Slight markup changes, same style overall and same
form parameters as the PHP implementation.
In addition, we've disabled the "left" and "right"
navigation buttons when we're at the border of the
table.
CSS Changes:
- Added similar styling to submit `<buttons>` that submit `<input>` had.
- Added .results tr td[align="{left,right}"] styling to align
the result table's `More -->` button to the right of the table.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit ports the `/tu/?id={proposal_id}` PHP routes to
FastAPI into two individual GET and POST routes.
With this port of the single proposal view and POST logic,
several things have changed.
- The only parameter used is now `decision`, which
must contain `Yes`, `No`, or `Abstain` as a string.
When an invalid value is given, a BAD_REQUEST response
is returned in plaintext: Invalid 'decision' value.
- The `doVote` parameter has been removed.
- The details section has been rearranged into a set
of divs with specific classes that can be used for
testing. CSS has been added to persist the layout with
the element changes.
- Several errors that can be discovered in the POST path
now trigger their own non-200 HTTPStatus codes.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The Document.execCommand API is deprecated and no longer recommended to
be used. It's replacement is the much simpler navigator.clipboard API
which is supported in all browsers except internet explorer.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
This solves an issue where DECIMAL is not native
to sqlite by using a string to store values and
converting them to float in user code.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The Document.execCommand API is deprecated and no longer recommended to
be used. It's replacement is the much simpler navigator.clipboard API
which is supported in all browsers except internet explorer.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
The account deletion code tries to remove user from PackageNotifications
using the wrong column UsersID to identify the user by id. In the
PackagePackageNotifications table the foreign key is called UserID. In
the future ideally this would be unified into UserID for all tables.
Closes: #12
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
jsdelivr is another free CDN service for open source projects.
The main motivation for this change is that it is the only one that works fairly
well across the globe. The Google CDN service is known to be hardly
accessible in mainland China, unfortunately.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
I think after 10-15 years we might want to adjust those values. With a
30min cache and 20 items per creation I would bet some new AUR packages
might be swept under the carpet.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When the keyword parameter is empty, the AND clause has to be omitted,
otherwise we get an SQL syntax error:
... WHERE PackageBases.PackagerUID IS NOT NULL AND () ...
This got broken in commit 9e30013aa4fc6ce3a3c9f6f83a6fe789c1fc2456
Author: Kevin Morris <kevr.gtalk@gmail.com>
Date: Sun Jul 5 18:19:06 2020 -0700
Support conjunctive keyword search in RPC interface
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a `redirect` query argument to SSO login endpoints so that
users are redirected to the page they were originally on when they
clicked the Login link.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This feature was originally introduced by
f961ffd9c7 as a fix for FS#12898
<https://bugs.archlinux.org/task/12898>.
As of today, it is broken because of the `q.SessionID IS NULL` condition
in the WHERE clause, which can’t be true because SessionID is not
nullable. As a consequence, the session limit was not applied.
The fact the absence of the session limit hasn’t caused any issue so
far, and hadn’t even been noticed, suggests the feature is unneeded.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Error outputs were piped to a temporary buffer that wasn’t read by
anyone, making debugging hard because errors were completely silenced.
By not explicitly redirecting stderr on proc_open, the subprocess
inherits its parent stderr.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
We usually guard such queries and have both mysql and sqlite branches.
But I have not implemented the sqlite branch. Given sqlite is typically
used for local dev setups, the fact that "users with more than the
configured max simultaneous logins" can avoid getting some logins
annulled is probably not a huge risk.
And this always *used* to fail on sqlite, silently. Now, in php 8, it
raises PDOException, which prevents running the test server
Document this as a FIXME for now, until someone reimplements the query
for sqlite.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Due to missing whitespace at the end of strings during joining, we ended
up with the query fragment
"DelTS IS NULLAND NOT PinnedTS"
which should be
"DelTS IS NULL AND NOT PinnedTS"
So the check for pinned comments > 5 likely always failed.
In php 7, a completely broken query that raises exceptions in the
database engine was silently ignored... in php 8, it raises
Uncaught PDOException: SQLSTATE[HY000]: General error: 1 near "PinnedTS": syntax error in <file>
and aborts the page building. End result: users with permission to pin
comments cannot see any comments, or indeed page content below the first
comment header
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The current package search query is quite poorly optimized and becomes a
resource hog when the offsets gets large enough. This DoSes the service.
A quick fix is to just ensure we have some limit to the number of hits
we return. The current hardcoding of 2500 is based on the following:
* 250 hits per page max
* 10 pages
We can maybe consider having it lower, but it seems easier to just have
this a multiple of 250 in the first iteration.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Do not add an opening <tbody> tag for every row. Instead, wrap all rows
in <tbody></tbody>.
While at it, also simplify the code used to color the rows.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
