permissionMode == repo_model.ActionsTokenPermissionModeRestricted || - permissionMode == repo_model.ActionsTokenPermissionModePermissive || - permissionMode == repo_model.ActionsTokenPermissionModeCustom { + permissionMode == repo_model.ActionsTokenPermissionModePermissive { actionsCfg.TokenPermissionMode = permissionMode } - if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom { - // Custom mode uses radio buttons for each permission scope - parsePerm := func(name string) perm.AccessMode { - value := ctx.FormString(name) - switch value { - case "write": - return perm.AccessModeWrite - case "read": - return perm.AccessModeRead - default: - return perm.AccessModeNone - } - } - - actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{ - Actions: parsePerm("perm_actions"), - Contents: parsePerm("perm_contents"), - Issues: parsePerm("perm_issues"), - Packages: parsePerm("perm_packages"), - PullRequests: parsePerm("perm_pull_requests"), - Wiki: parsePerm("perm_wiki"), - } - } else { - actionsCfg.DefaultTokenPermissions = nil - } - // Update Maximum Permissions (radio buttons: none/read/write) parseMaxPerm := func(name string) perm.AccessMode { value := ctx.FormString("max_" + name) diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go index cd3b0ae7bf..a9b4e3761c 100644 --- a/routers/web/repo/setting/actions.go +++ b/routers/web/repo/setting/actions.go @@ -41,8 +41,6 @@ func ActionsGeneralSettings(ctx *context.Context) { ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode() ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted - ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom - ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false) ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions() if ctx.Repo.Repository.IsPrivate { @@ -146,8 +144,7 @@ func UpdateTokenPermissions(ctx *context.Context) { // Update permission mode permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode")) if permissionMode == repo_model.ActionsTokenPermissionModeRestricted || - permissionMode == repo_model.ActionsTokenPermissionModePermissive || - permissionMode == repo_model.ActionsTokenPermissionModeCustom { + permissionMode == repo_model.ActionsTokenPermissionModePermissive { actionsCfg.TokenPermissionMode = permissionMode } else { ctx.Flash.Error("Invalid token permission mode") @@ -155,32 +152,6 @@ func UpdateTokenPermissions(ctx *context.Context) { return } - if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom { - // Custom mode uses radio buttons for each permission scope - parsePerm := func(name string) perm.AccessMode { - value := ctx.FormString(name) - switch value { - case "write": - return perm.AccessModeWrite - case "read": - return perm.AccessModeRead - default: - return perm.AccessModeNone - } - } - - actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{ - Actions: parsePerm("perm_actions"), - Contents: parsePerm("perm_contents"), - Issues: parsePerm("perm_issues"), - Packages: parsePerm("perm_packages"), - PullRequests: parsePerm("perm_pull_requests"), - Wiki: parsePerm("perm_wiki"), - } - } else { - actionsCfg.DefaultTokenPermissions = nil - } - // Update Maximum Permissions (radio buttons: none/read/write) parseMaxPerm := func(name string) perm.AccessMode { value := ctx.FormString("max_" + name) diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go index 58980e482b..57afb154ce 100644 --- a/tests/integration/actions_job_token_test.go +++ b/tests/integration/actions_job_token_test.go @@ -241,12 +241,9 @@ func TestActionsTokenPermissionsClamping(t *testing.T) { RepoID: repository.ID, Type: unit_model.TypeActions, Config: &repo_model.ActionsConfig{ - TokenPermissionMode: repo_model.ActionsTokenPermissionModeCustom, - DefaultTokenPermissions: &repo_model.ActionsTokenPermissions{ - Contents: perm.AccessModeWrite, // Default is Write - }, + TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive, MaxTokenPermissions: &repo_model.ActionsTokenPermissions{ - Contents: perm.AccessModeRead, // Max is Read + Contents: perm.AccessModeRead, // Max is Read - will clamp default Write to Read }, }, }) diff --git a/web_src/js/features/repo-settings-actions.ts b/web_src/js/features/repo-settings-actions.ts deleted file mode 100644 index 44809d2781..0000000000 --- a/web_src/js/features/repo-settings-actions.ts +++ /dev/null @@ -1,6 +0,0 @@ -// initRepoSettingsActionsPermissions is currently a no-op placeholder. -// The permission mode radio buttons work via standard HTML form submission -// without requiring JavaScript for toggling visibility. -export function initRepoSettingsActionsPermissions(): void { - // No-op - form submission handles permission updates -} diff --git a/web_src/js/index-domready.ts b/web_src/js/index-domready.ts index da1f3f80d0..660e5c0989 100644 --- a/web_src/js/index-domready.ts +++ b/web_src/js/index-domready.ts @@ -64,7 +64,6 @@ import {initGlobalButtonClickOnEnter, initGlobalButtons, initGlobalDeleteButton} import {initGlobalComboMarkdownEditor, initGlobalEnterQuickSubmit, initGlobalFormDirtyLeaveConfirm} from './features/common-form.ts'; import {callInitFunctions} from './modules/init.ts'; import {initRepoViewFileTree} from './features/repo-view-file-tree.ts'; -import {initRepoSettingsActionsPermissions} from './features/repo-settings-actions.ts'; const initStartTime = performance.now(); const initPerformanceTracer = callInitFunctions([ @@ -159,7 +158,6 @@ const initPerformanceTracer = callInitFunctions([ initOAuth2SettingsDisableCheckbox, initRepoFileView, - initRepoSettingsActionsPermissions, ]); // it must be the last one, then the "querySelectorAll" only needs to be executed once for global init functions.