rhodecode-enterprise-ce Files · rhodecode/templates/email_templates/pull_request_comment.mako

security: fixed issues with exposing repository names using global PR redirection link...

security: fixed issues with exposing repository names using global PR redirection link logic. - Since redirect was created to repository which linked to the PR, users who didn't have permissions to those repos could still see the name in the url generated.

dan - - Load All Authors

File last commit:

r4038:4a4a02a9 default


                r4044:573a1043

default

Download file

             pull_request_comment.mako
        
                    191 lines
            
             | 6.3 KiB
            
                | application/x-mako
            
             |
                MakoHtmlLexer
            
             / rhodecode / templates / email_templates / pull_request_comment.mako
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      ## -*- coding: utf-8 -*-

      <%inherit file="base.mako"/>

      <%namespace name="base" file="base.mako"/>

      ## EMAIL SUBJECT

      <%def name="subject()" filter="n,trim,whitespace_filter">

      <%

      data = {

          'user': '@'+h.person(user),

          'repo_name': repo_name,

          'status': status_change,

          'comment_file': comment_file,

          'comment_line': comment_line,

          'comment_type': comment_type,

          'pr_title': pull_request.title,

          'pr_id': pull_request.pull_request_id,

      }

      %>

      % if comment_file:

          ${(_('[mention]') if mention else '')} ${_('{user} left a {comment_type} on file `{comment_file}` in pull request !{pr_id}: "{pr_title}"').format(**data) |n}

      % else:

          % if status_change:

          ${(_('[mention]') if mention else '')} ${_('[status: {status}] {user} left a {comment_type} on pull request !{pr_id}: "{pr_title}"').format(**data) |n}

          % else:

          ${(_('[mention]') if mention else '')} ${_('{user} left a {comment_type} on pull request !{pr_id}: "{pr_title}"').format(**data) |n}

          % endif

      % endif

      </%def>

      ## PLAINTEXT VERSION OF BODY

      <%def name="body_plaintext()" filter="n,trim">

      <%

      data = {

          'user': h.person(user),

          'repo_name': repo_name,

          'status': status_change,

          'comment_file': comment_file,

          'comment_line': comment_line,

          'comment_type': comment_type,

          'pr_title': pull_request.title,

          'pr_id': pull_request.pull_request_id,

          'source_ref_type': pull_request.source_ref_parts.type,

          'source_ref_name': pull_request.source_ref_parts.name,

          'target_ref_type': pull_request.target_ref_parts.type,

          'target_ref_name': pull_request.target_ref_parts.name,

          'source_repo': pull_request_source_repo.repo_name,

          'target_repo': pull_request_target_repo.repo_name,

          'source_repo_url': pull_request_source_repo_url,

          'target_repo_url': pull_request_target_repo_url,

      }

      %>

      ${h.literal(_('Pull request !{pr_id}: `{pr_title}`').format(**data))}

      * ${h.literal(_('Commit flow: {source_ref_type}:{source_ref_name} of {source_repo_url} into {target_ref_type}:{target_ref_name} of {target_repo_url}').format(**data))}

      * ${_('Comment link')}: ${pr_comment_url}

      %if status_change and not closing_pr:

      * ${_('{user} submitted pull request !{pr_id} status: *{status}*').format(**data)}

      %elif status_change and closing_pr:

      * ${_('{user} submitted pull request !{pr_id} status: *{status} and closed*').format(**data)}

      %endif

      %if comment_file:

      * ${_('File: {comment_file} on line {comment_line}').format(**data)}

      %endif

      % if comment_type == 'todo':

      ${_('`TODO` comment')}:

      % else:

      ${_('`Note` comment')}:

      % endif

      ${comment_body |n, trim}

      ---

      ${self.plaintext_footer()}

      </%def>

      <%

      data = {

          'user': h.person(user),

          'comment_file': comment_file,

          'comment_line': comment_line,

          'comment_type': comment_type,

          'renderer_type': renderer_type or 'plain',

          'pr_title': pull_request.title,

          'pr_id': pull_request.pull_request_id,

          'status': status_change,

          'source_ref_type': pull_request.source_ref_parts.type,

          'source_ref_name': pull_request.source_ref_parts.name,

          'target_ref_type': pull_request.target_ref_parts.type,

          'target_ref_name': pull_request.target_ref_parts.name,

          'source_repo': pull_request_source_repo.repo_name,

          'target_repo': pull_request_target_repo.repo_name,

          'source_repo_url': h.link_to(pull_request_source_repo.repo_name, pull_request_source_repo_url),

          'target_repo_url': h.link_to(pull_request_target_repo.repo_name, pull_request_target_repo_url),

      }

      %>

      <table style="text-align:left;vertical-align:middle;width: 100%">

          <tr>

          <td style="width:100%;border-bottom:1px solid #dbd9da;">

              <h4 style="margin: 0">

                  <div style="margin-bottom: 4px; color:#7E7F7F">

                      @${h.person(user.username)}

                  </div>

                  ${_('left a')}

                  <a href="${pr_comment_url}" style="${base.link_css()}">

                      % if comment_file:

                          ${_('{comment_type} on file `{comment_file}` in pull request.').format(**data)}

                      % else:

                          ${_('{comment_type} on pull request.').format(**data) |n}

                      % endif

                  </a>

                  <div style="margin-top: 10px"></div>

                  ${_('Pull request')} <code>!${data['pr_id']}: ${data['pr_title']}</code>

              </h4>

          </td>

          </tr>

      </table>

      <table style="text-align:left;vertical-align:middle;width: 100%">

          ## spacing def

          <tr>

              <td style="width: 130px"></td>

              <td></td>

          </tr>

          % if status_change:

          <tr>

              <td style="padding-right:20px;">${_('Review Status')}:</td>

              <td>

                  % if closing_pr:

                     ${_('Closed pull request with status')}: ${base.status_text(status_change, tag_type=status_change_type)}

                  % else:

                     ${_('Submitted review status')}: ${base.status_text(status_change, tag_type=status_change_type)}

                  % endif

              </td>

          </tr>

          % endif

          <tr>

              <td style="padding-right:20px;line-height:20px;">${_('Commit Flow')}:</td>

              <td style="line-height:20px;">

                  ${base.tag_button('{}:{}'.format(data['source_ref_type'], pull_request.source_ref_parts.name))} ${_('of')} ${data['source_repo_url']}

                  &rarr;

                  ${base.tag_button('{}:{}'.format(data['target_ref_type'], pull_request.target_ref_parts.name))} ${_('of')}  ${data['target_repo_url']}

              </td>

          </tr>

          <tr>

              <td style="padding-right:20px;">${_('Pull request')}:</td>

              <td>

                  <a href="${pull_request_url}" style="${base.link_css()}">

                  !${pull_request.pull_request_id}

                  </a>

              </td>

          </tr>

          % if comment_file:

              <tr>

                  <td style="padding-right:20px;">${_('File')}:</td>

                  <td><a href="${pr_comment_url}" style="${base.link_css()}">${_('`{comment_file}` on line {comment_line}').format(**data)}</a></td>

              </tr>

          % endif

          <tr style="background-image: linear-gradient(to right, black 33%, rgba(255,255,255,0) 0%);background-position: bottom;background-size: 3px 1px;background-repeat: repeat-x;">

              <td colspan="2" style="padding-right:20px;">

                  % if comment_type == 'todo':

                      ${_('`TODO` comment')}:

                  % else:

                      ${_('`Note` comment')}:

                  % endif

              </td>

          </tr>

          <td colspan="2" style="background: #F7F7F7">${h.render(comment_body, renderer=data['renderer_type'], mentions=True)}</td>

          </tr>

      </table>

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				## -- coding: utf-8 --
				<%inherit file="base.mako"/>
				<%namespace name="base" file="base.mako"/>

				## EMAIL SUBJECT
				<%def name="subject()" filter="n,trim,whitespace_filter">
				<%
				data = {
				'user': '@'+h.person(user),
				'repo_name': repo_name,
				'status': status_change,
				'comment_file': comment_file,
				'comment_line': comment_line,
				'comment_type': comment_type,

				'pr_title': pull_request.title,
				'pr_id': pull_request.pull_request_id,
				}
				%>


				% if comment_file:
				${(_('[mention]') if mention else '')} ${_('{user} left a {comment_type} on file `{comment_file}` in pull request !{pr_id}: "{pr_title}"').format(**data) \|n}
				% else:
				% if status_change:
				${(_('[mention]') if mention else '')} ${_('[status: {status}] {user} left a {comment_type} on pull request !{pr_id}: "{pr_title}"').format(**data) \|n}
				% else:
				${(_('[mention]') if mention else '')} ${_('{user} left a {comment_type} on pull request !{pr_id}: "{pr_title}"').format(**data) \|n}
				% endif
				% endif

				</%def>

				## PLAINTEXT VERSION OF BODY
				<%def name="body_plaintext()" filter="n,trim">
				<%
				data = {
				'user': h.person(user),
				'repo_name': repo_name,
				'status': status_change,
				'comment_file': comment_file,
				'comment_line': comment_line,
				'comment_type': comment_type,

				'pr_title': pull_request.title,
				'pr_id': pull_request.pull_request_id,
				'source_ref_type': pull_request.source_ref_parts.type,
				'source_ref_name': pull_request.source_ref_parts.name,
				'target_ref_type': pull_request.target_ref_parts.type,
				'target_ref_name': pull_request.target_ref_parts.name,
				'source_repo': pull_request_source_repo.repo_name,
				'target_repo': pull_request_target_repo.repo_name,
				'source_repo_url': pull_request_source_repo_url,
				'target_repo_url': pull_request_target_repo_url,
				}
				%>

				${h.literal(_('Pull request !{pr_id}: `{pr_title}`').format(**data))}

				* ${h.literal(_('Commit flow: {source_ref_type}:{source_ref_name} of {source_repo_url} into {target_ref_type}:{target_ref_name} of {target_repo_url}').format(**data))}

				* ${_('Comment link')}: ${pr_comment_url}

				%if status_change and not closing_pr:
				* ${_('{user} submitted pull request !{pr_id} status: {status}').format(**data)}

				%elif status_change and closing_pr:
				* ${_('{user} submitted pull request !{pr_id} status: {status} and closed').format(**data)}

				%endif
				%if comment_file:
				* ${_('File: {comment_file} on line {comment_line}').format(**data)}

				%endif
				% if comment_type == 'todo':
				${_('`TODO` comment')}:
				% else:
				${_('`Note` comment')}:
				% endif

				${comment_body \|n, trim}

				---
				${self.plaintext_footer()}
				</%def>


				<%
				data = {
				'user': h.person(user),
				'comment_file': comment_file,
				'comment_line': comment_line,
				'comment_type': comment_type,
				'renderer_type': renderer_type or 'plain',

				'pr_title': pull_request.title,
				'pr_id': pull_request.pull_request_id,
				'status': status_change,
				'source_ref_type': pull_request.source_ref_parts.type,
				'source_ref_name': pull_request.source_ref_parts.name,
				'target_ref_type': pull_request.target_ref_parts.type,
				'target_ref_name': pull_request.target_ref_parts.name,
				'source_repo': pull_request_source_repo.repo_name,
				'target_repo': pull_request_target_repo.repo_name,
				'source_repo_url': h.link_to(pull_request_source_repo.repo_name, pull_request_source_repo_url),
				'target_repo_url': h.link_to(pull_request_target_repo.repo_name, pull_request_target_repo_url),
				}
				%>

				<table style="text-align:left;vertical-align:middle;width: 100%">
				<tr>
				<td style="width:100%;border-bottom:1px solid #dbd9da;">

				<h4 style="margin: 0">
				<div style="margin-bottom: 4px; color:#7E7F7F">
				@${h.person(user.username)}
				</div>
				${_('left a')}
				<a href="${pr_comment_url}" style="${base.link_css()}">
				% if comment_file:
				${_('{comment_type} on file `{comment_file}` in pull request.').format(**data)}
				% else:
				${_('{comment_type} on pull request.').format(**data) \|n}
				% endif
				</a>
				<div style="margin-top: 10px"></div>
				${_('Pull request')} <code>!${data['pr_id']}: ${data['pr_title']}</code>
				</h4>

				</td>
				</tr>

				</table>

				<table style="text-align:left;vertical-align:middle;width: 100%">

				## spacing def
				<tr>
				<td style="width: 130px"></td>
				<td></td>
				</tr>

				% if status_change:
				<tr>
				<td style="padding-right:20px;">${_('Review Status')}:</td>
				<td>
				% if closing_pr:
				${_('Closed pull request with status')}: ${base.status_text(status_change, tag_type=status_change_type)}
				% else:
				${_('Submitted review status')}: ${base.status_text(status_change, tag_type=status_change_type)}
				% endif
				</td>
				</tr>
				% endif

				<tr>
				<td style="padding-right:20px;line-height:20px;">${_('Commit Flow')}:</td>
				<td style="line-height:20px;">
				${base.tag_button('{}:{}'.format(data['source_ref_type'], pull_request.source_ref_parts.name))} ${_('of')} ${data['source_repo_url']}
				→
				${base.tag_button('{}:{}'.format(data['target_ref_type'], pull_request.target_ref_parts.name))} ${_('of')} ${data['target_repo_url']}
				</td>
				</tr>
				<tr>
				<td style="padding-right:20px;">${_('Pull request')}:</td>
				<td>
				<a href="${pull_request_url}" style="${base.link_css()}">
				!${pull_request.pull_request_id}
				</a>
				</td>
				</tr>
				% if comment_file:
				<tr>
				<td style="padding-right:20px;">${_('File')}:</td>
				<td><a href="${pr_comment_url}" style="${base.link_css()}">${_('`{comment_file}` on line {comment_line}').format(**data)}</a></td>
				</tr>
				% endif

				<tr style="background-image: linear-gradient(to right, black 33%, rgba(255,255,255,0) 0%);background-position: bottom;background-size: 3px 1px;background-repeat: repeat-x;">
				<td colspan="2" style="padding-right:20px;">
				% if comment_type == 'todo':
				${_('`TODO` comment')}:
				% else:
				${_('`Note` comment')}:
				% endif
				</td>
				</tr>

				<td colspan="2" style="background: #F7F7F7">${h.render(comment_body, renderer=data['renderer_type'], mentions=True)}</td>
				</tr>
				</table>