tenseleyflow/shithub / 5d5cf64

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package policy_test

+

+import (

+	"context"

+	"testing"

+

+	"github.com/jackc/pgx/v5/pgtype"

+

+	"github.com/tenseleyFlow/shithub/internal/auth/policy"

+	"github.com/tenseleyFlow/shithub/internal/orgs"

+	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"

+	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"

+)

+

+const fixtureHash = "$argon2id$v=19$m=16384,t=1,p=1$" +

+	"AAAAAAAAAAAAAAAA$" +

+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

+

+// TestOrgOwner_ImplicitAdmin pins the S30 contract: an `org_members.role

+// = 'owner'` row promotes the user to RoleAdmin on every repo owned by

+// that org. Without this, an org owner can't push to their own org's

+// repos (the dogfood-blocking case).

+func TestOrgOwner_ImplicitAdmin(t *testing.T) {

+	pool := dbtest.NewTestDB(t)

+	ctx := context.Background()

+

+	creator, err := usersdb.New().CreateUser(ctx, pool, usersdb.CreateUserParams{

+		Username: "alice", DisplayName: "Alice", PasswordHash: fixtureHash,

+	})

+	if err != nil {

+		t.Fatalf("create user: %v", err)

+	}

+	deps := orgs.Deps{Pool: pool}

+	org, err := orgs.Create(ctx, deps, orgs.CreateParams{

+		Slug: "acme", DisplayName: "Acme", CreatedByUserID: creator.ID,

+	})

+	if err != nil {

+		t.Fatalf("create org: %v", err)

+	}

+	// Org-owned private repo.

+	repo, err := reposdb.New().CreateRepo(ctx, pool, reposdb.CreateRepoParams{

+		OwnerUserID:   pgtype.Int8{Valid: false},

+		OwnerOrgID:    pgtype.Int8{Int64: org.ID, Valid: true},

+		Name:          "secret",

+		DefaultBranch: "trunk",

+		Visibility:    reposdb.RepoVisibilityPrivate,

+	})

+	if err != nil {

+		t.Fatalf("create org repo: %v", err)

+	}

+	ref := policy.NewRepoRefFromRepo(repo)

+

+	actor := policy.UserActor(creator.ID, "alice", false, false)

+	pdeps := policy.Deps{Pool: pool}

+

+	// Push (write tier) must allow.

+	if got := policy.Can(ctx, pdeps, actor, policy.ActionRepoWrite, ref); !got.Allow {

+		t.Fatalf("org owner should be able to write: %+v", got)

+	}

+	// Repo-admin tier must allow.

+	if got := policy.Can(ctx, pdeps, actor, policy.ActionRepoAdmin, ref); !got.Allow {

+		t.Fatalf("org owner should be admin: %+v", got)

+	}

+

+	// A non-member must NOT see a private org repo.

+	bob, err := usersdb.New().CreateUser(ctx, pool, usersdb.CreateUserParams{

+		Username: "bob", DisplayName: "Bob", PasswordHash: fixtureHash,

+	})

+	if err != nil {

+		t.Fatalf("create bob: %v", err)

+	}

+	bobActor := policy.UserActor(bob.ID, "bob", false, false)

+	if got := policy.Can(ctx, pdeps, bobActor, policy.ActionRepoRead, ref); got.Allow {

+		t.Fatalf("non-member should not read private org repo: %+v", got)

+	}

+

+	// Member-but-not-owner must NOT get implicit admin (teams are S31).

+	if err := orgs.AddMember(ctx, deps, org.ID, bob.ID, creator.ID, "member"); err != nil {

+		t.Fatalf("add member: %v", err)

+	}

+	if got := policy.Can(ctx, pdeps, bobActor, policy.ActionRepoWrite, ref); got.Allow {

+		t.Fatalf("plain org member should NOT have implicit write: %+v", got)

+	}

+	// And read on a private org repo for a plain member is also denied

+	// today — implicit read for org members is deferred to S31 (teams).

+	if got := policy.Can(ctx, pdeps, bobActor, policy.ActionRepoRead, ref); got.Allow {

+		t.Fatalf("plain org member should NOT have implicit read on private repo: %+v", got)

+	}

+}

+//

+// Org-owned repos: every `org_members.role='owner'` of the owning org

+// is treated as an implicit admin on every org-owned repo. This is

+// the S30 owner-implicit-admin contract — without it an org owner

+// can't push to their own org's repos. Org `member` role grants no

+// implicit access; teams (S31) and direct collaboration (S15) are the

+// only paths to repo permission for non-owners.

+

+	// Org-owner check fires first because it short-circuits with admin

+	// regardless of any per-repo collaborator row. The lookup is

+	// indexed on (org_id, user_id) — same cost as the collab lookup.

+	if repo.OwnerOrgID != 0 {

+		var dbOrgRole string

+		err := d.Pool.QueryRow(ctx,

+			`SELECT role::text FROM org_members WHERE org_id = $1 AND user_id = $2`,

+			repo.OwnerOrgID, actor.UserID,

+		).Scan(&dbOrgRole)

+		if err == nil && dbOrgRole == "owner" {

+			cachePut(cache, key, RoleAdmin)

+			return RoleAdmin, nil

+		}

+		// "no rows" or member-only falls through to the collab-row

+		// lookup below.

+	}

+

+// from BOTH the light (`github`) and dark (`github-dark`) Chroma styles

+// so blob views render correctly under either theme. Each block is

+// gated by `[data-theme="…"]` (the layout sets that on <html>) so only

+// one set of rules is active per view. Without the dark variant the

+// blob viewer renders code on a light background regardless of the

+// page's theme — invisible text in dark mode.

+	light := writeStyleCSS("github")

+	dark := writeStyleCSS("github-dark")

+

+	var buf bytes.Buffer

+	buf.WriteString("/* light (default) — applies when [data-theme] is unset or 'light' */\n")

+	buf.WriteString(prefixChromaSelectors(light, `[data-theme="light"] `, ""))

+	buf.WriteString("\n/* dark */\n")

+	buf.WriteString(prefixChromaSelectors(dark, `[data-theme="dark"] `, ""))

+	return buf.String()

+}

+

+// writeStyleCSS emits Chroma's classes-mode CSS for a named style.

+// Falls back to the Fallback style when the name is unknown.

+func writeStyleCSS(name string) string {

+	style := styles.Get(name)

+// prefixChromaSelectors prefixes every selector in css with `prefix`

+// so the rule only applies under the given theme attribute. Chroma's

+// CSS rules all start with `.chroma` (or its line-number child

+// classes); we walk top-level rules and prefix each.

+//

+// `_` is a placeholder for a future per-theme suffix (e.g. !important

+// on borders) — currently unused.

+func prefixChromaSelectors(css, prefix, _ string) string {

+	var out bytes.Buffer

+	for _, raw := range splitTopLevelRules(css) {

+		rule := strings.TrimSpace(raw)

+		if rule == "" {

+			continue

+		}

+		brace := strings.IndexByte(rule, '{')

+		if brace < 0 {

+			out.WriteString(rule)

+			continue

+		}

+		selectors := rule[:brace]

+		body := rule[brace:]

+		// Selector lists like ".chroma .nx, .chroma .nf" — prefix each.

+		parts := strings.Split(selectors, ",")

+		for i, p := range parts {

+			parts[i] = prefix + strings.TrimSpace(p)

+		}

+		out.WriteString(strings.Join(parts, ", "))

+		out.WriteString(" ")

+		out.WriteString(body)

+		out.WriteByte('\n')

+	}

+	return out.String()

+}

+

+// splitTopLevelRules splits a CSS blob on `}` boundaries while

+// preserving the brace as part of the preceding rule. Chroma's output

+// has no nested rules so naive depth-1 splitting is sufficient.

+func splitTopLevelRules(css string) []string {

+	var rules []string

+	start := 0

+	depth := 0

+	for i := 0; i < len(css); i++ {

+		switch css[i] {

+		case '{':

+			depth++

+		case '}':

+			depth--

+			if depth == 0 {

+				rules = append(rules, css[start:i+1])

+				start = i + 1

+			}

+		}

+	}

+	if start < len(css) {

+		tail := strings.TrimSpace(css[start:])

+		if tail != "" {

+			rules = append(rules, tail)

+		}

+	}

+	return rules

+}

+

+-- name: GetRepoByOwnerOrgAndName :one

+-- S30: org-owner mirror of GetRepoByOwnerUserAndName. The (owner_org_id,

+-- name) partial unique index from 0017 backs this lookup with the same

+-- O(1) cost the user-side path enjoys.

+SELECT id, owner_user_id, owner_org_id, name, description, visibility,

+       default_branch, is_archived, archived_at, deleted_at,

+       disk_used_bytes, fork_of_repo_id, license_key, primary_language,

+       has_issues, has_pulls, created_at, updated_at, default_branch_oid,

+       allow_squash_merge, allow_rebase_merge, allow_merge_commit, default_merge_method,

+       star_count, watcher_count, fork_count, init_status,

+       last_indexed_oid

+FROM repos

+WHERE owner_org_id = $1 AND name = $2 AND deleted_at IS NULL;

+

+-- name: ExistsRepoForOwnerOrg :one

+SELECT EXISTS(

+    SELECT 1 FROM repos

+    WHERE owner_org_id = $1 AND name = $2 AND deleted_at IS NULL

+);

+

+-- name: ListReposForOwnerOrg :many

+SELECT id, owner_user_id, owner_org_id, name, description, visibility,

+       default_branch, is_archived, archived_at, deleted_at,

+       disk_used_bytes, fork_of_repo_id, license_key, primary_language,

+       has_issues, has_pulls, created_at, updated_at, default_branch_oid,

+       allow_squash_merge, allow_rebase_merge, allow_merge_commit, default_merge_method,

+       star_count, watcher_count, fork_count, init_status,

+       last_indexed_oid

+FROM repos

+WHERE owner_org_id = $1 AND deleted_at IS NULL

+ORDER BY updated_at DESC;

+

+	ExistsRepoForOwnerOrg(ctx context.Context, db DBTX, arg ExistsRepoForOwnerOrgParams) (bool, error)

+	// S30: org-owner mirror of GetRepoByOwnerUserAndName. The (owner_org_id,

+	// name) partial unique index from 0017 backs this lookup with the same

+	// O(1) cost the user-side path enjoys.

+	GetRepoByOwnerOrgAndName(ctx context.Context, db DBTX, arg GetRepoByOwnerOrgAndNameParams) (Repo, error)

+	ListReposForOwnerOrg(ctx context.Context, db DBTX, ownerOrgID pgtype.Int8) ([]Repo, error)

+const existsRepoForOwnerOrg = `-- name: ExistsRepoForOwnerOrg :one

+SELECT EXISTS(

+    SELECT 1 FROM repos

+    WHERE owner_org_id = $1 AND name = $2 AND deleted_at IS NULL

+)

+`

+

+type ExistsRepoForOwnerOrgParams struct {

+	OwnerOrgID pgtype.Int8

+	Name       string

+}

+

+func (q *Queries) ExistsRepoForOwnerOrg(ctx context.Context, db DBTX, arg ExistsRepoForOwnerOrgParams) (bool, error) {

+	row := db.QueryRow(ctx, existsRepoForOwnerOrg, arg.OwnerOrgID, arg.Name)

+	var exists bool

+	err := row.Scan(&exists)

+	return exists, err

+}

+

+const getRepoByOwnerOrgAndName = `-- name: GetRepoByOwnerOrgAndName :one

+SELECT id, owner_user_id, owner_org_id, name, description, visibility,

+       default_branch, is_archived, archived_at, deleted_at,

+       disk_used_bytes, fork_of_repo_id, license_key, primary_language,

+       has_issues, has_pulls, created_at, updated_at, default_branch_oid,

+       allow_squash_merge, allow_rebase_merge, allow_merge_commit, default_merge_method,

+       star_count, watcher_count, fork_count, init_status,

+       last_indexed_oid

+FROM repos

+WHERE owner_org_id = $1 AND name = $2 AND deleted_at IS NULL

+`

+

+type GetRepoByOwnerOrgAndNameParams struct {

+	OwnerOrgID pgtype.Int8

+	Name       string

+}

+

+// S30: org-owner mirror of GetRepoByOwnerUserAndName. The (owner_org_id,

+// name) partial unique index from 0017 backs this lookup with the same

+// O(1) cost the user-side path enjoys.

+func (q *Queries) GetRepoByOwnerOrgAndName(ctx context.Context, db DBTX, arg GetRepoByOwnerOrgAndNameParams) (Repo, error) {

+	row := db.QueryRow(ctx, getRepoByOwnerOrgAndName, arg.OwnerOrgID, arg.Name)

+	var i Repo

+	err := row.Scan(

+		&i.ID,

+		&i.OwnerUserID,

+		&i.OwnerOrgID,

+		&i.Name,

+		&i.Description,

+		&i.Visibility,

+		&i.DefaultBranch,

+		&i.IsArchived,

+		&i.ArchivedAt,

+		&i.DeletedAt,

+		&i.DiskUsedBytes,

+		&i.ForkOfRepoID,

+		&i.LicenseKey,

+		&i.PrimaryLanguage,

+		&i.HasIssues,

+		&i.HasPulls,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+		&i.DefaultBranchOid,

+		&i.AllowSquashMerge,

+		&i.AllowRebaseMerge,

+		&i.AllowMergeCommit,

+		&i.DefaultMergeMethod,

+		&i.StarCount,

+		&i.WatcherCount,

+		&i.ForkCount,

+		&i.InitStatus,

+		&i.LastIndexedOid,

+	)

+	return i, err

+}

+

+const listReposForOwnerOrg = `-- name: ListReposForOwnerOrg :many

+SELECT id, owner_user_id, owner_org_id, name, description, visibility,

+       default_branch, is_archived, archived_at, deleted_at,

+       disk_used_bytes, fork_of_repo_id, license_key, primary_language,

+       has_issues, has_pulls, created_at, updated_at, default_branch_oid,

+       allow_squash_merge, allow_rebase_merge, allow_merge_commit, default_merge_method,

+       star_count, watcher_count, fork_count, init_status,

+       last_indexed_oid

+FROM repos

+WHERE owner_org_id = $1 AND deleted_at IS NULL

+ORDER BY updated_at DESC

+`

+

+func (q *Queries) ListReposForOwnerOrg(ctx context.Context, db DBTX, ownerOrgID pgtype.Int8) ([]Repo, error) {

+	rows, err := db.Query(ctx, listReposForOwnerOrg, ownerOrgID)

+	if err != nil {

+		return nil, err

+	}

+	defer rows.Close()

+	items := []Repo{}

+	for rows.Next() {

+		var i Repo

+		if err := rows.Scan(

+			&i.ID,

+			&i.OwnerUserID,

+			&i.OwnerOrgID,

+			&i.Name,

+			&i.Description,

+			&i.Visibility,

+			&i.DefaultBranch,

+			&i.IsArchived,

+			&i.ArchivedAt,

+			&i.DeletedAt,

+			&i.DiskUsedBytes,

+			&i.ForkOfRepoID,

+			&i.LicenseKey,

+			&i.PrimaryLanguage,

+			&i.HasIssues,

+			&i.HasPulls,

+			&i.CreatedAt,

+			&i.UpdatedAt,

+			&i.DefaultBranchOid,

+			&i.AllowSquashMerge,

+			&i.AllowRebaseMerge,

+			&i.AllowMergeCommit,

+			&i.DefaultMergeMethod,

+			&i.StarCount,

+			&i.WatcherCount,

+			&i.ForkCount,

+			&i.InitStatus,

+			&i.LastIndexedOid,

+		); err != nil {

+			return nil, err

+		}

+		items = append(items, i)

+	}

+	if err := rows.Err(); err != nil {

+		return nil, err

+	}

+	return items, nil

+}

+

+		"RepoCounts":    h.subnavCounts(r.Context(), cc.row.ID, cc.row.ForkCount),

+		"CanSettings":   h.canViewSettings(middleware.CurrentUserFromContext(r.Context())),

+		"ActiveSubnav":  "code",

+		"Title":        cc.subpath + " · " + cc.row.Name,

+		"CSRFToken":    middleware.CSRFTokenForRequest(r),

+		"Owner":        cc.owner,

+		"Repo":         cc.row,

+		"Ref":          cc.ref,

+		"Path":         cc.subpath,

+		"Crumbs":       breadcrumbs(cc.owner, cc.row.Name, cc.ref, cc.subpath),

+		"Branches":     cc.refs.Branches,

+		"Tags":         cc.refs.Tags,

+		"Size":         size,

+		"IsLarge":      size > largeFileThreshold,

+		"IsBinary":     false,

+		"IsImage":      false,

+		"IsMarkdown":   false,

+		"Language":     highlight.LanguageGuess(cc.subpath),

+		"RepoCounts":   h.subnavCounts(r.Context(), cc.row.ID, cc.row.ForkCount),

+		"CanSettings":  h.canViewSettings(middleware.CurrentUserFromContext(r.Context())),

+		"ActiveSubnav": "code",

+		"Title":        "Forks · " + row.Name,

+		"Owner":        ownerName,

+		"Repo":         row,

+		"Forks":        visible,

+		"Total":        total,

+		"Page":         page,

+		"HasNext":      int64(page*pageSize) < total,

+		"HasPrev":      page > 1,

+		"RepoCounts":   h.subnavCounts(r.Context(), row.ID, row.ForkCount),

+		"CanSettings":  h.canViewSettings(middleware.CurrentUserFromContext(r.Context())),

+		"ActiveSubnav": "forks",

+		"Title":        "Issues · " + row.Name,

+		"Owner":        owner.Username,

+		"Repo":         row,

+		"Items":        items,

+		"State":        stateFilter,

+		"OpenCount":    openCount,

+		"ClosedCount":  closedCount,

+		"Total":        total,

+		"Page":         page,

+		"PerPage":      perPage,

+		"CSRFToken":    middleware.CSRFTokenForRequest(r),

+		"RepoCounts":   h.subnavCounts(r.Context(), row.ID, row.ForkCount),

+		"CanSettings":  h.canViewSettings(middleware.CurrentUserFromContext(r.Context())),

+		"ActiveSubnav": "issues",

+		"Title":        "Pull requests · " + row.Name,

+		"Owner":        owner.Username,

+		"Repo":         row,

+		"Items":        items,

+		"State":        state,

+		"OpenCount":    openCount,

+		"ClosedCount":  closedCount,

+		"Page":         page,

+		"CSRFToken":    middleware.CSRFTokenForRequest(r),

+		"RepoCounts":   h.subnavCounts(r.Context(), row.ID, row.ForkCount),

+		"CanSettings":  h.canViewSettings(middleware.CurrentUserFromContext(r.Context())),

+		"ActiveSubnav": "pulls",

+	"github.com/tenseleyFlow/shithub/internal/orgs"

+		"RepoCounts":    h.subnavCounts(r.Context(), row.ID, row.ForkCount),

+		"CanSettings":   h.canViewSettings(middleware.CurrentUserFromContext(r.Context())),

+		"ActiveSubnav":  "code",

+//

+// Owner kind is dispatched via principals: ownerName resolves to

+// either a user_id or an org_id via the same single-source-of-truth

+// table that drives /{slug} routing. Both kinds resolve through the

+// same indexed lookup so the cost is identical.

+	principal, err := orgs.Resolve(ctx, h.d.Pool, ownerName)

+		return reposdb.Repo{}, pgx.ErrNoRows

+	}

+	var row reposdb.Repo

+	switch principal.Kind {

+	case orgs.PrincipalUser:

+		row, err = h.rq.GetRepoByOwnerUserAndName(ctx, h.d.Pool, reposdb.GetRepoByOwnerUserAndNameParams{

+			OwnerUserID: pgtype.Int8{Int64: principal.ID, Valid: true},

+			Name:        repoName,

+		})

+	case orgs.PrincipalOrg:

+		row, err = h.rq.GetRepoByOwnerOrgAndName(ctx, h.d.Pool, reposdb.GetRepoByOwnerOrgAndNameParams{

+			OwnerOrgID: pgtype.Int8{Int64: principal.ID, Valid: true},

+			Name:       repoName,

+		})

+	default:

+		return reposdb.Repo{}, pgx.ErrNoRows

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package repo

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5/pgtype"

+

+	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+)

+

+// repoSubnavData is the shape the `repo-subnav` partial reads. Counts

+// are best-effort: a query failure collapses to zero so the nav still

+// renders. The `CanSettings` flag is a UX hint — the actual permission

+// check happens inside the settings handler via policy.Can.

+type repoSubnavData struct {

+	Issues int64

+	Pulls  int64

+	Forks  int64

+}

+

+// subnavCounts returns issue / PR / fork counts for the repo's

+// header subnav. Counts are visibility-aware via the underlying

+// queries (issues + pulls live in the same row table; the count

+// query honors the issue_kind discriminator so closed counts and

+// PR counts don't bleed into the issue badge).

+func (h *Handlers) subnavCounts(ctx context.Context, repoID, forkCount int64) repoSubnavData {

+	out := repoSubnavData{Forks: forkCount}

+	openText := pgtype.Text{String: "open", Valid: true}

+	if n, err := h.iq.CountIssues(ctx, h.d.Pool, issuesdb.CountIssuesParams{

+		RepoID:      repoID,

+		StateFilter: openText,

+		Kind:        issuesdb.NullIssueKind{IssueKind: issuesdb.IssueKindIssue, Valid: true},

+	}); err == nil {

+		out.Issues = n

+	}

+	if n, err := h.iq.CountIssues(ctx, h.d.Pool, issuesdb.CountIssuesParams{

+		RepoID:      repoID,

+		StateFilter: openText,

+		Kind:        issuesdb.NullIssueKind{IssueKind: issuesdb.IssueKindPr, Valid: true},

+	}); err == nil {

+		out.Pulls = n

+	}

+	return out

+}

+

+// canViewSettings reports whether the viewer should see the Settings

+// tab. We surface it for any logged-in user who could plausibly have

+// admin (the actual gate is server-side); for anonymous viewers we

+// hide it.

+func (h *Handlers) canViewSettings(viewer middleware.CurrentUser) bool {

+	return !viewer.IsAnonymous()

+}

+/* Repo subnav (S30 polish): GitHub-style Code / Issues / Pulls / Settings tabs. */

+.shithub-repo-page-head {

+  margin-bottom: 0.25rem;

+}

+.shithub-repo-page-title { font-size: 1.4rem; margin: 0.5rem 0; display: flex; align-items: center; gap: 0.4rem; flex-wrap: wrap; }

+.shithub-repo-page-title a { color: var(--accent-fg, #4493f8); }

+.shithub-repo-subnav {

+  display: flex;

+  gap: 0.25rem;

+  margin: 0 0 1.25rem;

+  border-bottom: 1px solid var(--border-default);

+  flex-wrap: wrap;

+}

+.shithub-repo-subnav-tab {

+  display: inline-flex;

+  align-items: center;

+  gap: 0.4rem;

+  padding: 0.55rem 0.85rem;

+  color: var(--fg-default);

+  border-bottom: 2px solid transparent;

+  font-size: 0.9rem;

+  text-decoration: none;

+  position: relative;

+  bottom: -1px;

+}

+.shithub-repo-subnav-tab:hover { background: var(--canvas-subtle); border-radius: 6px 6px 0 0; }

+.shithub-repo-subnav-tab.is-active { border-bottom-color: var(--accent-emphasis, #fd8c73); font-weight: 600; }

+

+{{ define "repo-subnav" -}}

+<nav class="shithub-repo-subnav" aria-label="Repository sections">

+  <a href="/{{ .Owner }}/{{ .Repo.Name }}" class="shithub-repo-subnav-tab{{ if eq .ActiveSubnav "code" }} is-active{{ end }}">

+    {{ octicon "directory" }} Code

+  </a>

+  <a href="/{{ .Owner }}/{{ .Repo.Name }}/issues" class="shithub-repo-subnav-tab{{ if eq .ActiveSubnav "issues" }} is-active{{ end }}">

+    {{ octicon "alert" }} Issues

+    {{ with .RepoCounts.Issues }}<span class="shithub-tab-count">{{ . }}</span>{{ end }}

+  </a>

+  <a href="/{{ .Owner }}/{{ .Repo.Name }}/pulls" class="shithub-repo-subnav-tab{{ if eq .ActiveSubnav "pulls" }} is-active{{ end }}">

+    {{ octicon "submodule" }} Pull requests

+    {{ with .RepoCounts.Pulls }}<span class="shithub-tab-count">{{ . }}</span>{{ end }}

+  </a>

+  <a href="/{{ .Owner }}/{{ .Repo.Name }}/forks" class="shithub-repo-subnav-tab{{ if eq .ActiveSubnav "forks" }} is-active{{ end }}">

+    {{ octicon "submodule" }} Forks

+    {{ with .RepoCounts.Forks }}<span class="shithub-tab-count">{{ . }}</span>{{ end }}

+  </a>

+  {{ if .CanSettings }}

+  <a href="/{{ .Owner }}/{{ .Repo.Name }}/settings" class="shithub-repo-subnav-tab{{ if eq .ActiveSubnav "settings" }} is-active{{ end }}">

+    {{ octicon "directory" }} Settings

+  </a>

+  {{ end }}

+</nav>

+{{- end }}

+<section class="shithub-repo-page">

+  <header class="shithub-repo-page-head">

+    <h1 class="shithub-repo-page-title">

+      <a href="/{{ .Owner }}">{{ .Owner }}</a>

+      <span class="shithub-code-sep">/</span>

+      <a href="/{{ .Owner }}/{{ .Repo.Name }}">{{ .Repo.Name }}</a>

+      {{ if eq (printf "%s" .Repo.Visibility) "private" }}<span class="shithub-pill shithub-pill-private">private</span>{{ else }}<span class="shithub-pill">public</span>{{ end }}

+    </h1>

+  </header>

+  {{ template "repo-subnav" . }}

+</section>

+<section class="shithub-repo-page">

+  <header class="shithub-repo-page-head">

+    <h1 class="shithub-repo-page-title">

+      <a href="/{{ .Owner }}">{{ .Owner }}</a>

+      <a href="/{{ .Owner }}/{{ .Repo.Name }}">{{ .Repo.Name }}</a>

+      {{ if eq (printf "%s" .Repo.Visibility) "private" }}<span class="shithub-pill shithub-pill-private">private</span>{{ else }}<span class="shithub-pill">public</span>{{ end }}

+  </header>

+  {{ template "repo-subnav" . }}

+<section class="shithub-issues">

+  <header class="shithub-issues-head">

+    <h1>Issues</h1>

+</section>

+<section class="shithub-repo-page">

+  <header class="shithub-repo-page-head">

+    <h1 class="shithub-repo-page-title">

+      <a href="/{{ .Owner }}">{{ .Owner }}</a>

+      <a href="/{{ .Owner }}/{{ .Repo.Name }}">{{ .Repo.Name }}</a>

+      {{ if eq (printf "%s" .Repo.Visibility) "private" }}<span class="shithub-pill shithub-pill-private">private</span>{{ else }}<span class="shithub-pill">public</span>{{ end }}

+  </header>

+  {{ template "repo-subnav" . }}

+<section class="shithub-pulls">

+  <header class="shithub-issues-head">

+    <h1>Pull requests</h1>

+</section>

+<section class="shithub-repo-page">

+  <header class="shithub-repo-page-head">

+    <h1 class="shithub-repo-page-title">

+      <a href="/{{ .Owner }}">{{ .Owner }}</a>

+      <span class="shithub-code-sep">/</span>

+      <a href="/{{ .Owner }}/{{ .Repo.Name }}">{{ .Repo.Name }}</a>

+      {{ if eq (printf "%s" .Repo.Visibility) "private" }}<span class="shithub-pill shithub-pill-private">private</span>{{ else }}<span class="shithub-pill">public</span>{{ end }}

+    </h1>

+  </header>

+  {{ template "repo-subnav" . }}

+

+  </section>