Fixes an error that arises, when a plugin with search
indices for repositories is removed and later on a repository
is deleted. This led to a null pointer exception in the
SearchableTypeResolver, but only because an "illegal" index
detail without proper type was given as a parameter. This
type cannot be resolved any longer due to the removed plugin.
We therefore can simply filter these index details.
* Throw more specific exception if compared revisions are ambiguous.
* Add changelog entry
* Move changelog entry in intended folder
* Small typo
Co-authored-by: Florian Scholdei <florian.scholdei@cloudogu.com>
Add feedback button and form. This feedback form can be used to provide direct feedback to the SCM-Manager Team.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Collapses a folder in code view which only has another folder as its only child. This lets you access a sub-folder which has content directly instead of navigating down the folder tree by clicking every folder separately.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
* Update lock files
* Replace usage of org.apache.commons.lang3 with guava
* Update vulnerable version of cron-utils
Update cron-util from version 9.1.3 to 9.1.6.
Version 9.1.6 fixes an arbitrary code execution
vulnerability (CVE-2021-41269).
SCM-Manager is not affected by this issue,
because it is related to the el parsing
of an annotation which we don't use.
Enable gradle dependency locking for all subprojects. This change allows us to use dependency ranges, without loosing reproducible builds.
It also makes it easier for third party services such as snyk to detect dependencies and their versions.
If the plugin center authentication fails,
the plugins are fetched without authentication
and a warning is displayed on the plugin page.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
On Windows it is much more necessary to close files to avoid locked files which prevent deleting a temporary file or folder. Also paths need to be handled differently because of the drive letter and colon appearing on Windows.
Add security notifications in SCM-Manager to inform running instances about known security issues. These alerts can be core or plugin specific and will be shown to every user in the header.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Users, groups, repositories and repository roles have been sorted in the rest layer by default if no other sort option was given. In the layers "below" (aka the manager classes or the dao), the collections have been unsorted. This led to the effect, that the autocomplete resource, which did not sort all values beforehand, returned unsorted results. As a sideeffect, direct matches for an input could occur at a random position or not at all (as reported in #1695), when there were enough other matches.
With this pull request the databases for users, groups, repositories and repository roles will use instances of TreeMap instead of LinkedHashMap internally, so that these values are sorted implicitly (by id respectively name for users, groups and repository roles and namespace/name for repositories).
Due to this change the default sort applied in the rest layer could be removed.
Changes the "namespace" input in the repository creation form or the "rename repository" dialog to an
autocomplete input. Of course this is only available for the "custom" namespace strategy.
Fix syntax highlighting on non highlighted fields. Fix ellipsis on new lines in code syntax highlighting. Fix ellipsis on content start or end in non code fields.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Updated spotter to version 4 in order to get prism syntax mode for detected coding languages.
Expose syntax modes of coding languages as headers on content endpoint and as fields on diff dto.
Remove leading line break on search result fragments.
Use mark instead of span or strong for highlighted search results.
Add option to use syntax highlighting in TextHitField component.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Allows scm-manager instances to authenticate with the configured plugin center. If the default plugin center is used, a myCloudogu account is used for authentication which in turn enables downloading special myCloudogu plugins directly through the plugin administration page.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: Matthias Thieroff <93515444+mthieroff@users.noreply.github.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
When the ResourceLinks class could not access the
scmPathInfoStore due to an invalid request scope
(that is outside http requests), this might
lead to confusion due to messages from guice. We
try to "fix" these by using an own explanation to
what probably went wrong and how to mitigate this.
Fix access to ScmPathInfoStore as Provider to prevent injection errors. Errors might happen, if beans using ScmPathInfoStore (like the BranchLinkProvider) are injected in beans that are singletons or that have be created outside of request scope otherwise. We do so knowing that this might lead to runtime errors (eg. when links shall be build in a thread that has no request scope). We have decided nonetheless that injection errors on startup are worse for plugin developers, that may have no clue how to solve injection problems.
Enrich branch overview with more details like last committer and ahead/behind commits. Since calculating this information is pretty intense, we request it in chunks to prevent very long loading times. Also we cache the results in frontend and backend.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Fixes edge cases for "move" in the modify command, like
- reject backslashes in validation
- add overwrite option
- check for invalid source and target options
This is an update to the implementation of "move" in #1859.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Update Gradle to 7.3. in order to profit from the performance improvement and to prepare for dependency lockfiles. Due to the upgrade to 7.x we had to use a license plugin which supports Gradle 7.
On windows unit tests are failing because junit checks if all @tempdir directries are empty and can be deleted after test run.
But due to opened file handles (not closed resource streams) Windows keeps files, which are "in use".
Linux is less strict in this area.
Additionally I want highlight that XMLStreamReaderImpl/XMLStreamWriterImpl from apache.xerces library (in OpenJDK11 at least) which are picked at runtime as xml parser implementation - they don't close associated resources.
BTW, I thing that relying on some runtime (sometimes - unpredictable) dependencies - is bad practice, but this it up to separate topic.
Additional fix: in IOUtil is file is locked (due to permissions or opened handle) - it will undlessly try-and-retry to delete it until end of the world, on windows.
Update webpack in the following components to version 5:
ui-styles (StyleGuide)
ui-components (Storybook)
ui-scripts (gradle run/build)
This change will also fix a circular dependency between ui-api and ui-components.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Adds a "file lock" command that can be used to mark files as locked by a specific user. This command is implemented for git using a store to keep the locks.
Additionally, the Git LFS locking API is implemented.
To display locks, the scm-manager/scm-file-lock-plugin can be used.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Adds a pre receive repository hook that prevents the deletion of the default branch.
Mirrored repositories will change their default branches to another branch, when it is deleted.
Clears the external group cache whenever a user gets logged out by the logout rest method or the user gets deleted.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Bind mapper implementations automatically to related mappers using the annotation processor. With this change it is not longer required to bind mapper explicitly using mapper modules which reduces some boilerplate code.
