feat(ui): create repo-specific access tokens (#11696)

Adds a user interface for creating repo-specific access tokens (#11311). When the new option "Specific repositories" is selected, a search option appears. Each repository in the search result has an "Add" button to include it on the access token, and once included, a repository can be removed with the "Remove" button. This is a JS-free form. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Tests for JavaScript changes - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/ README.md#end-to-end-tests)). - Technically there are no "JavaScript changes" in this PR, but e2e tests were added for browser interaction testing. ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - TODO: planning to create documentation in https://forgejo.org/docs/next/user/token-scope/; there is none for public only tokens but I think this seems like a good place to add both. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11696 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2026-03-23 15:29:08 +01:00 · 2026-03-23 15:29:08 +01:00 · 35b872f383
commit 35b872f383
parent bdbd0b5622
15 changed files with 798 additions and 95 deletions
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@ -188,6 +188,9 @@ type SearchRepoOptions struct {
 	OnlyShowRelevant bool
 	// Filters repositories based upon optional authorization restrictions.
 	AuthorizationReducer RepositoryAuthorizationReducer
+	// Retrieve multiple repositories by their owner name & repository name, similar to [GetRepositoryByOwnerAndName]
+	// but in bulk.
+	OwnerAndName [][2]string
 }

 // UserOwnedRepoCond returns user ownered repositories
@ -495,6 +498,26 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		cond = cond.And(opts.AuthorizationReducer.RepoReadAccessFilter())
 	}

+	if opts.OwnerAndName != nil {
+		if len(opts.OwnerAndName) > 0 {
+			// repository is indexed on `(owner_id, lower_name)`, but not on the `owner_name` field.  Plus the `owner_name`
+			// field isn't ToLower'd.  So this becomes a subquery:
+			subQuery := builder.Select("inner_repo.id").From("repository", "inner_repo").
+				Join("INNER", "`user`", "`user`.id = inner_repo.owner_id")
+			for _, ownerAndName := range opts.OwnerAndName {
+				subQuery.Or(builder.Eq{
+					"`user`.lower_name":     strings.ToLower(ownerAndName[0]),
+					"inner_repo.lower_name": strings.ToLower(ownerAndName[1]),
+				})
+			}
+			cond = cond.And(builder.In("id", subQuery))
+		} else {
+			// If opts.OwnerAndName is a non-nil, empty array, then we want to return zero repositories.  The loop to
+			// build the `Eq` conditions wouldn't occur, so we would have no filtering if this wasn't special-case'd.
+			cond = cond.And(builder.Eq{"1": "2"})
+		}
+	}
+
 	return cond
 }

--- a/models/repo/repo_list_test.go
+++ b/models/repo/repo_list_test.go
@ -179,6 +179,26 @@ func getTestCases() []struct {
 			opts:  &repo_model.SearchRepoOptions{Keyword: "user20/", ListOptions: db.ListOptions{Page: 1, PageSize: 10}, Private: true, OwnerID: 0},
 			count: 4,
 		},
+		{
+			name:  "OwnerAndName Single",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{{"user15", "big_test_public_1"}}},
+			count: 1,
+		},
+		{
+			name:  "OwnerAndName Multiple",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{{"user15", "big_test_public_1"}, {"user15", "big_test_public_2"}}},
+			count: 2,
+		},
+		{
+			name:  "OwnerAndName Miss",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{{"user15", "big_test_public_1"}, {"user15", "blah blah"}}},
+			count: 1,
+		},
+		{
+			name:  "OwnerAndName Empty",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{}},
+			count: 0,
+		},
 	}

 	return testCases