diff --git a/patches/0001-BLENDER-Blender-ID-goth-provider.patch b/patches/0001-BLENDER-Blender-ID-goth-provider.patch
index 7864f9aca784b..1bc89684b2411 100644
--- a/patches/0001-BLENDER-Blender-ID-goth-provider.patch
+++ b/patches/0001-BLENDER-Blender-ID-goth-provider.patch
@@ -1,7 +1,7 @@
-From e9a48aadbffbb3002311cc6e947053030ee9ecc5 Mon Sep 17 00:00:00 2001
+From 2a38c0ff763476a3bfbabe2a9b0431a13bde947e Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 13:28:51 +0200
-Subject: [PATCH 01/18] BLENDER: Blender ID goth provider
+Subject: [PATCH 01/17] BLENDER: Blender ID goth provider
 
 Provider authored by Matti Ranta and Arnd Marijnissen.
 ---
@@ -25,11 +25,11 @@ Provider authored by Matti Ranta and Arnd Marijnissen.
  create mode 100644 services/auth/source/oauth2/blenderid/session_test.go
 
 diff --git a/go.mod b/go.mod
-index 1ca481e073..086701b536 100644
+index f6d079dbbb..683ce90aa8 100644
 --- a/go.mod
 +++ b/go.mod
 @@ -257,6 +257,7 @@ require (
- 	github.com/mmcloughlin/avo v0.6.0 // indirect
+ 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
  	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
  	github.com/modern-go/reflect2 v1.0.2 // indirect
 +	github.com/mozillazg/go-unidecode v0.2.0 // indirect
@@ -37,10 +37,10 @@ index 1ca481e073..086701b536 100644
  	github.com/mschoch/smat v0.2.0 // indirect
  	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 diff --git a/go.sum b/go.sum
-index ebf40cb628..aed57d8836 100644
+index 9b200cc2d9..2bc60270c1 100644
 --- a/go.sum
 +++ b/go.sum
-@@ -589,6 +589,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
+@@ -590,6 +590,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
  github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
  github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
  github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
diff --git a/patches/0002-BLENDER-Show-warning-for-target-branch-switching.patch b/patches/0002-BLENDER-Show-warning-for-target-branch-switching.patch
index a231920b2b302..4242cbcecf5ca 100644
--- a/patches/0002-BLENDER-Show-warning-for-target-branch-switching.patch
+++ b/patches/0002-BLENDER-Show-warning-for-target-branch-switching.patch
@@ -1,14 +1,14 @@
-From 928a045c583cc4f0c631925e848a81446728f52b Mon Sep 17 00:00:00 2001
+From f7e10e1b5bf2cb41fa9423ddfff56ab11431a102 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 13:31:35 +0200
-Subject: [PATCH 02/18] BLENDER: Show warning for target branch switching
+Subject: [PATCH 02/17] BLENDER: Show warning for target branch switching
 
 ---
  templates/repo/issue/view_title.tmpl | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
-index 7bb00ff9a9..19a4331883 100644
+index b8f28dfd9b..27be7ed334 100644
 --- a/templates/repo/issue/view_title.tmpl
 +++ b/templates/repo/issue/view_title.tmpl
 @@ -118,6 +118,7 @@
diff --git a/patches/0003-BLENDER-Workaround-LFS-files-not-being-available-in-.patch b/patches/0003-BLENDER-Workaround-LFS-files-not-being-available-in-.patch
index 55a1bdb60ef98..a66ecd74772e8 100644
--- a/patches/0003-BLENDER-Workaround-LFS-files-not-being-available-in-.patch
+++ b/patches/0003-BLENDER-Workaround-LFS-files-not-being-available-in-.patch
@@ -1,7 +1,7 @@
-From e19c11cbfe0e7f278aae17cd512560cfc237c00d Mon Sep 17 00:00:00 2001
+From 8d9d04e240a0c42a20c5d96c4f20d15e620f966c Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 13:32:53 +0200
-Subject: [PATCH 03/18] BLENDER: Workaround LFS files not being available in
+Subject: [PATCH 03/17] BLENDER: Workaround LFS files not being available in
  pull requests
 
 Patch taken from issue number 17715, associating the LFS pointer when the
@@ -25,10 +25,10 @@ index bb6361050a..83a2e7883d 100644
  		return count > 0, err
  	}
 diff --git a/services/lfs/server.go b/services/lfs/server.go
-index c4866edaab..1fa2b7a67f 100644
+index 0a99287ed9..40456cbbbb 100644
 --- a/services/lfs/server.go
 +++ b/services/lfs/server.go
-@@ -253,6 +253,26 @@ func BatchHandler(ctx *context.Context) {
+@@ -254,6 +254,26 @@ func BatchHandler(ctx *context.Context) {
  			responseObject = buildObjectResponse(rc, p, false, !exists, err)
  		} else {
  			var err *lfs_module.ObjectError
diff --git a/patches/0004-BLENDER-Don-t-allow-assigning-large-teams-as-reviewe.patch b/patches/0004-BLENDER-Don-t-allow-assigning-large-teams-as-reviewe.patch
index badb1348c9eff..3ec238131c4e4 100644
--- a/patches/0004-BLENDER-Don-t-allow-assigning-large-teams-as-reviewe.patch
+++ b/patches/0004-BLENDER-Don-t-allow-assigning-large-teams-as-reviewe.patch
@@ -1,7 +1,7 @@
-From a0a9521bb42deea2ca46a65f64ddc95a5db795f3 Mon Sep 17 00:00:00 2001
+From 7893019d4203913b0e75b0e4debc599054969125 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 13:33:32 +0200
-Subject: [PATCH 04/18] BLENDER: Don't allow assigning large teams as reviewers
+Subject: [PATCH 04/17] BLENDER: Don't allow assigning large teams as reviewers
 
 To avoid accidentally spamming hundreds of people.
 ---
@@ -11,10 +11,10 @@ To avoid accidentally spamming hundreds of people.
  3 files changed, 19 insertions(+), 3 deletions(-)
 
 diff --git a/models/organization/team.go b/models/organization/team.go
-index fb7f0c0493..be56a0428e 100644
+index 7f3a9b3829..f0717faf2e 100644
 --- a/models/organization/team.go
 +++ b/models/organization/team.go
-@@ -272,3 +272,19 @@ func IncrTeamRepoNum(ctx context.Context, teamID int64) error {
+@@ -247,3 +247,19 @@ func IncrTeamRepoNum(ctx context.Context, teamID int64) error {
  	_, err := db.GetEngine(ctx).Incr("num_repos").ID(teamID).Update(new(Team))
  	return err
  }
@@ -35,10 +35,10 @@ index fb7f0c0493..be56a0428e 100644
 +	return smallTeams, nil
 +}
 diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
-index 5397411b59..abf7f457e9 100644
+index a4747964c6..97086a363b 100644
 --- a/routers/web/repo/issue.go
 +++ b/routers/web/repo/issue.go
-@@ -661,13 +661,13 @@ func handleMentionableAssigneesAndTeams(ctx *context.Context, assignees []*user_
+@@ -673,13 +673,13 @@ func handleMentionableAssigneesAndTeams(ctx *context.Context, assignees []*user_
  	}
  
  	if isAdmin {
diff --git a/patches/0005-BLENDER-Support-both-exclusive-and-non-exclusive-sco.patch b/patches/0005-BLENDER-Support-both-exclusive-and-non-exclusive-sco.patch
index 22d641ccf9ab3..584fa3587301d 100644
--- a/patches/0005-BLENDER-Support-both-exclusive-and-non-exclusive-sco.patch
+++ b/patches/0005-BLENDER-Support-both-exclusive-and-non-exclusive-sco.patch
@@ -1,7 +1,7 @@
-From 21206ca6201d4b510cffc0068aabd785f5864850 Mon Sep 17 00:00:00 2001
+From a6b1b4b3516ec833c4ebf737b60ab8ff45562921 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 13:58:05 +0200
-Subject: [PATCH 05/18] BLENDER: Support both exclusive and non-exclusive scope
+Subject: [PATCH 05/17] BLENDER: Support both exclusive and non-exclusive scope
  for labels
 
 ---
@@ -13,10 +13,10 @@ Subject: [PATCH 05/18] BLENDER: Support both exclusive and non-exclusive scope
  5 files changed, 29 insertions(+), 22 deletions(-)
 
 diff --git a/models/issues/label.go b/models/issues/label.go
-index b9d24bbe99..6eb8a888e9 100644
+index cfbe100926..cb7726aa71 100644
 --- a/models/issues/label.go
 +++ b/models/issues/label.go
-@@ -183,11 +183,8 @@ func (l *Label) BelongsToRepo() bool {
+@@ -184,11 +184,8 @@ func (l *Label) BelongsToRepo() bool {
  	return l.RepoID > 0
  }
  
@@ -30,7 +30,7 @@ index b9d24bbe99..6eb8a888e9 100644
  	lastIndex := strings.LastIndex(l.Name, "/")
  	if lastIndex == -1 || lastIndex == 0 || lastIndex == len(l.Name)-1 {
  		return ""
-@@ -195,6 +192,14 @@ func (l *Label) ExclusiveScope() string {
+@@ -196,6 +193,14 @@ func (l *Label) ExclusiveScope() string {
  	return l.Name[:lastIndex]
  }
  
@@ -46,10 +46,10 @@ index b9d24bbe99..6eb8a888e9 100644
  func NewLabel(ctx context.Context, l *Label) error {
  	color, err := label.NormalizeColor(l.Color)
 diff --git a/modules/templates/util_render.go b/modules/templates/util_render.go
-index 1800747f48..ee1b231f2b 100644
+index 8d9ba1000c..53a16944af 100644
 --- a/modules/templates/util_render.go
 +++ b/modules/templates/util_render.go
-@@ -126,7 +126,7 @@ func (ut *RenderUtils) RenderLabel(label *issues_model.Label) template.HTML {
+@@ -127,7 +127,7 @@ func (ut *RenderUtils) RenderLabel(label *issues_model.Label) template.HTML {
  	locale := ut.ctx.Value(translation.ContextKey).(translation.Locale)
  	var extraCSSClasses string
  	textColor := util.ContrastColor(label.Color)
@@ -84,7 +84,7 @@ index 8e2410393d..0d196d1f87 100644
  					</div>
  				{{end}}
 diff --git a/templates/repo/issue/filter_item_label.tmpl b/templates/repo/issue/filter_item_label.tmpl
-index 88e2e43120..ee569b4fd0 100644
+index 0883d93804..11a3ddcc6f 100644
 --- a/templates/repo/issue/filter_item_label.tmpl
 +++ b/templates/repo/issue/filter_item_label.tmpl
 @@ -26,19 +26,19 @@
@@ -113,12 +113,12 @@ index 88e2e43120..ee569b4fd0 100644
  				{{ctx.RenderUtils.RenderLabel .}}
  				<p class="tw-ml-auto">{{template "repo/issue/labels/label_archived" .}}</p>
 diff --git a/templates/repo/issue/sidebar/label_list.tmpl b/templates/repo/issue/sidebar/label_list.tmpl
-index 9b6195a8f4..c8310203c4 100644
+index ed514f6725..2b3255371a 100644
 --- a/templates/repo/issue/sidebar/label_list.tmpl
 +++ b/templates/repo/issue/sidebar/label_list.tmpl
 @@ -19,23 +19,25 @@
  				<div class="scrolling menu">
- 					<a class="item clear-selection" href="#">{{ctx.Locale.Tr "repo.issues.new.clear_labels"}}</a>
+ 					<a class="item clear-selection" data-text="" href="#">{{ctx.Locale.Tr "repo.issues.new.clear_labels"}}</a>
  					<div class="divider"></div>
 -					{{$previousExclusiveScope := "_no_scope"}}
 +					{{$previousScope := "_no_scope"}}
diff --git a/patches/0006-BLENDER-Projects-button-to-show-hide-issue-details-a.patch b/patches/0006-BLENDER-Projects-button-to-show-hide-issue-details-a.patch
index a0809893eaffb..96e27e3684bb6 100644
--- a/patches/0006-BLENDER-Projects-button-to-show-hide-issue-details-a.patch
+++ b/patches/0006-BLENDER-Projects-button-to-show-hide-issue-details-a.patch
@@ -1,7 +1,7 @@
-From dc145e6f21466387dde81ce41664c4100ee271bb Mon Sep 17 00:00:00 2001
+From d424d073fb21437c7ab2b47716e52ccca1af1ef4 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 14:00:36 +0200
-Subject: [PATCH 06/18] BLENDER: Projects: button to show/hide issue details
+Subject: [PATCH 06/17] BLENDER: Projects: button to show/hide issue details
  and closed issue
 
 Both are off by default. This is implemented fully on the frontend, so
@@ -9,18 +9,18 @@ all issues and their details are still always loaded.
 ---
  templates/projects/view.tmpl      | 43 ++++++++++++++++++++++++++++++-
  templates/repo/issue/card.tmpl    | 25 ++++++++++--------
- web_src/css/features/projects.css |  2 +-
+ web_src/css/features/projects.css |  8 ++++++
  web_src/css/repo/issue-card.css   |  2 ++
- 4 files changed, 59 insertions(+), 13 deletions(-)
+ 4 files changed, 66 insertions(+), 12 deletions(-)
 
 diff --git a/templates/projects/view.tmpl b/templates/projects/view.tmpl
-index 217ffe6355..9640deee94 100644
+index 7e89db0005..413f306585 100644
 --- a/templates/projects/view.tmpl
 +++ b/templates/projects/view.tmpl
-@@ -19,6 +19,16 @@
- 						"TextNegativeOne" (ctx.Locale.Tr "repo.issues.filter_assginee_no_assignee")
- 					}}
- 				</div>
+@@ -17,6 +17,16 @@
+ 				"TextFilterMatchAny" (ctx.Locale.Tr "repo.issues.filter_assignee_any_assignee")
+ 			}}
+ 		</div>
 +			<div class="ui compact mini menu" style="margin-left: auto; margin-right: 1em;">
 +				<button class="item btn" onclick="clickDetailsView()">
 +					<span class="issue-card-details">Show Details</span>
@@ -33,8 +33,8 @@ index 217ffe6355..9640deee94 100644
 +			</div>
  		{{if $canWriteProject}}
  			<div class="ui compact mini menu">
- 				<a class="item" href="{{.Link}}/edit?redirect=project">
-@@ -168,7 +178,7 @@
+ 				<a class="item screen-full">
+@@ -112,7 +122,7 @@
  				<div class="divider"{{if .Color}} style="color: {{ContrastColor .Color}} !important"{{end}}></div>
  				<div class="ui cards" data-url="{{$.Link}}/{{.ID}}" data-project="{{$.Project.ID}}" data-board="{{.ID}}" id="board_{{.ID}}">
  					{{range (index $.IssuesMap .ID)}}
@@ -43,7 +43,7 @@ index 217ffe6355..9640deee94 100644
  							{{template "repo/issue/card" (dict "Issue" . "Page" $)}}
  						</div>
  					{{end}}
-@@ -178,6 +188,37 @@
+@@ -122,6 +132,37 @@
  	</div>
  </div>
  
@@ -78,11 +78,11 @@ index 217ffe6355..9640deee94 100644
 +	}
 +</script>
 +
- {{if .CanWriteProjects}}
- 	<div class="ui g-modal-confirm delete modal">
- 		<div class="header">
+ {{if $canWriteProject}}
+ <div class="ui small modal" id="project-column-modal-edit">
+ 	<div class="header">edit</div>
 diff --git a/templates/repo/issue/card.tmpl b/templates/repo/issue/card.tmpl
-index 2e19e86d7a..e27cf1cbb7 100644
+index 41fe6cea8f..99d77f4adf 100644
 --- a/templates/repo/issue/card.tmpl
 +++ b/templates/repo/issue/card.tmpl
 @@ -10,6 +10,14 @@
@@ -124,7 +124,7 @@ index 2e19e86d7a..e27cf1cbb7 100644
  		{{range index $.Page.LinkedPRs .ID}}
 -		<div class="meta tw-my-1">
 +		<div class="meta tw-my-1 issue-card-details tw-hidden">
- 			<a href="{{$.Issue.Repo.Link}}/pulls/{{.Index}}">
+ 			<a href="{{.Repo.Link}}/pulls/{{.Index}}">
  				<span class="tw-m-0 text {{if .PullRequest.HasMerged}}purple{{else if .IsClosed}}red{{else}}green{{end}}">{{svg "octicon-git-merge" 16 "tw-mr-1 tw-align-middle"}}</span>
  				<span class="tw-align-middle">{{.Title}} <span class="text light grey">#{{.Index}}</span></span>
 @@ -54,25 +62,20 @@
@@ -157,18 +157,24 @@ index 2e19e86d7a..e27cf1cbb7 100644
  	{{end}}
  {{end}}
 diff --git a/web_src/css/features/projects.css b/web_src/css/features/projects.css
-index ef3b036217..ca5057118f 100644
+index 1d09e9c7ea..b6bd1d250d 100644
 --- a/web_src/css/features/projects.css
 +++ b/web_src/css/features/projects.css
-@@ -16,7 +16,7 @@
-   padding: 0.5rem !important;
-   width: 320px;
-   height: initial;
--  min-height: max(calc(100vh - 400px), 300px);
+@@ -19,6 +19,14 @@
+ }
+ 
+ .project-column {
++  background-color: var(--color-project-column-bg) !important;
++  border: 1px solid var(--color-secondary) !important;
++  border-radius: var(--border-radius);
++  margin: 0 0.5rem !important;
++  padding: 0.5rem !important;
++  width: 320px;
++  height: initial;
 +  min-height: max(calc(100vh - 225px), 300px);
    flex: 0 0 auto;
-   overflow: visible;
    display: flex;
+   flex-direction: column;
 diff --git a/web_src/css/repo/issue-card.css b/web_src/css/repo/issue-card.css
 index fb832bd05a..4fb9b42f46 100644
 --- a/web_src/css/repo/issue-card.css
diff --git a/patches/0007-BLENDER-Lazy-pull-request-checking.patch b/patches/0007-BLENDER-Lazy-pull-request-checking.patch
deleted file mode 100644
index 73dd71a6d133d..0000000000000
--- a/patches/0007-BLENDER-Lazy-pull-request-checking.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From c7ff5bb517d85240efd8915ac065021329e38a7a Mon Sep 17 00:00:00 2001
-From: Brecht Van Lommel <brecht@blender.org>
-Date: Fri, 10 May 2024 14:02:04 +0200
-Subject: [PATCH 07/18] BLENDER: Lazy pull request checking
-
-Delay conflict checking of PRs that had no update in last 24h until page load.
-This solves the problem where after every commit to main, it takes a long time
-for conflict checking to update as it goes through many old PRs.
----
- routers/web/repo/issue_view.go |  3 ++
- services/pull/check.go         | 55 ++++++++++++++++++++++++++++++++--
- services/pull/pull.go          |  2 +-
- 3 files changed, 56 insertions(+), 4 deletions(-)
-
-diff --git a/routers/web/repo/issue_view.go b/routers/web/repo/issue_view.go
-index 09b57f4e78..a45c68dfc9 100644
---- a/routers/web/repo/issue_view.go
-+++ b/routers/web/repo/issue_view.go
-@@ -778,6 +778,9 @@ func preparePullViewReviewAndMerge(ctx *context.Context, issue *issues_model.Iss
- 	allowMerge := false
- 	canWriteToHeadRepo := false
- 
-+	// BLENDER: Lazy conflict checking
-+	pull_service.AddToTaskQueueOnView(ctx, pull)
-+
- 	if ctx.IsSigned {
- 		if err := pull.LoadHeadRepo(ctx); err != nil {
- 			log.Error("LoadHeadRepo: %v", err)
-diff --git a/services/pull/check.go b/services/pull/check.go
-index baca1511a2..af19214412 100644
---- a/services/pull/check.go
-+++ b/services/pull/check.go
-@@ -10,6 +10,7 @@ import (
- 	"fmt"
- 	"strconv"
- 	"strings"
-+	"time"
- 
- 	"code.gitea.io/gitea/models"
- 	"code.gitea.io/gitea/models/db"
-@@ -45,20 +46,61 @@ var (
- )
- 
- // AddToTaskQueue adds itself to pull request test task queue.
--func AddToTaskQueue(ctx context.Context, pr *issues_model.PullRequest) {
-+func setStatusChecking(ctx context.Context, pr *issues_model.PullRequest) bool {
- 	pr.Status = issues_model.PullRequestStatusChecking
- 	err := pr.UpdateColsIfNotMerged(ctx, "status")
- 	if err != nil {
- 		log.Error("AddToTaskQueue(%-v).UpdateCols.(add to queue): %v", pr, err)
--		return
-+		return false
- 	}
-+	return true
-+}
-+
-+func addToTaskQueue(pr *issues_model.PullRequest) {
- 	log.Trace("Adding %-v to the test pull requests queue", pr)
--	err = prPatchCheckerQueue.Push(strconv.FormatInt(pr.ID, 10))
-+	err := prPatchCheckerQueue.Push(strconv.FormatInt(pr.ID, 10))
- 	if err != nil && err != queue.ErrAlreadyInQueue {
- 		log.Error("Error adding %-v to the test pull requests queue: %v", pr, err)
- 	}
- }
- 
-+func checkPRUpdate(ctx context.Context, pr *issues_model.PullRequest) bool {
-+	if err := pr.LoadIssue(ctx); err != nil {
-+		return false
-+	}
-+	if pr.Issue.UpdatedUnix.AddDuration(24*time.Hour) < timeutil.TimeStampNow() {
-+		log.Trace("Delaying %-v patch checking because it was not updated recently", pr)
-+		return false
-+	}
-+
-+	return true
-+}
-+
-+func AddToTaskQueueOnView(ctx context.Context, pr *issues_model.PullRequest) {
-+	if pr.Status == issues_model.PullRequestStatusChecking {
-+		addToTaskQueue(pr)
-+	}
-+}
-+
-+func AddToTaskQueueOnBaseUpdate(ctx context.Context, pr *issues_model.PullRequest) {
-+	// Blender: don't immediately check PRs older than a week, instead check when
-+	// the page is loaded.
-+	if !setStatusChecking(ctx, pr) {
-+		return
-+	}
-+	if !checkPRUpdate(ctx, pr) {
-+		return
-+	}
-+
-+	addToTaskQueue(pr)
-+}
-+
-+func AddToTaskQueue(ctx context.Context, pr *issues_model.PullRequest) {
-+	if setStatusChecking(ctx, pr) {
-+		addToTaskQueue(pr)
-+	}
-+}
-+
- type MergeCheckType int
- 
- const (
-@@ -331,6 +373,13 @@ func InitializePullRequests(ctx context.Context) {
- 		case <-ctx.Done():
- 			return
- 		default:
-+			pr, err := issues_model.GetPullRequestByID(ctx, prID)
-+			if err != nil {
-+				continue
-+			}
-+			if !checkPRUpdate(ctx, pr) {
-+				continue
-+			}
- 			log.Trace("Adding PR[%d] to the pull requests patch checking queue", prID)
- 			if err := prPatchCheckerQueue.Push(strconv.FormatInt(prID, 10)); err != nil {
- 				log.Error("Error adding PR[%d] to the pull requests patch checking queue %v", prID, err)
-diff --git a/services/pull/pull.go b/services/pull/pull.go
-index 11718c2f87..d856e505ef 100644
---- a/services/pull/pull.go
-+++ b/services/pull/pull.go
-@@ -479,7 +479,7 @@ func AddTestPullRequestTask(opts TestPullRequestOptions) {
- 					log.Error("UpdateCommitDivergence: %v", err)
- 				}
- 			}
--			AddToTaskQueue(ctx, pr)
-+			AddToTaskQueueOnBaseUpdate(ctx, pr)
- 		}
- 	})
- }
--- 
-2.49.0
-
diff --git a/patches/0008-BLENDER-Remember-login-for-OAuth-Blender-ID.patch b/patches/0007-BLENDER-Remember-login-for-OAuth-Blender-ID.patch
similarity index 80%
rename from patches/0008-BLENDER-Remember-login-for-OAuth-Blender-ID.patch
rename to patches/0007-BLENDER-Remember-login-for-OAuth-Blender-ID.patch
index 7770c18364e07..1d2bf9576ee99 100644
--- a/patches/0008-BLENDER-Remember-login-for-OAuth-Blender-ID.patch
+++ b/patches/0007-BLENDER-Remember-login-for-OAuth-Blender-ID.patch
@@ -1,7 +1,7 @@
-From 619f7a041405989c2e1b7fec3cdff6783384f26d Mon Sep 17 00:00:00 2001
+From 3e244276ab49e7edd925df8979d7a0f0b39770ae Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 14:04:02 +0200
-Subject: [PATCH 08/18] BLENDER: Remember login for OAuth / Blender ID
+Subject: [PATCH 07/17] BLENDER: Remember login for OAuth / Blender ID
 
 Otherwise for some browsers, users have to login again for every session.
 ---
@@ -9,20 +9,20 @@ Otherwise for some browsers, users have to login again for every session.
  1 file changed, 13 insertions(+)
 
 diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
-index 75f94de0ed..5b58bc6337 100644
+index a13b987aab..0769c58fe9 100644
 --- a/routers/web/auth/oauth.go
 +++ b/routers/web/auth/oauth.go
-@@ -20,7 +20,9 @@ import (
- 	"code.gitea.io/gitea/modules/log"
- 	"code.gitea.io/gitea/modules/optional"
+@@ -21,7 +21,9 @@ import (
+ 	"code.gitea.io/gitea/modules/session"
  	"code.gitea.io/gitea/modules/setting"
+ 	"code.gitea.io/gitea/modules/templates"
 +	"code.gitea.io/gitea/modules/timeutil"
  	"code.gitea.io/gitea/modules/web/middleware"
 +	auth_service "code.gitea.io/gitea/services/auth"
  	source_service "code.gitea.io/gitea/services/auth/source"
  	"code.gitea.io/gitea/services/auth/source/oauth2"
  	"code.gitea.io/gitea/services/context"
-@@ -360,6 +362,17 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
+@@ -368,6 +370,17 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
  			return
  		}
  
diff --git a/patches/0009-BLENDER-Always-login-with-Blender-ID-unless-noredire.patch b/patches/0008-BLENDER-Always-login-with-Blender-ID-unless-noredire.patch
similarity index 81%
rename from patches/0009-BLENDER-Always-login-with-Blender-ID-unless-noredire.patch
rename to patches/0008-BLENDER-Always-login-with-Blender-ID-unless-noredire.patch
index fdc3455bfc67b..59687804ed29d 100644
--- a/patches/0009-BLENDER-Always-login-with-Blender-ID-unless-noredire.patch
+++ b/patches/0008-BLENDER-Always-login-with-Blender-ID-unless-noredire.patch
@@ -1,7 +1,7 @@
-From d5dd5fed65a963e7564f00f9ec4bc80cd6b00519 Mon Sep 17 00:00:00 2001
+From 4bb623a96762b5457e7b8c0724bd1c48fe004fc2 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 14:04:49 +0200
-Subject: [PATCH 09/18] BLENDER: Always login with Blender ID, unless
+Subject: [PATCH 08/17] BLENDER: Always login with Blender ID, unless
  noredirect is specified
 
 ---
@@ -9,10 +9,10 @@ Subject: [PATCH 09/18] BLENDER: Always login with Blender ID, unless
  1 file changed, 24 insertions(+)
 
 diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
-index ee70889a53..2910d7bc39 100644
+index 87edbc357b..b98fad647a 100644
 --- a/routers/web/auth/auth.go
 +++ b/routers/web/auth/auth.go
-@@ -160,6 +160,26 @@ func CheckAutoLogin(ctx *context.Context) bool {
+@@ -164,6 +164,26 @@ func CheckAutoLogin(ctx *context.Context) bool {
  	return false
  }
  
@@ -39,7 +39,7 @@ index ee70889a53..2910d7bc39 100644
  func prepareSignInPageData(ctx *context.Context) {
  	ctx.Data["Title"] = ctx.Tr("sign_in")
  	ctx.Data["OAuth2Providers"], _ = oauth2.GetOAuth2Providers(ctx, optional.Some(true))
-@@ -181,6 +201,10 @@ func SignIn(ctx *context.Context) {
+@@ -185,6 +205,10 @@ func SignIn(ctx *context.Context) {
  	if CheckAutoLogin(ctx) {
  		return
  	}
diff --git a/patches/0010-BLENDER-Allow-non-local-users-to-be-renamed.patch b/patches/0009-BLENDER-Allow-non-local-users-to-be-renamed.patch
similarity index 78%
rename from patches/0010-BLENDER-Allow-non-local-users-to-be-renamed.patch
rename to patches/0009-BLENDER-Allow-non-local-users-to-be-renamed.patch
index 8eb4d50f146d5..a8d2b858ae7e6 100644
--- a/patches/0010-BLENDER-Allow-non-local-users-to-be-renamed.patch
+++ b/patches/0009-BLENDER-Allow-non-local-users-to-be-renamed.patch
@@ -1,7 +1,7 @@
-From 3a7478dce8bd171b9537ab8ba827a3366f932a54 Mon Sep 17 00:00:00 2001
+From ccb4ae19ff4f2c6dd0023623cae96afc9a7a7b17 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 14:05:47 +0200
-Subject: [PATCH 10/18] BLENDER: Allow non-local users to be renamed
+Subject: [PATCH 09/17] BLENDER: Allow non-local users to be renamed
 
 For Blender ID hook to do this.
 ---
@@ -9,10 +9,10 @@ For Blender ID hook to do this.
  1 file changed, 7 insertions(+), 6 deletions(-)
 
 diff --git a/services/user/user.go b/services/user/user.go
-index 7bde642412..5dda32f708 100644
+index 1aeebff142..5763cf015f 100644
 --- a/services/user/user.go
 +++ b/services/user/user.go
-@@ -37,12 +37,13 @@ func RenameUser(ctx context.Context, u *user_model.User, newUserName string) err
+@@ -36,12 +36,13 @@ func RenameUser(ctx context.Context, u *user_model.User, newUserName string) err
  	}
  
  	// Non-local users are not allowed to change their username.
diff --git a/patches/0011-BLENDER-Workaround-internal-server-error-comparing-b.patch b/patches/0010-BLENDER-Workaround-internal-server-error-comparing-b.patch
similarity index 65%
rename from patches/0011-BLENDER-Workaround-internal-server-error-comparing-b.patch
rename to patches/0010-BLENDER-Workaround-internal-server-error-comparing-b.patch
index a7695158e202f..bdeabcb6b70fb 100644
--- a/patches/0011-BLENDER-Workaround-internal-server-error-comparing-b.patch
+++ b/patches/0010-BLENDER-Workaround-internal-server-error-comparing-b.patch
@@ -1,7 +1,7 @@
-From ffc6d64f27593ca7bf8c080401a787532f4848eb Mon Sep 17 00:00:00 2001
+From 08c864ffbfaa6759fd8d02406a88b90e14bc9c64 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 14:07:25 +0200
-Subject: [PATCH 11/18] BLENDER: Workaround internal server error comparing
+Subject: [PATCH 10/17] BLENDER: Workaround internal server error comparing
  branches on some repos
 
 https://projects.blender.org/infrastructure/blender-projects-platform/issues/61
@@ -12,16 +12,16 @@ And add trace log for investigation.
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/modules/git/repo_compare.go b/modules/git/repo_compare.go
-index 16fcdcf4c8..91d61d2158 100644
+index ff44506e13..b718ba6599 100644
 --- a/modules/git/repo_compare.go
 +++ b/modules/git/repo_compare.go
 @@ -39,9 +39,12 @@ func (repo *Repository) GetMergeBase(tmpRemote, base, head string) (string, stri
  	if tmpRemote != "origin" {
  		tmpBaseName := RemotePrefix + tmpRemote + "/tmp_" + base
  		// Fetch commit into a temporary branch in order to be able to handle commits and tags
--		_, _, err := NewCommand(repo.Ctx, "fetch", "--no-tags").AddDynamicArguments(tmpRemote).AddDashesAndList(base + ":" + tmpBaseName).RunStdString(&RunOpts{Dir: repo.Path})
+-		_, _, err := NewCommand("fetch", "--no-tags").AddDynamicArguments(tmpRemote).AddDashesAndList(base+":"+tmpBaseName).RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
 +		// --no-write-commit-graph works around issue with commit-graph-chain.lock files that should not be there.
-+		_, _, err := NewCommand(repo.Ctx, "fetch", "--no-write-commit-graph", "--no-tags").AddDynamicArguments(tmpRemote).AddDashesAndList(base + ":" + tmpBaseName).RunStdString(&RunOpts{Dir: repo.Path})
++		_, _, err := NewCommand("fetch", "--no-write-commit-graph", "--no-tags").AddDynamicArguments(tmpRemote).AddDashesAndList(base+":"+tmpBaseName).RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
  		if err == nil {
  			base = tmpBaseName
 +		} else {
diff --git a/patches/0013-BLENDER-Add-docs-explaining-merge-strategy.patch b/patches/0011-BLENDER-Add-docs-explaining-merge-strategy.patch
similarity index 87%
rename from patches/0013-BLENDER-Add-docs-explaining-merge-strategy.patch
rename to patches/0011-BLENDER-Add-docs-explaining-merge-strategy.patch
index ac53f1c963f3b..359f25e4ee929 100644
--- a/patches/0013-BLENDER-Add-docs-explaining-merge-strategy.patch
+++ b/patches/0011-BLENDER-Add-docs-explaining-merge-strategy.patch
@@ -1,7 +1,7 @@
-From c7ce8c9d1bb65b13201e5c10c629a4ba38c7e493 Mon Sep 17 00:00:00 2001
+From ba6e7f406ab94810920858315d92a8e8d640fc2e Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Fri, 10 May 2024 14:58:32 +0200
-Subject: [PATCH 13/18] BLENDER: Add docs explaining merge strategy
+Subject: [PATCH 11/17] BLENDER: Add docs explaining merge strategy
 
 ---
  BLENDER_README.md | 12 ++++++++++++
diff --git a/patches/0014-BLENDER-Add-Python-for-external-renderering.patch b/patches/0012-BLENDER-Add-Python-for-external-renderering.patch
similarity index 80%
rename from patches/0014-BLENDER-Add-Python-for-external-renderering.patch
rename to patches/0012-BLENDER-Add-Python-for-external-renderering.patch
index b7804c488eb3a..0606faa6c6a46 100644
--- a/patches/0014-BLENDER-Add-Python-for-external-renderering.patch
+++ b/patches/0012-BLENDER-Add-Python-for-external-renderering.patch
@@ -1,7 +1,7 @@
-From baddc7d7cbccc3dbbd2fcdb74594fa62a3964a13 Mon Sep 17 00:00:00 2001
+From c70d0ab51311c2c32349e9ac9d889c85f0ec31d6 Mon Sep 17 00:00:00 2001
 From: Bart van der Braak <bart@blender.org>
 Date: Wed, 4 Dec 2024 15:29:10 +0100
-Subject: [PATCH 14/18] BLENDER: Add Python for external renderering
+Subject: [PATCH 12/17] BLENDER: Add Python for external renderering
 
 To be used for RestructuredText rendering using Sphinx to HTML.
 
@@ -11,7 +11,7 @@ See: https://projects.blender.org/infrastructure/gitea-custom/src/branch/main/sp
  1 file changed, 5 insertions(+)
 
 diff --git a/Dockerfile.rootless b/Dockerfile.rootless
-index be6f125104..1032790dd0 100644
+index c87a965608..32a3ff259a 100644
 --- a/Dockerfile.rootless
 +++ b/Dockerfile.rootless
 @@ -54,6 +54,11 @@ RUN apk --no-cache add \
diff --git a/patches/0015-BLENDER-Fix-RemoveUserBadges-incorrect-sql.patch b/patches/0013-BLENDER-Fix-RemoveUserBadges-incorrect-sql.patch
similarity index 92%
rename from patches/0015-BLENDER-Fix-RemoveUserBadges-incorrect-sql.patch
rename to patches/0013-BLENDER-Fix-RemoveUserBadges-incorrect-sql.patch
index 36f4114b6c73b..0ab6455418064 100644
--- a/patches/0015-BLENDER-Fix-RemoveUserBadges-incorrect-sql.patch
+++ b/patches/0013-BLENDER-Fix-RemoveUserBadges-incorrect-sql.patch
@@ -1,7 +1,7 @@
-From 9dbe882b8d5ad70237296bf2a3eb28094184b58e Mon Sep 17 00:00:00 2001
+From 76f2b9a26d8cb659caec84fd16ce69a9a0a293c7 Mon Sep 17 00:00:00 2001
 From: Oleg Komarov <oleg@blender.org>
 Date: Wed, 2 Apr 2025 17:11:01 +0200
-Subject: [PATCH 15/18] BLENDER: Fix RemoveUserBadges incorrect sql
+Subject: [PATCH 13/17] BLENDER: Fix RemoveUserBadges incorrect sql
 
 ---
  models/user/badge.go | 22 ++++++++++++++++------
diff --git a/patches/0016-BLENDER-Sync-user-badges-on-sign-in.patch b/patches/0014-BLENDER-Sync-user-badges-on-sign-in.patch
similarity index 95%
rename from patches/0016-BLENDER-Sync-user-badges-on-sign-in.patch
rename to patches/0014-BLENDER-Sync-user-badges-on-sign-in.patch
index 50d0dda783186..cd82d370e4caf 100644
--- a/patches/0016-BLENDER-Sync-user-badges-on-sign-in.patch
+++ b/patches/0014-BLENDER-Sync-user-badges-on-sign-in.patch
@@ -1,7 +1,7 @@
-From 5f7b162ec379635b6ece4bc7aa545ccf9f65fe6e Mon Sep 17 00:00:00 2001
+From 5b5fbcb39d1941a4f67856b8af02cce461a31f72 Mon Sep 17 00:00:00 2001
 From: Oleg Komarov <oleg@blender.org>
 Date: Wed, 2 Apr 2025 17:30:05 +0200
-Subject: [PATCH 16/18] BLENDER: Sync user badges on sign-in
+Subject: [PATCH 14/17] BLENDER: Sync user badges on sign-in
 
 Don't escalate any errors, only log them, to avoid breaking sign-in.
 ---
@@ -13,10 +13,10 @@ Don't escalate any errors, only log them, to avoid breaking sign-in.
  create mode 100644 services/user/badge_test.go
 
 diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
-index 5b58bc6337..08bd10b830 100644
+index 0769c58fe9..8c831e5e66 100644
 --- a/routers/web/auth/oauth.go
 +++ b/routers/web/auth/oauth.go
-@@ -299,8 +299,32 @@ func updateAvatarIfNeed(ctx *context.Context, url string, u *user_model.User) {
+@@ -301,8 +301,32 @@ func updateAvatarIfNeed(ctx *context.Context, url string, u *user_model.User) {
  	}
  }
  
@@ -48,7 +48,7 @@ index 5b58bc6337..08bd10b830 100644
 +	}
  
  	needs2FA := false
- 	if !source.Cfg.(*oauth2.Source).SkipLocalTwoFA {
+ 	if !source.TwoFactorShouldSkip() {
 diff --git a/services/user/badge.go b/services/user/badge.go
 new file mode 100644
 index 0000000000..be6124a7fe
diff --git a/patches/0017-BLENDER-Add-Spam-Reporting.patch b/patches/0015-BLENDER-Add-Spam-Reporting.patch
similarity index 95%
rename from patches/0017-BLENDER-Add-Spam-Reporting.patch
rename to patches/0015-BLENDER-Add-Spam-Reporting.patch
index be33303dcb5b4..44b3d78a0da03 100644
--- a/patches/0017-BLENDER-Add-Spam-Reporting.patch
+++ b/patches/0015-BLENDER-Add-Spam-Reporting.patch
@@ -1,7 +1,7 @@
-From 4470d5e4ec3482d1534d8e17d25ff59cd6ed730b Mon Sep 17 00:00:00 2001
+From c58ce4daad7f00005200639b6a8275e361538824 Mon Sep 17 00:00:00 2001
 From: Oleg Komarov <oleg@blender.org>
 Date: Fri, 11 Apr 2025 16:57:54 +0200
-Subject: [PATCH 17/18] BLENDER: Add Spam Reporting
+Subject: [PATCH] BLENDER: Add Spam Reporting
 
 Spam reporting is available for trusted users (org members and admins) via a
 button on a spammer's profile page;
@@ -10,11 +10,11 @@ a new "pending spam reports" indicator in the header for admins.
 ---
  models/user/spamreport.go                     | 136 +++++++++++
  options/locale/locale_en-US.ini               |  22 ++
- routers/web/admin/spamreports.go              | 142 +++++++++++
+ routers/web/admin/spamreports.go              | 141 +++++++++++
  routers/web/shared/user/header.go             |  20 ++
  routers/web/user/setting/spamreport.go        |  43 ++++
  routers/web/web.go                            |  12 +
- services/user/spamreport.go                   | 226 ++++++++++++++++++
+ services/user/spamreport.go                   | 230 ++++++++++++++++++
  services/user/spamreport_test.go              |  93 +++++++
  templates/admin/navbar.tmpl                   |   5 +-
  templates/admin/spamreports/list.tmpl         |  88 +++++++
@@ -22,7 +22,7 @@ a new "pending spam reports" indicator in the header for admins.
  templates/shared/user/profile_big_avatar.tmpl |  17 ++
  .../shared/user/purgespammer_user_dialog.tmpl |  14 ++
  .../shared/user/spamreport_user_dialog.tmpl   |  14 ++
- 14 files changed, 838 insertions(+), 1 deletion(-)
+ 14 files changed, 841 insertions(+), 1 deletion(-)
  create mode 100644 models/user/spamreport.go
  create mode 100644 routers/web/admin/spamreports.go
  create mode 100644 routers/web/user/setting/spamreport.go
@@ -175,10 +175,10 @@ index 0000000000..a4390c9d4a
 +	return nil, err
 +}
 diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
-index 6b6f83a64b..7d6bc40a3d 100644
+index b9aae48f86..c1d828f62e 100644
 --- a/options/locale/locale_en-US.ini
 +++ b/options/locale/locale_en-US.ini
-@@ -692,6 +692,18 @@ block.note.edit = Edit note
+@@ -710,6 +710,18 @@ block.note.edit = Edit note
  block.list = Blocked users
  block.list.none = You have not blocked any users.
  
@@ -197,7 +197,7 @@ index 6b6f83a64b..7d6bc40a3d 100644
  [settings]
  profile = Profile
  account = Account
-@@ -2899,6 +2911,7 @@ first_page = First
+@@ -2943,6 +2955,7 @@ first_page = First
  last_page = Last
  total = Total: %d
  settings = Admin Settings
@@ -205,7 +205,7 @@ index 6b6f83a64b..7d6bc40a3d 100644
  
  dashboard.new_version_hint = Gitea %s is now available, you are running %s. Check <a target="_blank" rel="noreferrer" href="%s">the blog</a> for more details.
  dashboard.statistic = Summary
-@@ -2986,6 +2999,7 @@ dashboard.sync_branch.started = Branches Sync started
+@@ -3030,6 +3043,7 @@ dashboard.sync_branch.started = Branches Sync started
  dashboard.sync_tag.started = Tags Sync started
  dashboard.rebuild_issue_indexer = Rebuild issue indexer
  dashboard.sync_repo_licenses = Sync repo licenses
@@ -213,7 +213,7 @@ index 6b6f83a64b..7d6bc40a3d 100644
  
  users.user_manage_panel = User Account Management
  users.new_account = Create User Account
-@@ -3062,6 +3076,14 @@ emails.delete_desc = Are you sure you want to delete this email address?
+@@ -3106,6 +3120,14 @@ emails.delete_desc = Are you sure you want to delete this email address?
  emails.deletion_success = The email address has been deleted.
  emails.delete_primary_email_error = You can not delete the primary email.
  
@@ -230,10 +230,10 @@ index 6b6f83a64b..7d6bc40a3d 100644
  orgs.teams = Teams
 diff --git a/routers/web/admin/spamreports.go b/routers/web/admin/spamreports.go
 new file mode 100644
-index 0000000000..6f2ce0c37a
+index 0000000000..16fbd615bd
 --- /dev/null
 +++ b/routers/web/admin/spamreports.go
-@@ -0,0 +1,142 @@
+@@ -0,0 +1,141 @@
 +// Copyright 2025 The Gitea Authors.
 +// SPDX-License-Identifier: MIT
 +
@@ -247,15 +247,15 @@ index 0000000000..6f2ce0c37a
 +
 +	"code.gitea.io/gitea/models/db"
 +	user_model "code.gitea.io/gitea/models/user"
-+	"code.gitea.io/gitea/modules/base"
 +	"code.gitea.io/gitea/modules/log"
 +	"code.gitea.io/gitea/modules/setting"
++	"code.gitea.io/gitea/modules/templates"
 +	"code.gitea.io/gitea/services/context"
 +	user_service "code.gitea.io/gitea/services/user"
 +)
 +
 +const (
-+	tplSpamReports base.TplName = "admin/spamreports/list"
++	tplSpamReports templates.TplName = "admin/spamreports/list"
 +)
 +
 +// GetPendingSpamReports populates the counter for the header section displayed to site admins.
@@ -309,7 +309,6 @@ index 0000000000..6f2ce0c37a
 +	ctx.Data["SpamReports"] = spamReports
 +
 +	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
-+	pager.SetDefaultParams(ctx)
 +	ctx.Data["Page"] = pager
 +
 +	statusCounts, err := user_model.GetSpamReportStatusCounts(ctx)
@@ -377,18 +376,18 @@ index 0000000000..6f2ce0c37a
 +	ctx.Redirect(setting.AppSubURL + "/" + username)
 +}
 diff --git a/routers/web/shared/user/header.go b/routers/web/shared/user/header.go
-index 4cb0592b4b..e1c8b9608a 100644
+index 48a5d58ea4..6379549bef 100644
 --- a/routers/web/shared/user/header.go
 +++ b/routers/web/shared/user/header.go
-@@ -21,6 +21,7 @@ import (
- 	"code.gitea.io/gitea/modules/optional"
+@@ -22,6 +22,7 @@ import (
  	"code.gitea.io/gitea/modules/setting"
+ 	"code.gitea.io/gitea/modules/util"
  	"code.gitea.io/gitea/services/context"
 +	user_service "code.gitea.io/gitea/services/user"
  )
  
- // prepareContextForCommonProfile store some common data into context data for user's profile related pages (including the nav menu)
-@@ -90,6 +91,25 @@ func PrepareContextForProfileBigAvatar(ctx *context.Context) {
+ // prepareContextForProfileBigAvatar set the context for big avatar view on the profile page
+@@ -89,6 +90,25 @@ func prepareContextForProfileBigAvatar(ctx *context.Context) {
  		} else {
  			ctx.Data["UserBlocking"] = block
  		}
@@ -464,19 +463,19 @@ index 0000000000..254b54c56f
 +	ctx.Redirect(setting.AppSubURL + "/" + username)
 +}
 diff --git a/routers/web/web.go b/routers/web/web.go
-index cf9959ecfe..b0cec470f2 100644
+index bd850baec0..385d15dc5e 100644
 --- a/routers/web/web.go
 +++ b/routers/web/web.go
-@@ -284,6 +284,8 @@ func Routes() *web.Router {
- 	mid = append(mid, user.GetNotificationCount)
- 	mid = append(mid, repo.GetActiveStopwatch)
+@@ -282,6 +282,8 @@ func Routes() *web.Router {
+ 
  	mid = append(mid, goGet)
+ 	mid = append(mid, common.PageTmplFunctions)
 +	// BLENDER: spam reporting
 +	mid = append(mid, admin.GetPendingSpamReports)
  
  	webRoutes := web.NewRouter()
  	webRoutes.Use(mid...)
-@@ -676,6 +678,9 @@ func registerWebRoutes(m *web.Router) {
+@@ -682,6 +684,9 @@ func registerWebRoutes(m *web.Router) {
  			m.Get("", user_setting.BlockedUsers)
  			m.Post("", web.Bind(forms.BlockUserForm{}), user_setting.BlockedUsersPost)
  		})
@@ -486,7 +485,7 @@ index cf9959ecfe..b0cec470f2 100644
  	}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "EnablePackages", setting.Packages.Enabled))
  
  	m.Group("/user", func() {
-@@ -748,6 +753,13 @@ func registerWebRoutes(m *web.Router) {
+@@ -755,6 +760,13 @@ func registerWebRoutes(m *web.Router) {
  			m.Post("/delete", admin.DeleteEmail)
  		})
  
@@ -502,10 +501,10 @@ index cf9959ecfe..b0cec470f2 100644
  		})
 diff --git a/services/user/spamreport.go b/services/user/spamreport.go
 new file mode 100644
-index 0000000000..d240546cc0
+index 0000000000..1d9c2d3236
 --- /dev/null
 +++ b/services/user/spamreport.go
-@@ -0,0 +1,226 @@
+@@ -0,0 +1,230 @@
 +// Copyright 2025 The Gitea Authors. All rights reserved.
 +// SPDX-License-Identifier: MIT
 +
@@ -516,6 +515,7 @@ index 0000000000..d240546cc0
 +import (
 +	"context"
 +	"fmt"
++	"strconv"
 +
 +	"code.gitea.io/gitea/models/db"
 +	issues_model "code.gitea.io/gitea/models/issues"
@@ -675,7 +675,10 @@ index 0000000000..d240546cc0
 +	}
 +
 +	log.Info("Cleaning up issues and pulls by user %s", user.Name)
-+	issues, err := issues_model.Issues(ctx, &issues_model.IssuesOptions{PosterID: optional.Some(user.ID)})
++	issues, err := issues_model.Issues(ctx, &issues_model.IssuesOptions{
++			PosterID: strconv.FormatInt(user.ID, 10),
++	})
++
 +	if err != nil {
 +		return fmt.Errorf("failed to fetch IssueIDs: %w", err)
 +	}
@@ -832,7 +835,7 @@ index 0000000000..2f4ebcdc86
 +	assert.NoError(t, err)
 +}
 diff --git a/templates/admin/navbar.tmpl b/templates/admin/navbar.tmpl
-index 4116357d1d..235547ec0f 100644
+index 72584ec799..6cee23f79c 100644
 --- a/templates/admin/navbar.tmpl
 +++ b/templates/admin/navbar.tmpl
 @@ -13,7 +13,7 @@
@@ -949,10 +952,10 @@ index 0000000000..dc8240ba3f
 +
 +{{template "admin/layout_footer" .}}
 diff --git a/templates/base/head_navbar.tmpl b/templates/base/head_navbar.tmpl
-index 86d73a235d..dd4c015eb8 100644
+index 35e14d38d3..15f1b655e5 100644
 --- a/templates/base/head_navbar.tmpl
 +++ b/templates/base/head_navbar.tmpl
-@@ -91,6 +91,13 @@
+@@ -94,6 +94,13 @@
  			</a>
  			{{end}}
  
@@ -963,14 +966,14 @@ index 86d73a235d..dd4c015eb8 100644
 +				</strong>
 +			</a>
 +			{{end}}
- 			<a class="item not-mobile tw-mx-0" href="{{AppSubUrl}}/notifications" data-tooltip-content="{{ctx.Locale.Tr "notifications"}}" aria-label="{{ctx.Locale.Tr "notifications"}}">
+ 			<a class="item not-mobile" href="{{AppSubUrl}}/notifications" data-tooltip-content="{{ctx.Locale.Tr "notifications"}}" aria-label="{{ctx.Locale.Tr "notifications"}}">
  				<div class="tw-relative">
  					{{svg "octicon-bell"}}
 diff --git a/templates/shared/user/profile_big_avatar.tmpl b/templates/shared/user/profile_big_avatar.tmpl
-index f04f1ef6c4..7c2b376b00 100644
+index 91f04e0b53..e322e4a788 100644
 --- a/templates/shared/user/profile_big_avatar.tmpl
 +++ b/templates/shared/user/profile_big_avatar.tmpl
-@@ -127,9 +127,26 @@
+@@ -130,9 +130,26 @@
  						<a class="muted" href="{{AppSubUrl}}/user/settings/blocked_users">{{ctx.Locale.Tr "user.block.unblock"}}</a>
  					{{end}}
  				</li>
diff --git a/patches/0018-BLENDER-Add-Line-Length-indicator-for-cursor.patch b/patches/0016-BLENDER-Add-Line-Length-indicator-for-cursor.patch
similarity index 94%
rename from patches/0018-BLENDER-Add-Line-Length-indicator-for-cursor.patch
rename to patches/0016-BLENDER-Add-Line-Length-indicator-for-cursor.patch
index 6ef7dba0af5ad..ce619a1431f2b 100644
--- a/patches/0018-BLENDER-Add-Line-Length-indicator-for-cursor.patch
+++ b/patches/0016-BLENDER-Add-Line-Length-indicator-for-cursor.patch
@@ -1,7 +1,7 @@
-From a4538239196ba18215f569631d4a93e954826c73 Mon Sep 17 00:00:00 2001
+From 8466382c22d70c11c8b71a90263663411d59ddd6 Mon Sep 17 00:00:00 2001
 From: Bart van der Braak <bart@blender.org>
 Date: Fri, 2 May 2025 11:31:25 +0200
-Subject: [PATCH] BLENDER: Add Line Length indicator for cursor
+Subject: [PATCH 16/17] BLENDER: Add Line Length indicator for cursor
 
 ---
  templates/repo/editor/commit_form.tmpl        | 52 +++++++++++++++++++
@@ -9,7 +9,7 @@ Subject: [PATCH] BLENDER: Add Line Length indicator for cursor
  2 files changed, 90 insertions(+), 1 deletion(-)
 
 diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl
-index c050324e93..402e270483 100644
+index 8f46c47b96..20e19b2cec 100644
 --- a/templates/repo/editor/commit_form.tmpl
 +++ b/templates/repo/editor/commit_form.tmpl
 @@ -13,6 +13,58 @@
@@ -72,7 +72,7 @@ index c050324e93..402e270483 100644
  		<div class="inline field">
  			<div class="ui checkbox">
 diff --git a/web_src/js/components/PullRequestMergeForm.vue b/web_src/js/components/PullRequestMergeForm.vue
-index bafeec6c97..0c51711bc6 100644
+index 4f291f5ca1..efe37b21c7 100644
 --- a/web_src/js/components/PullRequestMergeForm.vue
 +++ b/web_src/js/components/PullRequestMergeForm.vue
 @@ -26,6 +26,12 @@ const mergeStyleAllowedCount = ref(0);
@@ -88,7 +88,7 @@ index bafeec6c97..0c51711bc6 100644
  const mergeButtonStyleClass = computed(() => {
    if (mergeForm.value.allOverridableChecksOk) return 'primary';
    return autoMergeWhenSucceed.value ? 'primary' : 'red';
-@@ -76,6 +82,22 @@ function switchMergeStyle(name, autoMerge = false) {
+@@ -76,6 +82,22 @@ function switchMergeStyle(name: string, autoMerge = false) {
  function clearMergeMessage() {
    mergeMessageFieldValue.value = mergeForm.value.defaultMergeMessage;
  }
diff --git a/patches/0019-BLENDER-Fine-tune-pages-considered-expensive.patch b/patches/0017-BLENDER-Fine-tune-pages-considered-expensive.patch
similarity index 79%
rename from patches/0019-BLENDER-Fine-tune-pages-considered-expensive.patch
rename to patches/0017-BLENDER-Fine-tune-pages-considered-expensive.patch
index 1766e26b3559c..e22a31c32905c 100644
--- a/patches/0019-BLENDER-Fine-tune-pages-considered-expensive.patch
+++ b/patches/0017-BLENDER-Fine-tune-pages-considered-expensive.patch
@@ -1,17 +1,17 @@
-From 782f25cfc87e87276eb8e0c701ace5d9f11bf6d7 Mon Sep 17 00:00:00 2001
+From 568e5d6fa3458021ec0eab5e96ba21738e4b0356 Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
 Date: Thu, 12 Jun 2025 14:43:47 +0200
-Subject: [PATCH] BLENDER: Fine tune pages considered expensive
+Subject: [PATCH 17/17] BLENDER: Fine tune pages considered expensive
 
 ---
- routers/common/blockexpensive.go | 35 ++++++++++++++++----------------
- 1 file changed, 17 insertions(+), 18 deletions(-)
+ routers/common/blockexpensive.go | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
 
 diff --git a/routers/common/blockexpensive.go b/routers/common/blockexpensive.go
-index ba11ff4cf9..32c60ef64c 100644
+index f52aa2b709..b0c3aee079 100644
 --- a/routers/common/blockexpensive.go
 +++ b/routers/common/blockexpensive.go
-@@ -39,29 +39,28 @@ func isRoutePathExpensive(routePattern string) bool {
+@@ -39,28 +39,28 @@ func isRoutePathExpensive(routePattern string) bool {
  	}
  
  	expensivePaths := []string{
@@ -31,17 +31,15 @@ index ba11ff4cf9..32c60ef64c 100644
 -		"/{username}/{reponame}/{type:issues}",
 -		"/{username}/{reponame}/pulls",
 -		"/{username}/{reponame}/{type:pulls}",
--		"/{username}/{reponame}/{type:issues|pulls}", // for 1.23 only
 -
 -		// wiki
 -		"/{username}/{reponame}/wiki/",
--
--		// activity
--		"/{username}/{reponame}/activity/",
 +		// activity, trailing slash removed
 +		"/{username}/{reponame}/activity",
- 	}
-+
++	}
+ 
+-		// activity
+-		"/{username}/{reponame}/activity/",
 +	if !(strings.HasPrefix(routePattern, "/blender/") ||
 +		strings.HasPrefix(routePattern, "/studio/") ||
 +		strings.HasPrefix(routePattern, "/extensions/") ||
@@ -53,11 +51,11 @@ index ba11ff4cf9..32c60ef64c 100644
 +			"/{username}/{reponame}/commits/",
 +			"/{username}/{reponame}/src/",
 +			"/{username}/{reponame}/raw/")
-+	}
+ 	}
 +
  	for _, path := range expensivePaths {
  		if strings.HasPrefix(routePattern, path) {
  			return true
 -- 
-2.45.2
+2.49.0
 
diff --git a/patches/0012-BLENDER-Edit-file-workflow-for-creating-a-fork-and-p.patch b/patches/0018-BLENDER-Edit-file-workflow-for-creating-a-fork-and-p.patch
similarity index 79%
rename from patches/0012-BLENDER-Edit-file-workflow-for-creating-a-fork-and-p.patch
rename to patches/0018-BLENDER-Edit-file-workflow-for-creating-a-fork-and-p.patch
index 228d61ca25ce7..c5e0aa1d71240 100644
--- a/patches/0012-BLENDER-Edit-file-workflow-for-creating-a-fork-and-p.patch
+++ b/patches/0018-BLENDER-Edit-file-workflow-for-creating-a-fork-and-p.patch
@@ -1,6 +1,6 @@
 From 5843b4bdb51b90c22777f49d7c730cf2429b9a7f Mon Sep 17 00:00:00 2001
 From: Brecht Van Lommel <brecht@blender.org>
-Date: Fri, 18 Apr 2025 03:26:24 +0200
+Date: Fri, 19 Jun 2025 00:00:00 +0200
 Subject: [PATCH 12/18] BLENDER: Edit file workflow for creating a fork and
  proposing changes
 
@@ -61,10 +61,10 @@ the base repository that does the right thing.
  create mode 100644 templates/repo/view_content.tmpl
 
 diff --git a/models/repo/repo.go b/models/repo/repo.go
-index c5060a419f..e581c1a18d 100644
+index 5aae02c6d8..34d1bf55f6 100644
 --- a/models/repo/repo.go
 +++ b/models/repo/repo.go
-@@ -614,7 +614,7 @@ func (repo *Repository) AllowsPulls(ctx context.Context) bool {
+@@ -653,7 +653,7 @@ func (repo *Repository) AllowsPulls(ctx context.Context) bool {
  
  // CanEnableEditor returns true if repository meets the requirements of web editor.
  func (repo *Repository) CanEnableEditor() bool {
@@ -74,18 +74,21 @@ index c5060a419f..e581c1a18d 100644
  
  // DescriptionHTML does special handles to description and return HTML string.
 diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
-index e28840277a..6b6f83a64b 100644
+index b9aae48f86..b885ddfd99 100644
 --- a/options/locale/locale_en-US.ini
 +++ b/options/locale/locale_en-US.ini
-@@ -1314,7 +1314,6 @@ editor.cannot_edit_non_text_files = Binary files cannot be edited in the web int
+@@ -1336,9 +1336,9 @@ editor.cannot_edit_non_text_files = Binary files cannot be edited in the web int
  editor.edit_this_file = Edit File
  editor.this_file_locked = File is locked
  editor.must_be_on_a_branch = You must be on a branch to make or propose changes to this file.
 -editor.fork_before_edit = You must fork this repository to make or propose changes to this file.
  editor.delete_this_file = Delete File
  editor.must_have_write_access = You must have write access to make or propose changes to this file.
++editor.must_be_signed_in = You must be signed in to make or propose changes.
  editor.file_delete_success = File "%s" has been deleted.
-@@ -1372,6 +1371,16 @@ editor.user_no_push_to_branch = User cannot push to branch
+ editor.name_your_file = Name your file…
+ editor.filename_help = Add a directory by typing its name followed by a slash ('/'). Remove a directory by typing backspace at the beginning of the input field.
+@@ -1396,6 +1396,15 @@ editor.user_no_push_to_branch = User cannot push to branch
  editor.require_signed_commit = Branch requires a signed commit
  editor.cherry_pick = Cherry-pick %s onto:
  editor.revert = Revert %s onto:
@@ -95,7 +98,6 @@ index e28840277a..6b6f83a64b 100644
 +editor.fork_failed_to_push_branch = Failed to push branch %s to your repoitory.
 +editor.cannot_find_editable_repo = Can not find repository to apply the edit to. Was it deleted while editing?
 +editor.fork_not_editable = Fork Repository Not Editable
-+editor.fork_internal_error = Internal error loading repository information about <b>%s</b>.
 +editor.fork_is_archived = Your repository <b>%s</b> is archived. Unarchive it in repository settings to make changes.
 +editor.fork_code_disabled = Code is disabled in your repository <b>%s</b>. Enable code in repository settings to make changes.
 +editor.fork_no_permission = You do not have permission to write to repository <b>%s</b>.
@@ -103,23 +105,23 @@ index e28840277a..6b6f83a64b 100644
  commits.desc = Browse source code change history.
  commits.commits = Commits
 diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
-index f937a475b3..a7592ca5aa 100644
+index b98863b418..7b7e2ff4db 100644
 --- a/routers/api/v1/api.go
 +++ b/routers/api/v1/api.go
-@@ -435,7 +435,7 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
+@@ -458,7 +458,7 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
  // reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin
  func reqRepoBranchWriter(ctx *context.APIContext) {
  	options, ok := web.GetForm(ctx).(api.FileOptionInterface)
 -	if !ok || (!ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, options.Branch()) && !ctx.IsUserSiteAdmin()) {
 +	if !ok || (!context.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.Repository, options.Branch()) && !ctx.IsUserSiteAdmin()) {
- 		ctx.Error(http.StatusForbidden, "reqRepoBranchWriter", "user should have a permission to write to this branch")
+ 		ctx.APIError(http.StatusForbidden, "user should have a permission to write to this branch")
  		return
  	}
 diff --git a/routers/api/v1/repo/file.go b/routers/api/v1/repo/file.go
-index 4aed2e5e92..f303f43b03 100644
+index f40d39a251..9431e8f36f 100644
 --- a/routers/api/v1/repo/file.go
 +++ b/routers/api/v1/repo/file.go
-@@ -413,7 +413,7 @@ func GetEditorconfig(ctx *context.APIContext) {
+@@ -407,7 +407,7 @@ func GetEditorconfig(ctx *context.APIContext) {
  
  // canWriteFiles returns true if repository is editable and user has proper access level.
  func canWriteFiles(ctx *context.APIContext, branch string) bool {
@@ -129,7 +131,7 @@ index 4aed2e5e92..f303f43b03 100644
  		!ctx.Repo.Repository.IsArchived
  }
 diff --git a/routers/web/repo/cherry_pick.go b/routers/web/repo/cherry_pick.go
-index 61aff78d49..f29105b070 100644
+index 690b830bc2..bc1fd1c14e 100644
 --- a/routers/web/repo/cherry_pick.go
 +++ b/routers/web/repo/cherry_pick.go
 @@ -47,7 +47,7 @@ func CherryPick(ctx *context.Context) {
@@ -149,7 +151,7 @@ index 61aff78d49..f29105b070 100644
 +	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx, ctx.Repo.Repository)
  	ctx.Data["last_commit"] = ctx.Repo.CommitID
  	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
- 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+ 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()
 @@ -75,7 +75,7 @@ func CherryPickPost(ctx *context.Context) {
  		ctx.Data["CherryPickType"] = "cherry-pick"
  	}
@@ -160,7 +162,7 @@ index 61aff78d49..f29105b070 100644
  	if form.CommitChoice == frmCommitChoiceNewBranch {
  		branchName = form.NewBranchName
 diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
-index 9396115b0d..2f4a6fb3d2 100644
+index cbcb3a3b21..1ed49793d2 100644
 --- a/routers/web/repo/editor.go
 +++ b/routers/web/repo/editor.go
 @@ -1,4 +1,5 @@
@@ -169,7 +171,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  // SPDX-License-Identifier: MIT
  
  package repo
-@@ -41,37 +42,47 @@ const (
+@@ -39,37 +40,47 @@ const (
  	frmCommitChoiceNewBranch string = "commit-to-new-branch"
  )
  
@@ -227,7 +229,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  		}
  
  		if redirectToPullRequest {
-@@ -84,7 +95,7 @@ func redirectForCommitChoice(ctx *context.Context, commitChoice, newBranchName,
+@@ -82,7 +93,7 @@ func redirectForCommitChoice(ctx *context.Context, commitChoice, newBranchName,
  
  	ctx.RedirectToCurrentSite(
  		returnURI,
@@ -236,7 +238,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  	)
  }
  
-@@ -104,10 +115,15 @@ func getParentTreeFields(treePath string) (treeNames, treePaths []string) {
+@@ -112,8 +123,14 @@ func editFileCommon(ctx *context.Context, isNewFile bool) {
  }
  
  func editFile(ctx *context.Context, isNewFile bool) {
@@ -245,40 +247,37 @@ index 9396115b0d..2f4a6fb3d2 100644
 +		return
 +	}
 +
- 	ctx.Data["PageIsViewCode"] = true
- 	ctx.Data["PageIsEdit"] = true
- 	ctx.Data["IsNewFile"] = isNewFile
+ 	editFileCommon(ctx, isNewFile)
 -	canCommit := renderCommitRights(ctx)
++
 +	canCommit := renderCommitRights(ctx, editRepo)
  
  	treePath := cleanUploadFileName(ctx.Repo.TreePath)
  	if treePath != ctx.Repo.TreePath {
-@@ -189,7 +205,7 @@ func editFile(ctx *context.Context, isNewFile bool) {
- 	} else {
- 		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
- 	}
+@@ -189,7 +206,7 @@ func editFile(ctx *context.Context, isNewFile bool) {
+ 	ctx.Data["commit_summary"] = ""
+ 	ctx.Data["commit_message"] = ""
+ 	ctx.Data["commit_choice"] = util.Iif(canCommit, frmCommitChoiceDirect, frmCommitChoiceNewBranch)
 -	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx)
 +	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx, editRepo)
  	ctx.Data["last_commit"] = ctx.Repo.CommitID
- 	ctx.Data["PreviewableExtensions"] = strings.Join(markup.PreviewableExtensions(), ",")
- 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
-@@ -225,7 +241,6 @@ func NewFile(ctx *context.Context) {
- }
+ 
+ 	ctx.Data["EditorconfigJson"] = GetEditorConfig(ctx, treePath)
+@@ -222,9 +239,9 @@ func NewFile(ctx *context.Context) {
  
  func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile bool) {
+ 	editFileCommon(ctx, isNewFile)
++
+ 	ctx.Data["PageHasPosted"] = true
+ 
 -	canCommit := renderCommitRights(ctx)
  	treeNames, treePaths := getParentTreeFields(form.TreePath)
  	branchName := ctx.Repo.BranchName
  	if form.CommitChoice == frmCommitChoiceNewBranch {
-@@ -254,11 +269,15 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
+@@ -247,11 +264,15 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
  		return
  	}
  
--	// Cannot commit to a an existing branch if user doesn't have rights
--	if branchName == ctx.Repo.BranchName && !canCommit {
--		ctx.Data["Err_NewBranchName"] = true
--		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
--		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplEditFile, &form)
 +	editRepo := getEditRepositoryOrError(ctx, tplEditFile, &form)
 +	if editRepo == nil {
 +		return
@@ -286,12 +285,16 @@ index 9396115b0d..2f4a6fb3d2 100644
 +
 +	renderCommitRights(ctx, editRepo)
 +
-+	// Cannot commit to an existing branch if user doesn't have rights
+ 	// Cannot commit to an existing branch if user doesn't have rights
+-	if branchName == ctx.Repo.BranchName && !canCommit {
+-		ctx.Data["Err_NewBranchName"] = true
+-		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+-		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplEditFile, &form)
 +	if !canPushToEditRepository(ctx, editRepo, branchName, form.CommitChoice, tplEditFile, &form) {
  		return
  	}
  
-@@ -282,9 +301,14 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
+@@ -282,9 +303,14 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
  		operation = "create"
  	}
  
@@ -308,23 +311,16 @@ index 9396115b0d..2f4a6fb3d2 100644
  		NewBranch:    branchName,
  		Message:      message,
  		Files: []*files_service.ChangeRepoFile{
-@@ -374,13 +398,9 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
+@@ -376,7 +402,7 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
  		}
  	}
  
--	if ctx.Repo.Repository.IsEmpty {
--		if isEmpty, err := ctx.Repo.GitRepo.IsEmpty(); err == nil && !isEmpty {
--			_ = repo_model.UpdateRepositoryCols(ctx, &repo_model.Repository{ID: ctx.Repo.Repository.ID, IsEmpty: false}, "is_empty")
--		}
--	}
-+	updateEditRepositoryIsEmpty(ctx, editRepo)
- 
 -	redirectForCommitChoice(ctx, form.CommitChoice, branchName, form.TreePath)
 +	redirectForCommitChoice(ctx, editRepo, form.CommitChoice, branchName, form.TreePath)
  }
  
  // EditFilePost response for editing file
-@@ -428,6 +448,11 @@ func DiffPreviewPost(ctx *context.Context) {
+@@ -424,6 +450,11 @@ func DiffPreviewPost(ctx *context.Context) {
  
  // DeleteFile render delete file page
  func DeleteFile(ctx *context.Context) {
@@ -334,9 +330,9 @@ index 9396115b0d..2f4a6fb3d2 100644
 +	}
 +
  	ctx.Data["PageIsDelete"] = true
- 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+ 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()
  	treePath := cleanUploadFileName(ctx.Repo.TreePath)
-@@ -438,7 +463,7 @@ func DeleteFile(ctx *context.Context) {
+@@ -434,7 +465,7 @@ func DeleteFile(ctx *context.Context) {
  	}
  
  	ctx.Data["TreePath"] = treePath
@@ -345,7 +341,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  
  	ctx.Data["commit_summary"] = ""
  	ctx.Data["commit_message"] = ""
-@@ -448,7 +473,7 @@ func DeleteFile(ctx *context.Context) {
+@@ -444,7 +475,7 @@ func DeleteFile(ctx *context.Context) {
  	} else {
  		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
  	}
@@ -354,7 +350,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  
  	ctx.HTML(http.StatusOK, tplDeleteFile)
  }
-@@ -456,7 +481,6 @@ func DeleteFile(ctx *context.Context) {
+@@ -452,7 +483,6 @@ func DeleteFile(ctx *context.Context) {
  // DeleteFilePost response for deleting file
  func DeleteFilePost(ctx *context.Context) {
  	form := web.GetForm(ctx).(*forms.DeleteRepoFileForm)
@@ -362,7 +358,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  	branchName := ctx.Repo.BranchName
  	if form.CommitChoice == frmCommitChoiceNewBranch {
  		branchName = form.NewBranchName
-@@ -476,10 +500,15 @@ func DeleteFilePost(ctx *context.Context) {
+@@ -472,10 +502,15 @@ func DeleteFilePost(ctx *context.Context) {
  		return
  	}
  
@@ -382,8 +378,8 @@ index 9396115b0d..2f4a6fb3d2 100644
  		return
  	}
  
-@@ -492,9 +521,14 @@ func DeleteFilePost(ctx *context.Context) {
- 		message += "\n\n" + form.CommitMessage
+@@ -495,9 +530,14 @@ func DeleteFilePost(ctx *context.Context) {
+ 		return
  	}
  
 -	if _, err := files_service.ChangeRepoFiles(ctx, ctx.Repo.Repository, ctx.Doer, &files_service.ChangeRepoFilesOptions{
@@ -399,7 +395,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  		NewBranch:    branchName,
  		Files: []*files_service.ChangeRepoFile{
  			{
-@@ -582,14 +616,19 @@ func DeleteFilePost(ctx *context.Context) {
+@@ -587,14 +627,19 @@ func DeleteFilePost(ctx *context.Context) {
  		}
  	}
  
@@ -421,7 +417,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  	treePath := cleanUploadFileName(ctx.Repo.TreePath)
  	if treePath != ctx.Repo.TreePath {
  		ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_upload", util.PathEscapeSegments(ctx.Repo.BranchName), util.PathEscapeSegments(treePath)))
-@@ -613,7 +652,7 @@ func UploadFile(ctx *context.Context) {
+@@ -618,7 +663,7 @@ func UploadFile(ctx *context.Context) {
  	} else {
  		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
  	}
@@ -430,7 +426,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  
  	ctx.HTML(http.StatusOK, tplUploadFile)
  }
-@@ -623,11 +662,8 @@ func UploadFilePost(ctx *context.Context) {
+@@ -628,11 +673,8 @@ func UploadFilePost(ctx *context.Context) {
  	form := web.GetForm(ctx).(*forms.UploadRepoFileForm)
  	ctx.Data["PageIsUpload"] = true
  	upload.AddUploadContext(ctx, "repo")
@@ -443,12 +439,12 @@ index 9396115b0d..2f4a6fb3d2 100644
  	if form.CommitChoice == frmCommitChoiceNewBranch {
  		branchName = form.NewBranchName
  	}
-@@ -654,16 +690,14 @@ func UploadFilePost(ctx *context.Context) {
+@@ -659,16 +701,14 @@ func UploadFilePost(ctx *context.Context) {
  		return
  	}
  
 -	if oldBranchName != branchName {
--		if _, err := ctx.Repo.GitRepo.GetBranch(branchName); err == nil {
+-		if exist, err := git_model.IsBranchExist(ctx, ctx.Repo.Repository.ID, branchName); err == nil && exist {
 -			ctx.Data["Err_NewBranchName"] = true
 -			ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchName), tplUploadFile, &form)
 -			return
@@ -468,8 +464,8 @@ index 9396115b0d..2f4a6fb3d2 100644
  		return
  	}
  
-@@ -703,9 +737,14 @@ func UploadFilePost(ctx *context.Context) {
- 		message += "\n\n" + form.CommitMessage
+@@ -715,9 +755,14 @@ func UploadFilePost(ctx *context.Context) {
+ 		return
  	}
  
 -	if err := files_service.UploadRepoFiles(ctx, ctx.Repo.Repository, ctx.Doer, &files_service.UploadRepoFileOptions{
@@ -485,7 +481,7 @@ index 9396115b0d..2f4a6fb3d2 100644
  		NewBranch:    branchName,
  		TreePath:     form.TreePath,
  		Message:      message,
-@@ -762,19 +801,15 @@ func UploadFilePost(ctx *context.Context) {
+@@ -776,19 +821,15 @@ func UploadFilePost(ctx *context.Context) {
  			}
  		} else {
  			// os.ErrNotExist - upload file missing in the intervening time?!
@@ -498,33 +494,17 @@ index 9396115b0d..2f4a6fb3d2 100644
  
 -	if ctx.Repo.Repository.IsEmpty {
 -		if isEmpty, err := ctx.Repo.GitRepo.IsEmpty(); err == nil && !isEmpty {
--			_ = repo_model.UpdateRepositoryCols(ctx, &repo_model.Repository{ID: ctx.Repo.Repository.ID, IsEmpty: false}, "is_empty")
+-			_ = repo_model.UpdateRepositoryColsWithAutoTime(ctx, &repo_model.Repository{ID: ctx.Repo.Repository.ID, IsEmpty: false}, "is_empty")
 -		}
 -	}
-+	updateEditRepositoryIsEmpty(ctx, editRepo)
++	markRepositoryAsNonEmpty(ctx, editRepo) // a file has been uploaded, so the repository is no longer empty
  
 -	redirectForCommitChoice(ctx, form.CommitChoice, branchName, form.TreePath)
 +	redirectForCommitChoice(ctx, editRepo, form.CommitChoice, branchName, form.TreePath)
  }
  
  func cleanUploadFileName(name string) string {
-@@ -790,6 +825,7 @@ func cleanUploadFileName(name string) string {
- }
- 
- // UploadFileToServer upload file to server file dir not git
-+// This is independent of any repository, no repository permissions are checked to call this.
- func UploadFileToServer(ctx *context.Context) {
- 	file, header, err := ctx.Req.FormFile("file")
- 	if err != nil {
-@@ -829,6 +865,7 @@ func UploadFileToServer(ctx *context.Context) {
- }
- 
- // RemoveUploadFileFromServer remove file from server file dir
-+// This is independent of any repository, no repository permissions are checked to call this.
- func RemoveUploadFileFromServer(ctx *context.Context) {
- 	form := web.GetForm(ctx).(*forms.RemoveUploadFileForm)
- 	if len(form.File) == 0 {
-@@ -849,16 +886,15 @@ func RemoveUploadFileFromServer(ctx *context.Context) {
+@@ -863,11 +904,11 @@ func RemoveUploadFileFromServer(ctx *context.Context) {
  // It will be in the form of <username>-patch-<num> where <num> is the first branch of this format
  // that doesn't already exist. If we exceed 1000 tries or an error is thrown, we just return "" so the user has to
  // type in the branch name themselves (will be an empty field)
@@ -533,20 +513,13 @@ index 9396115b0d..2f4a6fb3d2 100644
  	prefix := ctx.Doer.LowerName + "-patch-"
  	for i := 1; i <= 1000; i++ {
  		branchName := fmt.Sprintf("%s%d", prefix, i)
--		if _, err := ctx.Repo.GitRepo.GetBranch(branchName); err != nil {
--			if git.IsErrBranchNotExist(err) {
--				return branchName
--			}
+-		if exist, err := git_model.IsBranchExist(ctx, ctx.Repo.Repository.ID, branchName); err != nil {
 +		if exist, err := git_model.IsBranchExist(ctx, editRepo.ID, branchName); err != nil {
  			log.Error("GetUniquePatchBranchName: %v", err)
  			return ""
-+		} else if !exist {
-+			return branchName
- 		}
- 	}
- 	return ""
+ 		} else if !exist {
 diff --git a/routers/web/repo/editor_test.go b/routers/web/repo/editor_test.go
-index 68d69408ac..9ada3b0532 100644
+index 89bf8f309c..c54648c51e 100644
 --- a/routers/web/repo/editor_test.go
 +++ b/routers/web/repo/editor_test.go
 @@ -51,7 +51,7 @@ func TestGetUniquePatchBranchName(t *testing.T) {
@@ -559,10 +532,10 @@ index 68d69408ac..9ada3b0532 100644
  }
  
 diff --git a/routers/web/repo/fork.go b/routers/web/repo/fork.go
-index 86af705617..2fbc6286dc 100644
+index 79f033659b..699e67bd09 100644
 --- a/routers/web/repo/fork.go
 +++ b/routers/web/repo/fork.go
-@@ -160,17 +160,30 @@ func ForkPost(ctx *context.Context) {
+@@ -155,17 +155,30 @@ func ForkPost(ctx *context.Context) {
  		return
  	}
  
@@ -579,15 +552,16 @@ index 86af705617..2fbc6286dc 100644
 +	ctx.Redirect(ctxUser.HomeLink() + "/" + url.PathEscape(repo.Name))
 +}
 +
-+func forkRepositoryOrError(ctx *context.Context, user *user_model.User, opts repo_service.ForkRepoOptions, tpl base.TplName, form any) *repo_model.Repository {
++func forkRepositoryOrError(ctx *context.Context, user *user_model.User, opts repo_service.ForkRepoOptions, tpl templates.TplName, form any) *repo_model.Repository {
  	var err error
 -	traverseParentRepo := forkRepo
 +	traverseParentRepo := opts.BaseRepo
  	for {
 -		if !repository.CanUserForkBetweenOwners(ctxUser.ID, traverseParentRepo.OwnerID) {
-+		if !repository.CanUserForkBetweenOwners(user.ID, traverseParentRepo.OwnerID) {
- 			ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), tplFork, &form)
+-			ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), tplFork, &form)
 -			return
++		if !repository.CanUserForkBetweenOwners(user.ID, traverseParentRepo.OwnerID) {
++			ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), tpl, form)
 +			return nil
  		}
 -		repo := repo_model.GetForkedRepo(ctx, ctxUser.ID, traverseParentRepo.ID)
@@ -595,11 +569,11 @@ index 86af705617..2fbc6286dc 100644
  		if repo != nil {
 -			ctx.Redirect(ctxUser.HomeLink() + "/" + url.PathEscape(repo.Name))
 -			return
-+			return nil
++			return repo
  		}
  		if !traverseParentRepo.IsFork {
  			break
-@@ -178,60 +191,55 @@ func ForkPost(ctx *context.Context) {
+@@ -173,60 +186,55 @@ func ForkPost(ctx *context.Context) {
  		traverseParentRepo, err = repo_model.GetRepositoryByID(ctx, traverseParentRepo.ForkID)
  		if err != nil {
  			ctx.ServerError("GetRepositoryByID", err)
@@ -618,7 +592,7 @@ index 86af705617..2fbc6286dc 100644
 -			return
 +			return nil
  		} else if !isAllowedToFork {
- 			ctx.Error(http.StatusForbidden)
+ 			ctx.HTTPError(http.StatusForbidden)
 -			return
 +			return nil
  		}
@@ -681,10 +655,10 @@ index 86af705617..2fbc6286dc 100644
  }
 diff --git a/routers/web/repo/fork_to_edit.go b/routers/web/repo/fork_to_edit.go
 new file mode 100644
-index 0000000000..c6162ae5a4
+index 0000000000..9e8fd146e7
 --- /dev/null
 +++ b/routers/web/repo/fork_to_edit.go
-@@ -0,0 +1,241 @@
+@@ -0,0 +1,188 @@
 +// Copyright 2016 The Gogs Authors. All rights reserved.
 +// Copyright 2025 The Gitea Authors. All rights reserved.
 +// SPDX-License-Identifier: MIT
@@ -695,17 +669,13 @@ index 0000000000..c6162ae5a4
 +	"fmt"
 +	"net/http"
 +	"path"
-+	"strings"
 +
 +	git_model "code.gitea.io/gitea/models/git"
-+	access_model "code.gitea.io/gitea/models/perm/access"
 +	repo_model "code.gitea.io/gitea/models/repo"
-+	"code.gitea.io/gitea/models/unit"
-+	"code.gitea.io/gitea/modules/base"
 +	"code.gitea.io/gitea/modules/git"
-+	"code.gitea.io/gitea/modules/gitrepo"
 +	"code.gitea.io/gitea/modules/log"
 +	repo_module "code.gitea.io/gitea/modules/repository"
++	"code.gitea.io/gitea/modules/templates"
 +	"code.gitea.io/gitea/modules/util"
 +	"code.gitea.io/gitea/modules/web"
 +	"code.gitea.io/gitea/services/context"
@@ -714,90 +684,51 @@ index 0000000000..c6162ae5a4
 +)
 +
 +const (
-+	tplForkFile base.TplName = "repo/editor/fork"
++	tplForkFile templates.TplName = "repo/editor/fork"
 +)
 +
-+// getEditRepository returns the repository where the actual edits will be written to.
-+// This may be a fork of the repository owned by the user. If no repository can be found
-+// for editing, nil is returned along with a message explaining why editing is not possible.
-+func getEditRepository(ctx *context.Context) (*repo_model.Repository, any) {
-+	if context.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName) {
-+		return ctx.Repo.Repository, nil
-+	}
-+
-+	// If we can't write to the branch, try find a user fork to create a branch in instead
-+	userRepo, err := repo_model.GetUserFork(ctx, ctx.Repo.Repository.ID, ctx.Doer.ID)
-+	if err != nil {
-+		log.Error("GetUserFork: %v", err)
-+		return nil, nil
-+	}
-+	if userRepo == nil {
-+		return nil, nil
-+	}
-+
-+	// Load repository information
-+	if err := userRepo.LoadOwner(ctx); err != nil {
-+		log.Error("LoadOwner: %v", err)
-+		return nil, ctx.Tr("repo.editor.fork_internal_error", userRepo.FullName())
-+	}
-+	if err := userRepo.GetBaseRepo(ctx); err != nil || userRepo.BaseRepo == nil {
-+		if err != nil {
-+			log.Error("GetBaseRepo: %v", err)
-+		} else {
-+			log.Error("GetBaseRepo: Expected a base repo for user fork", err)
-+		}
-+		return nil, ctx.Tr("repo.editor.fork_internal_error", userRepo.FullName())
-+	}
-+
-+	// Check code unit, archiving and permissions.
-+	if !userRepo.UnitEnabled(ctx, unit.TypeCode) {
-+		return nil, ctx.Tr("repo.editor.fork_code_disabled", userRepo.FullName())
-+	}
-+	if userRepo.IsArchived {
-+		return nil, ctx.Tr("repo.editor.fork_is_archived", userRepo.FullName())
-+	}
-+	permission, err := access_model.GetUserRepoPermission(ctx, userRepo, ctx.Doer)
++// getEditRepositoryOrFork returns the repository where the edits will be written to.
++// If no repository is editable, redirects to a page to create a fork.
++func getEditRepositoryOrFork(ctx *context.Context, editOperation string) *repo_model.Repository {
++	editRepo, msg, err := context.GetEditableRepository(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName)
 +	if err != nil {
-+		log.Error("access_model.GetUserRepoPermission: %v", err)
-+		return nil, ctx.Tr("repo.editor.fork_internal_error", userRepo.FullName())
++		ctx.ServerError("getEditRepository", err)
++		return nil
 +	}
-+	if !permission.CanWrite(unit.TypeCode) {
-+		return nil, ctx.Tr("repo.editor.fork_no_permission", userRepo.FullName())
++	if editRepo == nil {
++		// No editable repository, suggest to create a fork
++		forkToEditFileCommon(ctx, editOperation, ctx.Repo.TreePath, msg)
++		ctx.HTML(http.StatusOK, tplForkFile)
++		return nil
 +	}
-+
-+	ctx.Data["ForkRepo"] = userRepo
-+	return userRepo, nil
-+}
-+
-+// GetEditRepository returns the repository where the edits will be written to.
-+// If no repository is editable, redirects to a page to create a fork.
-+func getEditRepositoryOrFork(ctx *context.Context, editOperation string) *repo_model.Repository {
-+	editRepo, notEditableMessage := getEditRepository(ctx)
-+	if editRepo != nil {
-+		return editRepo
++	if editRepo.ID != ctx.Repo.Repository.ID {
++		ctx.Data["ForkRepo"] = editRepo
 +	}
-+
-+	// No editable repository, suggest to create a fork
-+	forkToEditFileCommon(ctx, editOperation, ctx.Repo.TreePath, notEditableMessage)
-+	ctx.HTML(http.StatusOK, tplForkFile)
-+	return nil
++	return editRepo
 +}
 +
-+// GetEditRepository returns the repository where the edits will be written to.
++// getEditRepositoryOrError returns the repository where the edits will be written to.
 +// If no repository is editable, display an error.
-+func getEditRepositoryOrError(ctx *context.Context, tpl base.TplName, form any) *repo_model.Repository {
-+	editRepo, _ := getEditRepository(ctx)
++func getEditRepositoryOrError(ctx *context.Context, tpl templates.TplName, form any) *repo_model.Repository {
++	editRepo, _, err := context.GetEditableRepository(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName)
++	if err != nil {
++		ctx.ServerError("getEditRepository", err)
++		return nil
++	}
 +	if editRepo == nil {
 +		// No editable repo, maybe the fork was deleted in the meantime
 +		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_find_editable_repo"), tpl, form)
 +		return nil
 +	}
++	if editRepo.ID != ctx.Repo.Repository.ID {
++		ctx.Data["ForkRepo"] = editRepo
++	}
 +	return editRepo
 +}
 +
 +// CheckPushEditBranch chesk if pushing to the branch in the edit repository is possible,
 +// and if not renders an error and returns false.
-+func canPushToEditRepository(ctx *context.Context, editRepo *repo_model.Repository, branchName, commitChoice string, tpl base.TplName, form any) bool {
++func canPushToEditRepository(ctx *context.Context, editRepo *repo_model.Repository, branchName, commitChoice string, tpl templates.TplName, form any) bool {
 +	// When pushing to a fork or chosing to commit to a new branch, it should not exist yet
 +	if editRepo.ID != ctx.Repo.Repository.ID || commitChoice == frmCommitChoiceNewBranch {
 +		if exist, err := git_model.IsBranchExist(ctx, editRepo.ID, branchName); err == nil && exist {
@@ -824,8 +755,8 @@ index 0000000000..c6162ae5a4
 +// pushToEditRepositoryOrError pushes the branch that editing will be applied on top of
 +// to the user fork, if needed. On failure, it displays and returns an error. The
 +// branch name to be used for editing is returned.
-+func pushToEditRepositoryOrError(ctx *context.Context, editRepo *repo_model.Repository, branchName string, tpl base.TplName, form any) (string, error) {
-+	// If editing the repository, no need to push anything
++func pushToEditRepositoryOrError(ctx *context.Context, editRepo *repo_model.Repository, branchName string, tpl templates.TplName, form any) (string, error) {
++	// If editing the same repository, no need to push anything
 +	if editRepo.ID == ctx.Repo.Repository.ID {
 +		return ctx.Repo.BranchName, nil
 +	}
@@ -848,51 +779,41 @@ index 0000000000..c6162ae5a4
 +	return branchName, nil
 +}
 +
-+// updateEditRepositoryIsEmpty updates the the edit repository to mark it as no longer empty
-+func updateEditRepositoryIsEmpty(ctx *context.Context, editRepo *repo_model.Repository) {
++// markRepositoryAsNonEmpty marks the repository as no longer empty
++func markRepositoryAsNonEmpty(ctx *context.Context, editRepo *repo_model.Repository) {
 +	if !editRepo.IsEmpty {
 +		return
 +	}
 +
-+	editGitRepo, err := gitrepo.OpenRepository(git.DefaultContext, editRepo)
-+	if err != nil {
-+		log.Error("gitrepo.OpenRepository: %v", err)
-+		return
-+	}
-+	if editGitRepo == nil {
-+		return
-+	}
-+
-+	if isEmpty, err := editGitRepo.IsEmpty(); err == nil && !isEmpty {
-+		_ = repo_model.UpdateRepositoryCols(ctx, &repo_model.Repository{ID: editRepo.ID, IsEmpty: false}, "is_empty")
-+	}
-+	editGitRepo.Close()
++	_ = repo_model.UpdateRepositoryColsWithAutoTime(ctx, &repo_model.Repository{ID: editRepo.ID, IsEmpty: false}, "is_empty")
 +}
 +
-+func forkToEditFileCommon(ctx *context.Context, editOperation, treePath string, notEditableMessage any) {
-+	// Check if the filename (and additional path) is specified in the querystring
-+	// (filename is a misnomer, but kept for compatibility with GitHub)
-+	filePath, _ := path.Split(ctx.Req.URL.Query().Get("filename"))
-+	filePath = strings.Trim(filePath, "/")
-+	treeNames, treePaths := getParentTreeFields(path.Join(ctx.Repo.TreePath, filePath))
++func forkToEditFileCommon(ctx *context.Context, editOperation, treePath string, msg context.RepositoryNotEditableMessage) {
++	treeNames, treePaths := getParentTreeFields(treePath)
 +
 +	ctx.Data["EditOperation"] = editOperation
 +	ctx.Data["TreePath"] = treePath
 +	ctx.Data["TreeNames"] = treeNames
 +	ctx.Data["TreePaths"] = treePaths
-+	ctx.Data["CanForkRepo"] = notEditableMessage == nil
-+	ctx.Data["NotEditableMessage"] = notEditableMessage
++
++	canForkRepo := msg.Reason == ""
++	ctx.Data["CanForkRepo"] = canForkRepo
++	if !canForkRepo {
++		ctx.Data["NotEditableMessage"] = ctx.Tr(msg.Reason, msg.Repository)
++	}
 +}
 +
 +func ForkToEditFilePost(ctx *context.Context) {
 +	form := web.GetForm(ctx).(*forms.ForkToEditRepoFileForm)
 +
-+	editRepo, notEditableMessage := getEditRepository(ctx)
-+
-+	ctx.Data["PageHasPosted"] = true
++	editRepo, msg, err := context.GetEditableRepository(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName)
++	if err != nil {
++		ctx.ServerError("getEditRepository", err)
++		return
++	}
 +
 +	// Fork repository, if it doesn't already exist
-+	if editRepo == nil && notEditableMessage == nil {
++	if editRepo == nil && msg.Reason == "" {
 +		forkRepo := forkRepositoryOrError(ctx, ctx.Doer, repo_service.ForkRepoOptions{
 +			BaseRepo:     ctx.Repo.Repository,
 +			Name:         getUniqueRepositoryName(ctx, ctx.Repo.Repository.Name),
@@ -900,7 +821,7 @@ index 0000000000..c6162ae5a4
 +			SingleBranch: ctx.Repo.BranchName,
 +		}, tplForkFile, form)
 +		if forkRepo == nil {
-+			forkToEditFileCommon(ctx, form.EditOperation, form.TreePath, notEditableMessage)
++			forkToEditFileCommon(ctx, form.EditOperation, form.TreePath, msg)
 +			ctx.HTML(http.StatusOK, tplForkFile)
 +			return
 +		}
@@ -927,7 +848,7 @@ index 0000000000..c6162ae5a4
 +	}
 +}
 diff --git a/routers/web/repo/patch.go b/routers/web/repo/patch.go
-index 0dee02dd9c..6cd027ee61 100644
+index ca346b7e6c..f673f0469a 100644
 --- a/routers/web/repo/patch.go
 +++ b/routers/web/repo/patch.go
 @@ -24,7 +24,12 @@ const (
@@ -952,7 +873,7 @@ index 0dee02dd9c..6cd027ee61 100644
 +	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx, editRepo)
  	ctx.Data["last_commit"] = ctx.Repo.CommitID
  	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
- 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+ 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()
 @@ -47,7 +52,6 @@ func NewDiffPatch(ctx *context.Context) {
  func NewDiffPatchPost(ctx *context.Context) {
  	form := web.GetForm(ctx).(*forms.EditRepoFileForm)
@@ -965,11 +886,6 @@ index 0dee02dd9c..6cd027ee61 100644
  		return
  	}
  
--	// Cannot commit to a an existing branch if user doesn't have rights
--	if branchName == ctx.Repo.BranchName && !canCommit {
--		ctx.Data["Err_NewBranchName"] = true
--		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
--		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplEditFile, &form)
 +	editRepo := getEditRepositoryOrError(ctx, tplPatchFile, &form)
 +	if editRepo == nil {
 +		return
@@ -977,13 +893,17 @@ index 0dee02dd9c..6cd027ee61 100644
 +
 +	renderCommitRights(ctx, editRepo)
 +
-+	// Cannot commit to an existing branch if user doesn't have rights
+ 	// Cannot commit to an existing branch if user doesn't have rights
+-	if branchName == ctx.Repo.BranchName && !canCommit {
+-		ctx.Data["Err_NewBranchName"] = true
+-		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+-		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplEditFile, &form)
 +	if !canPushToEditRepository(ctx, editRepo, branchName, form.CommitChoice, tplPatchFile, &form) {
  		return
  	}
  
-@@ -87,9 +95,14 @@ func NewDiffPatchPost(ctx *context.Context) {
- 		message += "\n\n" + form.CommitMessage
+@@ -94,9 +102,14 @@ func NewDiffPatchPost(ctx *context.Context) {
+ 		return
  	}
  
 -	fileResponse, err := files.ApplyDiffPatch(ctx, ctx.Repo.Repository, ctx.Doer, &files.ApplyDiffPatchOptions{
@@ -999,7 +919,7 @@ index 0dee02dd9c..6cd027ee61 100644
  		NewBranch:    branchName,
  		Message:      message,
  		Content:      strings.ReplaceAll(form.Content, "\r", ""),
-@@ -110,7 +123,8 @@ func NewDiffPatchPost(ctx *context.Context) {
+@@ -119,7 +132,8 @@ func NewDiffPatchPost(ctx *context.Context) {
  	}
  
  	if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(ctx, unit.TypePullRequests) {
@@ -1009,18 +929,30 @@ index 0dee02dd9c..6cd027ee61 100644
  	} else {
  		ctx.Redirect(ctx.Repo.RepoLink + "/commit/" + fileResponse.Commit.SHA)
  	}
+diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
+index 86f4f0167f..5af5b29376 100644
+--- a/routers/web/repo/pull.go
++++ b/routers/web/repo/pull.go
+@@ -910,6 +910,7 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
+ 				}
+ 
+ 				if perm.CanWrite(unit.TypeCode) || issues_model.CanMaintainerWriteToBranch(ctx, perm, pull.HeadBranch, ctx.Doer) {
++					ctx.Data["CanEnableEditor"] = ctx.Repo.Repository.CanEnableEditor()
+ 					ctx.Data["CanEditFile"] = true
+ 					ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.edit_this_file")
+ 					ctx.Data["HeadRepoLink"] = pull.HeadRepo.Link()
 diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
-index 0b57547c9c..599dced7d8 100644
+index ee112b83f2..5ec475b8fe 100644
 --- a/routers/web/repo/repo.go
 +++ b/routers/web/repo/repo.go
-@@ -50,21 +50,6 @@ func MustBeNotEmpty(ctx *context.Context) {
+@@ -49,21 +49,6 @@ func MustBeNotEmpty(ctx *context.Context) {
  	}
  }
  
 -// MustBeEditable check that repo can be edited
 -func MustBeEditable(ctx *context.Context) {
--	if !ctx.Repo.Repository.CanEnableEditor() || ctx.Repo.IsViewCommit {
--		ctx.NotFound("", nil)
+-	if !ctx.Repo.Repository.CanEnableEditor() {
+-		ctx.NotFound(nil)
 -		return
 -	}
 -}
@@ -1028,7 +960,7 @@ index 0b57547c9c..599dced7d8 100644
 -// MustBeAbleToUpload check that repo can be uploaded to
 -func MustBeAbleToUpload(ctx *context.Context) {
 -	if !setting.Repository.Upload.Enabled {
--		ctx.NotFound("", nil)
+-		ctx.NotFound(nil)
 -	}
 -}
 -
@@ -1036,78 +968,110 @@ index 0b57547c9c..599dced7d8 100644
  	var err error
  	ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)
 diff --git a/routers/web/repo/view_file.go b/routers/web/repo/view_file.go
-index 63a117b60c..8901b34ad3 100644
+index 3df6051975..2dbf81e9b6 100644
 --- a/routers/web/repo/view_file.go
 +++ b/routers/web/repo/view_file.go
-@@ -223,7 +223,7 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
+@@ -147,6 +147,9 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
+ 		ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.cannot_edit_non_text_files")
+ 	}
+ 
++	canEnableEditor := ctx.Repo.CanEnableEditor(ctx, ctx.Doer)
++	ctx.Data["CanEnableEditor"] = canEnableEditor
++
+ 	// read all needed attributes which will be used later
+ 	// there should be no performance different between reading 2 or 4 here
+ 	attrsMap, err := attribute.CheckAttributes(ctx, ctx.Repo.GitRepo, ctx.Repo.CommitID, attribute.CheckAttributeOpts{
+@@ -244,8 +247,11 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
  			ctx.Data["LineEscapeStatus"] = statuses
  		}
  		if !fInfo.isLFSFile {
 -			if ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
-+			if ctx.Repo.CanEnableEditor() {
- 				if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
+-				if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
++			if canEnableEditor {
++				if !ctx.IsSigned {
++					ctx.Data["CanEditFile"] = false
++					ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.must_be_signed_in")
++				} else if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
  					ctx.Data["CanEditFile"] = false
  					ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
-@@ -233,8 +233,6 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
+ 				} else {
+@@ -254,8 +260,6 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
  				}
- 			} else if !ctx.Repo.IsViewBranch {
+ 			} else if !ctx.Repo.RefFullName.IsBranch() {
  				ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
 -			} else if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
 -				ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.fork_before_edit")
  			}
  		}
  
-@@ -296,7 +294,7 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
+@@ -307,8 +311,11 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
  		}
  	}
  
 -	if ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
-+	if ctx.Repo.CanEnableEditor() {
- 		if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
+-		if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
++	if canEnableEditor {
++		if !ctx.IsSigned {
++			ctx.Data["CanDeleteFile"] = false
++			ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_be_signed_in")
++		} else if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
  			ctx.Data["CanDeleteFile"] = false
  			ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
-@@ -306,7 +304,5 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
+ 		} else {
+@@ -317,7 +324,5 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
  		}
- 	} else if !ctx.Repo.IsViewBranch {
+ 	} else if !ctx.Repo.RefFullName.IsBranch() {
  		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
 -	} else if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
 -		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_have_write_access")
  	}
  }
+diff --git a/routers/web/repo/view_home.go b/routers/web/repo/view_home.go
+index 48fa47d738..4d6557f652 100644
+--- a/routers/web/repo/view_home.go
++++ b/routers/web/repo/view_home.go
+@@ -408,6 +408,7 @@ func Home(ctx *context.Context) {
+ 	ctx.Data["Title"] = title
+ 	ctx.Data["PageIsViewCode"] = true
+ 	ctx.Data["RepositoryUploadEnabled"] = setting.Repository.Upload.Enabled // show New File / Upload File buttons
++	ctx.Data["CanEnableEditor"] = ctx.Repo.CanEnableEditor(ctx, ctx.Doer)
+ 
+ 	if ctx.Repo.Commit == nil || ctx.Repo.Repository.IsEmpty || ctx.Repo.Repository.IsBroken() {
+ 		// empty or broken repositories need to be handled differently
 diff --git a/routers/web/repo/view_readme.go b/routers/web/repo/view_readme.go
-index 5bd39de963..97c47d2b38 100644
+index 459cf0a616..c5984d2a30 100644
 --- a/routers/web/repo/view_readme.go
 +++ b/routers/web/repo/view_readme.go
-@@ -212,7 +212,9 @@ func prepareToRenderReadmeFile(ctx *context.Context, subfolder string, readmeFil
+@@ -212,7 +212,18 @@ func prepareToRenderReadmeFile(ctx *context.Context, subfolder string, readmeFil
  		ctx.Data["EscapeStatus"], ctx.Data["FileContent"] = charset.EscapeControlHTML(template.HTML(contentEscaped), ctx.Locale)
  	}
  
 -	if !fInfo.isLFSFile && ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
 -		ctx.Data["CanEditReadmeFile"] = true
++	canEnableEditor := ctx.Repo.CanEnableEditor(ctx, ctx.Doer)
++	ctx.Data["CanEnableEditor"] = canEnableEditor
++
 +	if !fInfo.isLFSFile {
-+		if ctx.Repo.CanEnableEditor() {
-+			ctx.Data["CanEditReadmeFile"] = true
++		if canEnableEditor {
++			if !ctx.IsSigned {
++				ctx.Data["CanEditReadmeFile"] = false
++				ctx.Data["EditReadmeFileTooltip"] = ctx.Tr("repo.editor.must_be_signed_in")
++			} else {
++				ctx.Data["CanEditReadmeFile"] = true
++				ctx.Data["EditReadmeFileTooltip"] = ctx.Tr("repo.editor.edit_this_file")
++			}
 +		}
  	}
  }
 diff --git a/routers/web/web.go b/routers/web/web.go
-index 3ec3492433..cf9959ecfe 100644
+index bd850baec0..bdca68993d 100644
 --- a/routers/web/web.go
 +++ b/routers/web/web.go
-@@ -819,7 +819,6 @@ func registerWebRoutes(m *web.Router) {
- 
- 	reqRepoAdmin := context.RequireRepoAdmin()
- 	reqRepoCodeWriter := context.RequireRepoWriter(unit.TypeCode)
--	canEnableEditor := context.CanEnableEditor()
- 	reqRepoCodeReader := context.RequireRepoReader(unit.TypeCode)
- 	reqRepoReleaseWriter := context.RequireRepoWriter(unit.TypeReleases)
- 	reqRepoReleaseReader := context.RequireRepoReader(unit.TypeReleases)
-@@ -1298,19 +1297,22 @@ func registerWebRoutes(m *web.Router) {
- 				m.Post("/_preview/*", web.Bind(forms.EditPreviewDiffForm{}), repo.DiffPreviewPost)
+@@ -1321,18 +1321,22 @@ func registerWebRoutes(m *web.Router) {
+ 					Post(web.Bind(forms.EditRepoFileForm{}), repo.NewFilePost)
  				m.Combo("/_delete/*").Get(repo.DeleteFile).
  					Post(web.Bind(forms.DeleteRepoFileForm{}), repo.DeleteFilePost)
--				m.Combo("/_upload/*", repo.MustBeAbleToUpload).
--					Get(repo.UploadFile).
+-				m.Combo("/_upload/*", repo.MustBeAbleToUpload).Get(repo.UploadFile).
 +				m.Combo("/_upload/*", context.MustBeAbleToUpload()).Get(repo.UploadFile).
  					Post(web.Bind(forms.UploadRepoFileForm{}), repo.UploadFilePost)
  				m.Combo("/_diffpatch/*").Get(repo.NewDiffPatch).
@@ -1118,44 +1082,44 @@ index 3ec3492433..cf9959ecfe 100644
 +			m.Group("", func() {
  				m.Combo("/_cherrypick/{sha:([a-f0-9]{7,64})}/*").Get(repo.CherryPick).
  					Post(web.Bind(forms.CherryPickForm{}), repo.CherryPickPost)
--			}, repo.MustBeEditable)
+-			}, context.RepoRefByType(git.RefTypeBranch), context.CanWriteToBranch(), repo.WebGitOperationCommonData)
 -			m.Group("", func() {
 -				m.Post("/upload-file", repo.UploadFileToServer)
 -				m.Post("/upload-remove", web.Bind(forms.RemoveUploadFileForm{}), repo.RemoveUploadFileFromServer)
--			}, repo.MustBeEditable, repo.MustBeAbleToUpload)
--		}, context.RepoRef(), canEnableEditor, context.RepoMustNotBeArchived())
+-			}, repo.MustBeAbleToUpload, reqRepoCodeWriter)
+-		}, repo.MustBeEditable, context.RepoMustNotBeArchived())
 +			}, context.MustBeAbleToCherryPick())
-+		}, context.RepoRef())
++		}, context.RepoRefByType(git.RefTypeBranch), repo.WebGitOperationCommonData)
 +		m.Group("", func() {
 +			m.Post("/upload-file", repo.UploadFileToServer)
 +			m.Post("/upload-remove", web.Bind(forms.RemoveUploadFileForm{}), repo.RemoveUploadFileFromServer)
-+		}, context.RepoRef(), context.MustBeAbleToUpload())
++		}, context.MustBeAbleToUpload())
  
  		m.Group("/branches", func() {
  			m.Group("/_new", func() {
 diff --git a/services/context/permission.go b/services/context/permission.go
-index 9338587257..26b3a1e7fd 100644
+index 7055f798da..bf6e498741 100644
 --- a/services/context/permission.go
 +++ b/services/context/permission.go
-@@ -32,10 +32,10 @@ func RequireRepoWriter(unitType unit.Type) func(ctx *Context) {
+@@ -21,10 +21,10 @@ func RequireRepoAdmin() func(ctx *Context) {
  	}
  }
  
--// CanEnableEditor checks if the user is allowed to write to the branch of the repo
--func CanEnableEditor() func(ctx *Context) {
+-// CanWriteToBranch checks if the user is allowed to write to the branch of the repo
+-func CanWriteToBranch() func(ctx *Context) {
 +// MustBeAbleToCherryPick checks if the user is allowed to cherry-pick to a branch of the repo
 +func MustBeAbleToCherryPick() func(ctx *Context) {
  	return func(ctx *Context) {
 -		if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
-+		if !CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName) || !ctx.Repo.Repository.CanEnableEditor() {
- 			ctx.NotFound("CanWriteToBranch denies permission", nil)
++		if !CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName) || !ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
+ 			ctx.NotFound(nil)
  			return
  		}
 diff --git a/services/context/repo.go b/services/context/repo.go
-index da6731df5a..16ae6425cc 100644
+index 61841aa90b..10c802c8d7 100644
 --- a/services/context/repo.go
 +++ b/services/context/repo.go
-@@ -69,13 +69,19 @@ type Repository struct {
+@@ -67,13 +67,72 @@ type Repository struct {
  }
  
  // CanWriteToBranch checks if the branch is writable by the user
@@ -1171,24 +1135,76 @@ index da6731df5a..16ae6425cc 100644
  }
  
 -// CanEnableEditor returns true if repository is editable and user has proper access level.
--func (r *Repository) CanEnableEditor(ctx context.Context, user *user_model.User) bool {
--	return r.IsViewBranch && r.CanWriteToBranch(ctx, user, r.BranchName) && r.Repository.CanEnableEditor() && !r.Repository.IsArchived
++// RepositoryNotEditableMessage explains why a repository can not be edited by the user
++type RepositoryNotEditableMessage struct {
++	Reason     string
++	Repository string
++}
++
++// GetEditRepository returns the repository where the editor will actually write the
++// the edits to. This may be a fork of the repository owned by the user. If no repository
++// can be found for editing, either a reason or error is returned.
++func GetEditableRepository(ctx context.Context, user *user_model.User, repo *repo_model.Repository, branch string) (*repo_model.Repository, RepositoryNotEditableMessage, error) {
++	if CanWriteToBranch(ctx, user, repo, branch) {
++		return repo, RepositoryNotEditableMessage{}, nil
++	}
++
++	// If we can't write to the branch, try find a user fork to create a branch in instead
++	userRepo, err := repo_model.GetUserFork(ctx, repo.ID, user.ID)
++	if err != nil {
++		return nil, RepositoryNotEditableMessage{}, fmt.Errorf("GetUserFork: %v", err)
++	}
++	if userRepo == nil {
++		return nil, RepositoryNotEditableMessage{}, nil
++	}
++
++	// Load repository information
++	if err := userRepo.LoadOwner(ctx); err != nil {
++		return nil, RepositoryNotEditableMessage{}, fmt.Errorf("LoadOwner: %v", err)
++	}
++	if err := userRepo.GetBaseRepo(ctx); err != nil || userRepo.BaseRepo == nil {
++		if err != nil {
++			return nil, RepositoryNotEditableMessage{}, fmt.Errorf("GetBaseRepo: %v", err)
++		}
++		return nil, RepositoryNotEditableMessage{}, errors.New("GetBaseRepo: Expected a base repo for user fork")
++	}
++
++	// Check code unit, archiving and permissions.
++	if !userRepo.UnitEnabled(ctx, unit_model.TypeCode) {
++		return nil, RepositoryNotEditableMessage{Reason: "repo.editor.fork_code_disabled", Repository: userRepo.FullName()}, nil
++	}
++	if userRepo.IsArchived {
++		return nil, RepositoryNotEditableMessage{Reason: "repo.editor.fork_is_archived", Repository: userRepo.FullName()}, nil
++	}
++	permission, err := access_model.GetUserRepoPermission(ctx, userRepo, user)
++	if err != nil {
++		return nil, RepositoryNotEditableMessage{}, fmt.Errorf("access_model.GetUserRepoPermission: %v", err)
++	}
++	if !permission.CanWrite(unit_model.TypeCode) {
++		return nil, RepositoryNotEditableMessage{Reason: "repo.editor.fork_no_permission", Repository: userRepo.FullName()}, nil
++	}
++
++	return userRepo, RepositoryNotEditableMessage{}, nil
++}
++
 +// CanEnableEditor returns true if the web editor can be enabled for this repository,
 +// either by directly writing to the repository or to a user fork.
-+func (r *Repository) CanEnableEditor() bool {
-+	return r.IsViewBranch && r.Repository.CanEnableEditor()
+ func (r *Repository) CanEnableEditor(ctx context.Context, user *user_model.User) bool {
+-	return r.RefFullName.IsBranch() && r.CanWriteToBranch(ctx, user, r.BranchName) && r.Repository.CanEnableEditor() && !r.Repository.IsArchived
++	return r.RefFullName.IsBranch() && r.Repository.CanEnableEditor() &&
++		(CanWriteToBranch(ctx, user, r.Repository, r.BranchName) || (r.Permission.CanRead(unit_model.TypeCode) && r.Permission.CanRead(unit_model.TypePullRequests)))
  }
  
  // CanCreateBranch returns true if repository is editable and user has proper access level.
-@@ -96,10 +102,27 @@ func RepoMustNotBeArchived() func(ctx *Context) {
+@@ -94,10 +153,31 @@ func RepoMustNotBeArchived() func(ctx *Context) {
  	}
  }
  
 +// MustEnableEditor checks if the web editor can be enabled for this repository
 +func MustEnableEditor() func(ctx *Context) {
 +	return func(ctx *Context) {
-+		if !ctx.Repo.CanEnableEditor() {
-+			ctx.NotFound("", nil)
++		if !ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
++			ctx.NotFound(nil)
 +		}
 +	}
 +}
@@ -1197,7 +1213,11 @@ index da6731df5a..16ae6425cc 100644
 +func MustBeAbleToUpload() func(ctx *Context) {
 +	return func(ctx *Context) {
 +		if !setting.Repository.Upload.Enabled || !ctx.Repo.Repository.CanEnableEditor() {
-+			ctx.NotFound("", nil)
++			ctx.NotFound(nil)
++		}
++		editRepo, _, _ := GetEditableRepository(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName)
++		if editRepo == nil {
++			ctx.NotFound(nil)
 +		}
 +	}
 +}
@@ -1209,7 +1229,7 @@ index da6731df5a..16ae6425cc 100644
  	UserCanPush       bool
  	RequireSigned     bool
  	WillSign          bool
-@@ -108,24 +131,23 @@ type CanCommitToBranchResults struct {
+@@ -106,24 +186,23 @@ type CanCommitToBranchResults struct {
  }
  
  // CanCommitToBranch returns true if repository is editable and user has proper access level
@@ -1239,7 +1259,7 @@ index da6731df5a..16ae6425cc 100644
  	if requireSigned {
  		canCommit = canCommit && sign
  	}
-@@ -141,7 +163,6 @@ func (r *Repository) CanCommitToBranch(ctx context.Context, doer *user_model.Use
+@@ -139,7 +218,6 @@ func (r *Repository) CanCommitToBranch(ctx context.Context, doer *user_model.Use
  
  	return CanCommitToBranchResults{
  		CanCommitToBranch: canCommit,
@@ -1248,10 +1268,10 @@ index da6731df5a..16ae6425cc 100644
  		RequireSigned:     requireSigned,
  		WillSign:          sign,
 diff --git a/services/forms/repo_form.go b/services/forms/repo_form.go
-index f558133aeb..14c179d2bd 100644
+index a2827e516a..6bd1c9cef0 100644
 --- a/services/forms/repo_form.go
 +++ b/services/forms/repo_form.go
-@@ -760,6 +760,18 @@ func (f *EditPreviewDiffForm) Validate(req *http.Request, errs binding.Errors) b
+@@ -716,6 +716,18 @@ func (f *EditPreviewDiffForm) Validate(req *http.Request, errs binding.Errors) b
  	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
  }
  
@@ -1270,6 +1290,19 @@ index f558133aeb..14c179d2bd 100644
  // _________ .__                                 __________.__        __
  // \_   ___ \|  |__   __________________ ___.__. \______   \__| ____ |  | __
  // /    \  \/|  |  \_/ __ \_  __ \_  __ <   |  |  |     ___/  |/ ___\|  |/ /
+diff --git a/templates/repo/diff/box.tmpl b/templates/repo/diff/box.tmpl
+index 9f0689d61f..3029ca407e 100644
+--- a/templates/repo/diff/box.tmpl
++++ b/templates/repo/diff/box.tmpl
+@@ -147,7 +147,7 @@
+ 												<a class="item" rel="nofollow" href="{{$.BeforeSourcePath}}/{{PathEscapeSegments .Name}}">{{ctx.Locale.Tr "repo.diff.view_file"}}</a>
+ 											{{else}}
+ 												<a class="item" rel="nofollow" href="{{$.SourcePath}}/{{PathEscapeSegments .Name}}">{{ctx.Locale.Tr "repo.diff.view_file"}}</a>
+-												{{if and $.Repository.CanEnableEditor $.CanEditFile (not $file.IsLFSFile) (not $file.IsBin)}}
++												{{if and $.CanEnableEditor $.CanEditFile (not $file.IsLFSFile) (not $file.IsBin)}}
+ 													<a class="item" rel="nofollow" href="{{$.HeadRepoLink}}/_edit/{{PathEscapeSegments $.HeadBranchName}}/{{PathEscapeSegments $file.Name}}?return_uri={{print $.BackToLink "#diff-" $file.NameHash | QueryEscape}}">{{ctx.Locale.Tr "repo.editor.edit_this_file"}}</a>
+ 												{{end}}
+ 											{{end}}
 diff --git a/templates/repo/editor/delete.tmpl b/templates/repo/editor/delete.tmpl
 index 2c0c2fc792..4e532e94a0 100644
 --- a/templates/repo/editor/delete.tmpl
@@ -1287,7 +1320,7 @@ index 2c0c2fc792..4e532e94a0 100644
  			{{template "repo/editor/commit_form" .}}
  		</form>
 diff --git a/templates/repo/editor/edit.tmpl b/templates/repo/editor/edit.tmpl
-index 204a426970..56cc0b72fe 100644
+index ae8a60c20c..16a5988716 100644
 --- a/templates/repo/editor/edit.tmpl
 +++ b/templates/repo/editor/edit.tmpl
 @@ -10,6 +10,11 @@
@@ -1304,10 +1337,10 @@ index 204a426970..56cc0b72fe 100644
  					<a class="section" href="{{$.BranchLink}}">{{.Repository.Name}}</a>
 diff --git a/templates/repo/editor/fork.tmpl b/templates/repo/editor/fork.tmpl
 new file mode 100644
-index 0000000000..f89bf2f3f2
+index 0000000000..a056fa3d3b
 --- /dev/null
 +++ b/templates/repo/editor/fork.tmpl
-@@ -0,0 +1,41 @@
+@@ -0,0 +1,40 @@
 +{{template "base/head" .}}
 +<div role="main" aria-label="{{.Title}}" class="page-content repository file editor edit">
 +	{{template "repo/header" .}}
@@ -1315,7 +1348,6 @@ index 0000000000..f89bf2f3f2
 +		{{template "base/alert" .}}
 +		<form class="ui edit form" method="post" action="{{.RepoLink}}/_fork_to_edit/{{.BranchName | PathEscapeSegments}}">
 +			{{.CsrfTokenHtml}}
-+			<input type="hidden" name="page_has_posted" value="{{.PageHasPosted}}">
 +			<div class="repo-editor-header">
 +				<div class="ui breadcrumb field{{if .Err_TreePath}} error{{end}}">
 +					<a class="section" href="{{$.BranchLink}}">{{.Repository.Name}}</a>
@@ -1329,8 +1361,8 @@ index 0000000000..f89bf2f3f2
 +							<span class="section"><a href="{{$.BranchLink}}/{{index $.TreePaths $i | PathEscapeSegments}}">{{$v}}</a></span>
 +						{{end}}
 +					{{end}}
-+					<input type="hidden" id="tree_path" name="tree_path" value="{{.TreePath}}" required>
-+					<input type="hidden" id="edit_operation" name="edit_operation" value="{{.EditOperation}}" required>
++					<input type="hidden" name="tree_path" value="{{.TreePath}}" required>
++					<input type="hidden" name="edit_operation" value="{{.EditOperation}}" required>
 +				</div>
 +			</div>
 +			<div class="field center">
@@ -1382,7 +1414,7 @@ index 5725020406..2b3737eeac 100644
  				<div class="ui breadcrumb field {{if .Err_TreePath}}error{{end}}">
  					<a class="section" href="{{$.BranchLink}}">{{.Repository.Name}}</a>
 diff --git a/templates/repo/empty.tmpl b/templates/repo/empty.tmpl
-index ae3f95045b..c1975a73a6 100644
+index 32b5c8401b..64ac9700d6 100644
 --- a/templates/repo/empty.tmpl
 +++ b/templates/repo/empty.tmpl
 @@ -26,7 +26,7 @@
@@ -1390,144 +1422,66 @@ index ae3f95045b..c1975a73a6 100644
  
  							<div class="repo-button-row">
 -								{{if and .CanWriteCode (not .Repository.IsArchived)}}
-+								{{if and .CanWriteCode .Repository.CanEnableEditor}}
++								{{if and .CanWriteCode .CanEnableEditor}}
  									<a class="ui small button" href="{{.RepoLink}}/_new/{{.BranchName | PathEscapeSegments}}/">
  										{{ctx.Locale.Tr "repo.editor.new_file"}}
  									</a>
 diff --git a/templates/repo/view_content.tmpl b/templates/repo/view_content.tmpl
-new file mode 100644
-index 0000000000..65d1c5d284
---- /dev/null
+index 292a2f878c..ff122ca065 100644
+--- a/templates/repo/view_content.tmpl
 +++ b/templates/repo/view_content.tmpl
-@@ -0,0 +1,111 @@
-+{{$isTreePathRoot := not .TreeNames}}
-+
-+{{template "repo/sub_menu" .}}
-+<div class="repo-button-row">
-+	<div class="repo-button-row-left">
-+	{{if not $isTreePathRoot}}
-+		<button class="repo-view-file-tree-toggle-show ui compact basic button icon not-mobile {{if .UserSettingCodeViewShowFileTree}}tw-hidden{{end}}"
-+			data-global-click="onRepoViewFileTreeToggle" data-toggle-action="show"
-+			data-tooltip-content="{{ctx.Locale.Tr "repo.diff.show_file_tree"}}">
-+			{{svg "octicon-sidebar-collapse"}}
-+		</button>
-+	{{end}}
-+
-+	{{template "repo/branch_dropdown" dict
-+		"Repository" .Repository
-+		"ShowTabBranches" true
-+		"ShowTabTags" true
-+		"CurrentRefType" .RefFullName.RefType
-+		"CurrentRefShortName" .RefFullName.ShortName
-+		"CurrentTreePath" .TreePath
-+		"RefLinkTemplate" "{RepoLink}/src/{RefType}/{RefShortName}/{TreePath}"
-+		"AllowCreateNewRef" .CanCreateBranch
-+		"ShowViewAllRefsEntry" true
-+	}}
-+
-+	{{if and .CanCompareOrPull .RefFullName.IsBranch (not .Repository.IsArchived)}}
-+		{{$cmpBranch := ""}}
-+		{{if ne .Repository.ID .BaseRepo.ID}}
-+			{{$cmpBranch = printf "%s/%s:" (.Repository.OwnerName|PathEscape) (.Repository.Name|PathEscape)}}
-+		{{end}}
-+		{{$cmpBranch = print $cmpBranch (.BranchName|PathEscapeSegments)}}
-+		{{$compareLink := printf "%s/compare/%s...%s" .BaseRepo.Link (.BaseRepo.DefaultBranch|PathEscapeSegments) $cmpBranch}}
-+		<a id="new-pull-request" role="button" class="ui compact basic button" href="{{QueryBuild $compareLink "expand" 1}}"
-+			data-tooltip-content="{{if .PullRequestCtx.Allowed}}{{ctx.Locale.Tr "repo.pulls.compare_changes"}}{{else}}{{ctx.Locale.Tr "action.compare_branch"}}{{end}}">
-+			{{svg "octicon-git-pull-request"}}
-+		</a>
-+	{{end}}
-+
-+	<!-- Show go to file if on home page -->
-+	{{if $isTreePathRoot}}
-+		<a href="{{.Repository.Link}}/find/{{.RefTypeNameSubURL}}" class="ui compact basic button">{{ctx.Locale.Tr "repo.find_file.go_to_file"}}</a>
-+	{{end}}
-+
-+	{{if and .RefFullName.IsBranch (not .IsViewFile)}}
-+		<button class="ui dropdown basic compact jump button"{{if not .Repository.CanEnableEditor}} disabled{{end}}>
-+			{{ctx.Locale.Tr "repo.editor.add_file"}}
-+			{{svg "octicon-triangle-down" 14 "dropdown icon"}}
-+			<div class="menu">
-+				<a class="item" href="{{.RepoLink}}/_new/{{.BranchName | PathEscapeSegments}}/{{.TreePath | PathEscapeSegments}}">
-+					{{ctx.Locale.Tr "repo.editor.new_file"}}
-+				</a>
-+				{{if .RepositoryUploadEnabled}}
-+				<a class="item" href="{{.RepoLink}}/_upload/{{.BranchName | PathEscapeSegments}}/{{.TreePath | PathEscapeSegments}}">
-+					{{ctx.Locale.Tr "repo.editor.upload_file"}}
-+				</a>
+@@ -41,8 +41,8 @@
+ 		<a href="{{.Repository.Link}}/find/{{.RefTypeNameSubURL}}" class="ui compact basic button">{{ctx.Locale.Tr "repo.find_file.go_to_file"}}</a>
+ 	{{end}}
+ 
+-	{{if and .CanWriteCode .RefFullName.IsBranch (not .Repository.IsMirror) (not .Repository.IsArchived) (not .IsViewFile)}}
+-		<button class="ui dropdown basic compact jump button"{{if not .Repository.CanEnableEditor}} disabled{{end}}>
++	{{if and .RefFullName.IsBranch (not .IsViewFile) .CanEnableEditor .IsSigned}}
++		<button class="ui dropdown basic compact jump button">
+ 			{{ctx.Locale.Tr "repo.editor.add_file"}}
+ 			{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+ 			<div class="menu">
+diff --git a/templates/repo/view_file.tmpl b/templates/repo/view_file.tmpl
+index dc789a2648..c143333833 100644
+--- a/templates/repo/view_file.tmpl
++++ b/templates/repo/view_file.tmpl
+@@ -61,7 +61,7 @@
+ 					{{svg "octicon-rss"}}
+ 				</a>
+ 				{{end}}
+-				{{if .Repository.CanEnableEditor}}
++				{{if .CanEnableEditor}}
+ 					{{if .CanEditFile}}
+ 						<a class="btn-octicon" data-tooltip-content="{{.EditFileTooltip}}" href="{{.RepoLink}}/_edit/{{PathEscapeSegments .BranchName}}/{{PathEscapeSegments .TreePath}}">{{svg "octicon-pencil"}}</a>
+ 					{{else}}
+@@ -77,8 +77,12 @@
+ 				<button class="ui mini basic button unescape-button tw-mr-1 tw-hidden">{{ctx.Locale.Tr "repo.unescape_control_characters"}}</button>
+ 				<button class="ui mini basic button escape-button tw-mr-1">{{ctx.Locale.Tr "repo.escape_control_characters"}}</button>
+ 			{{end}}
+-			{{if and .ReadmeInList .CanEditReadmeFile}}
+-				<a class="btn-octicon" data-tooltip-content="{{ctx.Locale.Tr "repo.editor.edit_this_file"}}" href="{{.RepoLink}}/_edit/{{PathEscapeSegments .BranchName}}/{{PathEscapeSegments .FileTreePath}}">{{svg "octicon-pencil"}}</a>
++			{{if and .ReadmeInList .CanEnableEditor}}
++				{{if .CanEditReadmeFile}}
++					<a class="btn-octicon" data-tooltip-content="{{.EditReadmeFileTooltip}}" href="{{.RepoLink}}/_edit/{{PathEscapeSegments .BranchName}}/{{PathEscapeSegments .FileTreePath}}">{{svg "octicon-pencil"}}</a>
++				{{else}}
++					<span class="btn-octicon disabled" data-tooltip-content="{{.EditReadmeFileTooltip}}">{{svg "octicon-pencil"}}</span>
 +				{{end}}
-+				<a class="item" href="{{.RepoLink}}/_diffpatch/{{.BranchName | PathEscapeSegments}}/{{.TreePath | PathEscapeSegments}}">
-+					{{ctx.Locale.Tr "repo.editor.patch"}}
-+				</a>
-+			</div>
-+		</button>
-+	{{end}}
-+
-+	{{if and $isTreePathRoot .Repository.IsTemplate}}
-+		<a role="button" class="ui primary compact button" href="{{AppSubUrl}}/repo/create?template_id={{.Repository.ID}}">
-+			{{ctx.Locale.Tr "repo.use_template"}}
-+		</a>
-+	{{end}}
-+
-+	{{if not $isTreePathRoot}}
-+		{{$treeNameIdxLast := Eval (len .TreeNames) "-" 1}}
-+		<span class="breadcrumb repo-path tw-ml-1">
-+			<a class="section" href="{{.RepoLink}}/src/{{.RefTypeNameSubURL}}" title="{{.Repository.Name}}">{{StringUtils.EllipsisString .Repository.Name 30}}</a>
-+			{{- range $i, $v := .TreeNames -}}
-+				<span class="breadcrumb-divider">/</span>
-+				{{- if eq $i $treeNameIdxLast -}}
-+					<span class="active section" title="{{$v}}">{{$v}}</span>
-+					<button class="btn interact-fg tw-mx-1" data-clipboard-text="{{$.TreePath}}" data-tooltip-content="{{ctx.Locale.Tr "copy_path"}}">{{svg "octicon-copy" 14}}</button>
-+				{{- else -}}
-+					{{$p := index $.Paths $i}}<span class="section"><a href="{{$.BranchLink}}/{{PathEscapeSegments $p}}" title="{{$v}}">{{$v}}</a></span>
-+				{{- end -}}
-+			{{- end -}}
-+		</span>
-+	{{end}}
-+	</div>
-+
-+	<div class="repo-button-row-right">
-+		<!-- Only show clone panel in repository home page -->
-+		{{if $isTreePathRoot}}
-+			{{template "repo/clone_panel" .}}
-+		{{end}}
-+		{{if and (not $isTreePathRoot) (not .IsViewFile) (not .IsBlame)}}{{/* IsViewDirectory (not home), TODO: split the templates, avoid using "if" tricks */}}
-+			<a class="ui button" href="{{.RepoLink}}/commits/{{.RefTypeNameSubURL}}/{{.TreePath | PathEscapeSegments}}">
-+				{{svg "octicon-history" 16 "tw-mr-2"}}{{ctx.Locale.Tr "repo.file_history"}}
-+			</a>
-+		{{end}}
-+	</div>
-+</div>
-+{{if .IsViewFile}}
-+	{{template "repo/view_file" .}}
-+{{else if .IsBlame}}
-+	{{template "repo/blame" .}}
-+{{else}}{{/* IsViewDirectory */}}
-+	{{if $isTreePathRoot}}
-+		{{template "repo/code/upstream_diverging_info" .}}
-+	{{end}}
-+	{{template "repo/view_list" .}}
-+	{{if and .ReadmeExist (or .IsMarkup .IsPlainText)}}
-+		{{template "repo/view_file" .}}
-+	{{end}}
-+{{end}}
+ 			{{end}}
+ 		</div>
+ 	</h4>
 diff --git a/tests/integration/editor_test.go b/tests/integration/editor_test.go
-index f0f71b80d1..b9ed72c196 100644
+index a5936d86de..3c54228a13 100644
 --- a/tests/integration/editor_test.go
 +++ b/tests/integration/editor_test.go
-@@ -9,9 +9,11 @@ import (
- 	"net/http/httptest"
- 	"net/url"
- 	"path"
-+	"strings"
- 	"testing"
- 
+@@ -20,6 +20,7 @@ import (
+ 	user_model "code.gitea.io/gitea/models/user"
+ 	"code.gitea.io/gitea/modules/git"
  	"code.gitea.io/gitea/modules/json"
 +	"code.gitea.io/gitea/modules/test"
- 	gitea_context "code.gitea.io/gitea/services/context"
+ 	"code.gitea.io/gitea/modules/translation"
+ 	"code.gitea.io/gitea/tests"
  
- 	"github.com/stretchr/testify/assert"
-@@ -20,13 +22,26 @@ import (
+@@ -30,13 +31,26 @@ import (
  func TestCreateFile(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, u *url.URL) {
  		session := loginUser(t, "user2")
@@ -1557,7 +1511,7 @@ index f0f71b80d1..b9ed72c196 100644
  	req := NewRequest(t, "GET", newURL)
  	resp := session.MakeRequest(t, req, http.StatusOK)
  
-@@ -36,72 +51,99 @@ func testCreateFile(t *testing.T, session *TestSession, user, repo, branch, file
+@@ -46,72 +60,99 @@ func testCreateFile(t *testing.T, session *TestSession, user, repo, branch, file
  
  	// Save new file to master branch
  	req = NewRequestWithValues(t, "POST", newURL, map[string]string{
@@ -1594,10 +1548,7 @@ index f0f71b80d1..b9ed72c196 100644
  func TestCreateFileOnProtectedBranch(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, u *url.URL) {
  		session := loginUser(t, "user2")
-+		testCreateFileOnProtectedBranch(t, session, "user2", "user2", "repo1", "master", "master", "direct")
-+	})
-+}
- 
+-
 -		csrf := GetUserCSRFToken(t, session)
 -		// Change master branch to protected
 -		req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{
@@ -1607,9 +1558,8 @@ index f0f71b80d1..b9ed72c196 100644
 -		})
 -		session.MakeRequest(t, req, http.StatusSeeOther)
 -		// Check if master branch has been locked successfully
--		flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
--		assert.NotNil(t, flashCookie)
--		assert.EqualValues(t, "success%3DBranch%2Bprotection%2Bfor%2Brule%2B%2522master%2522%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)
+-		flashMsg := session.GetCookieFlashMessage()
+-		assert.Equal(t, `Branch protection for rule "master" has been updated.`, flashMsg.SuccessMsg)
 -
 -		// Request editor page
 -		req = NewRequest(t, "GET", "/user2/repo1/_new/master/")
@@ -1618,14 +1568,7 @@ index f0f71b80d1..b9ed72c196 100644
 -		doc := NewHTMLParser(t, resp.Body)
 -		lastCommit := doc.GetInputValueByName("last_commit")
 -		assert.NotEmpty(t, lastCommit)
-+func TestCreateFileOnProtectedBranchFork(t *testing.T) {
-+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
-+		session := loginUser(t, "user4")
-+		forkToEdit(t, session, "user2", "repo1", "_new", "master", "test.txt")
-+		testCreateFileOnProtectedBranch(t, session, "user4", "user2", "repo1", "master", "feature/test", "commit-to-new-branch")
-+	})
-+}
- 
+-
 -		// Save new file to master branch
 -		req = NewRequestWithValues(t, "POST", "/user2/repo1/_new/master/", map[string]string{
 -			"_csrf":         doc.GetCSRF(),
@@ -1634,6 +1577,40 @@ index f0f71b80d1..b9ed72c196 100644
 -			"content":       "Content",
 -			"commit_choice": "direct",
 -		})
+-
+-		resp = session.MakeRequest(t, req, http.StatusOK)
+-		// Check body for error message
+-		assert.Contains(t, resp.Body.String(), "Cannot commit to protected branch &#34;master&#34;.")
+-
+-		// remove the protected branch
+-		csrf = GetUserCSRFToken(t, session)
+-
+-		// Change master branch to protected
+-		req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/1/delete", map[string]string{
+-			"_csrf": csrf,
+-		})
+-
+-		resp = session.MakeRequest(t, req, http.StatusOK)
+-
+-		res := make(map[string]string)
+-		assert.NoError(t, json.NewDecoder(resp.Body).Decode(&res))
+-		assert.Equal(t, "/user2/repo1/settings/branches", res["redirect"])
+-
+-		// Check if master branch has been locked successfully
+-		flashMsg = session.GetCookieFlashMessage()
+-		assert.Equal(t, `Removing branch protection rule "1" failed.`, flashMsg.ErrorMsg)
++		testCreateFileOnProtectedBranch(t, session, "user2", "user2", "repo1", "master", "master", "direct")
+ 	})
+ }
+ 
++func TestCreateFileOnProtectedBranchFork(t *testing.T) {
++	onGiteaRun(t, func(t *testing.T, u *url.URL) {
++		session := loginUser(t, "user4")
++		forkToEdit(t, session, "user2", "repo1", "_new", "master", "test.txt")
++		testCreateFileOnProtectedBranch(t, session, "user4", "user2", "repo1", "master", "feature/test", "commit-to-new-branch")
++	})
++}
++
 +func testCreateFileOnProtectedBranch(t *testing.T, session *TestSession, user, owner, repo, branch, targetBranch, commitChoice string) {
 +	csrf := GetUserCSRFToken(t, session)
 +	// Change target branch to protected
@@ -1644,27 +1621,17 @@ index f0f71b80d1..b9ed72c196 100644
 +	})
 +	session.MakeRequest(t, req, http.StatusSeeOther)
 +	// Check if target branch has been locked successfully
-+	flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
-+	assert.NotNil(t, flashCookie)
-+	assert.Equal(t, "success%3DBranch%2Bprotection%2Bfor%2Brule%2B%2522"+strings.ReplaceAll(targetBranch, "/", "%252F")+"%2522%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)
- 
--		resp = session.MakeRequest(t, req, http.StatusOK)
--		// Check body for error message
--		assert.Contains(t, resp.Body.String(), "Cannot commit to protected branch &#34;master&#34;.")
++	flashMsg := session.GetCookieFlashMessage()
++	assert.Equal(t, fmt.Sprintf(`Branch protection for rule "%s" has been updated.`, targetBranch), flashMsg.SuccessMsg)
++
 +	// Request editor page
 +	req = NewRequest(t, "GET", path.Join(owner, repo, "_new", branch))
 +	resp := session.MakeRequest(t, req, http.StatusOK)
- 
--		// remove the protected branch
--		csrf = GetUserCSRFToken(t, session)
++
 +	doc := NewHTMLParser(t, resp.Body)
 +	lastCommit := doc.GetInputValueByName("last_commit")
 +	assert.NotEmpty(t, lastCommit)
- 
--		// Change master branch to protected
--		req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/1/delete", map[string]string{
--			"_csrf": csrf,
--		})
++
 +	// Save new file to target branch
 +	req = NewRequestWithValues(t, "POST", path.Join(owner, repo, "_new", branch), map[string]string{
 +		"_csrf":           doc.GetCSRF(),
@@ -1674,26 +1641,18 @@ index f0f71b80d1..b9ed72c196 100644
 +		"commit_choice":   commitChoice,
 +		"new_branch_name": targetBranch,
 +	})
- 
--		resp = session.MakeRequest(t, req, http.StatusOK)
++
 +	resp = session.MakeRequest(t, req, http.StatusOK)
 +	// Check body for error message
 +	assert.Contains(t, resp.Body.String(), fmt.Sprintf("Cannot commit to protected branch &#34;%s&#34;.", targetBranch))
- 
--		res := make(map[string]string)
--		assert.NoError(t, json.NewDecoder(resp.Body).Decode(&res))
--		assert.EqualValues(t, "/user2/repo1/settings/branches", res["redirect"])
++
 +	// remove the protected branch
 +	csrf = GetUserCSRFToken(t, session)
- 
--		// Check if master branch has been locked successfully
--		flashCookie = session.GetCookie(gitea_context.CookieNameFlash)
--		assert.NotNil(t, flashCookie)
--		assert.EqualValues(t, "error%3DRemoving%2Bbranch%2Bprotection%2Brule%2B%25221%2522%2Bfailed.", flashCookie.Value)
++
 +	// Change target branch to protected
 +	req = NewRequestWithValues(t, "POST", path.Join(user, repo, "settings", "branches", "1", "delete"), map[string]string{
 +		"_csrf": csrf,
- 	})
++	})
 +
 +	resp = session.MakeRequest(t, req, http.StatusOK)
 +
@@ -1702,13 +1661,14 @@ index f0f71b80d1..b9ed72c196 100644
 +	assert.Equal(t, "/"+path.Join(user, repo, "settings", "branches"), res["redirect"])
 +
 +	// Check if target branch has been locked successfully
-+	flashCookie = session.GetCookie(gitea_context.CookieNameFlash)
-+	assert.NotNil(t, flashCookie)
-+	assert.Equal(t, "error%3DRemoving%2Bbranch%2Bprotection%2Brule%2B%25221%2522%2Bfailed.", flashCookie.Value)
- }
- 
++	flashMsg = session.GetCookieFlashMessage()
++	assert.Equal(t, `Removing branch protection rule "1" failed.`, flashMsg.ErrorMsg)
++}
++
  func testEditFile(t *testing.T, session *TestSession, user, repo, branch, filePath, newContent string) *httptest.ResponseRecorder {
-@@ -133,9 +175,9 @@ func testEditFile(t *testing.T, session *TestSession, user, repo, branch, filePa
+ 	// Get to the 'edit this file' page
+ 	req := NewRequest(t, "GET", path.Join(user, repo, "_edit", branch, filePath))
+@@ -141,9 +182,9 @@ func testEditFile(t *testing.T, session *TestSession, user, repo, branch, filePa
  	return resp
  }
  
@@ -1720,7 +1680,7 @@ index f0f71b80d1..b9ed72c196 100644
  	resp := session.MakeRequest(t, req, http.StatusOK)
  
  	htmlDoc := NewHTMLParser(t, resp.Body)
-@@ -143,7 +185,7 @@ func testEditFileToNewBranch(t *testing.T, session *TestSession, user, repo, bra
+@@ -151,7 +192,7 @@ func testEditFileToNewBranch(t *testing.T, session *TestSession, user, repo, bra
  	assert.NotEmpty(t, lastCommit)
  
  	// Submit the edits
@@ -1729,15 +1689,15 @@ index f0f71b80d1..b9ed72c196 100644
  		map[string]string{
  			"_csrf":           htmlDoc.GetCSRF(),
  			"last_commit":     lastCommit,
-@@ -173,6 +215,256 @@ func TestEditFile(t *testing.T) {
+@@ -181,10 +222,168 @@ func TestEditFile(t *testing.T) {
  func TestEditFileToNewBranch(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, u *url.URL) {
  		session := loginUser(t, "user2")
 -		testEditFileToNewBranch(t, session, "user2", "repo1", "master", "feature/test", "README.md", "Hello, World (Edited)\n")
 +		testEditFileToNewBranch(t, session, "user2", "user2", "repo1", "master", "feature/test", "README.md", "Hello, World (Edited)\n")
-+	})
-+}
-+
+ 	})
+ }
+ 
 +func TestEditFileToNewBranchFork(t *testing.T) {
 +	onGiteaRun(t, func(t *testing.T, u *url.URL) {
 +		session := loginUser(t, "user4")
@@ -1764,7 +1724,7 @@ index f0f71b80d1..b9ed72c196 100644
 +	)
 +	resp = session.MakeRequest(t, req, http.StatusOK)
 +
-+	assert.Contains(t, resp.Body.String(), `<code class="code-inner">Hello, World (Edited)</code>`)
++	assert.Contains(t, resp.Body.String(), `<span class="added-code">Hello, World (Edited)</span>`)
 +}
 +
 +func TestEditFileDiffPreview(t *testing.T) {
@@ -1895,6 +1855,14 @@ index f0f71b80d1..b9ed72c196 100644
 +	req = NewRequestf(t, "GET", "/%s/%s/src/branch/%s/%s", user, repo, targetBranch, "patch-file-1.txt")
 +	session.MakeRequest(t, req, http.StatusOK)
 +}
++
+ func TestWebGitCommitEmail(t *testing.T) {
+ 	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+ 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+@@ -337,3 +536,95 @@ index 0000000000..bbbbbbbbbb
+ 		})
+ 	})
+ }
 +
 +func forkToEdit(t *testing.T, session *TestSession, owner, repo, operation, branch, filePath string) {
 +	// Attempt to edit file
@@ -1985,13 +1953,13 @@ index f0f71b80d1..b9ed72c196 100644
 +			req = NewRequest(t, "GET", url)
 +			session.MakeRequest(t, req, http.StatusNotFound)
 +		}
- 	})
- }
++	})
++}
 diff --git a/tests/integration/pull_compare_test.go b/tests/integration/pull_compare_test.go
-index 106774aa54..f5fd26ae95 100644
+index 86bdd1b9e3..c29d2001ad 100644
 --- a/tests/integration/pull_compare_test.go
 +++ b/tests/integration/pull_compare_test.go
-@@ -89,7 +89,7 @@ func TestPullCompare_EnableAllowEditsFromMaintainer(t *testing.T) {
+@@ -104,7 +104,7 @@ func TestPullCompare_EnableAllowEditsFromMaintainer(t *testing.T) {
  		assert.True(t, forkedRepo.IsPrivate)
  
  		// user4 creates a new branch and a PR
@@ -2001,10 +1969,10 @@ index 106774aa54..f5fd26ae95 100644
  		prURL := test.RedirectURL(resp)
  
 diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go
-index 1521fcfe8a..9e0e89fe9a 100644
+index cf50d5e639..3080f484ce 100644
 --- a/tests/integration/pull_merge_test.go
 +++ b/tests/integration/pull_merge_test.go
-@@ -182,7 +182,7 @@ func TestPullCleanUpAfterMerge(t *testing.T) {
+@@ -180,7 +180,7 @@ func TestPullCleanUpAfterMerge(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2013,7 +1981,7 @@ index 1521fcfe8a..9e0e89fe9a 100644
  
  		resp := testPullCreate(t, session, "user1", "repo1", false, "master", "feature/test", "This is a pull title")
  
-@@ -236,8 +236,8 @@ func TestCantMergeConflict(t *testing.T) {
+@@ -234,8 +234,8 @@ func TestCantMergeConflict(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2024,7 +1992,7 @@ index 1521fcfe8a..9e0e89fe9a 100644
  
  		// Use API to create a conflicting pr
  		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-@@ -282,7 +282,7 @@ func TestCantMergeUnrelated(t *testing.T) {
+@@ -280,7 +280,7 @@ func TestCantMergeUnrelated(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2033,8 +2001,8 @@ index 1521fcfe8a..9e0e89fe9a 100644
  
  		// Now we want to create a commit on a branch that is totally unrelated to our current head
  		// Drop down to pure code at this point
-@@ -345,7 +345,7 @@ func TestCantMergeUnrelated(t *testing.T) {
- 		_, _, err = git.NewCommand(git.DefaultContext, "branch", "unrelated").AddDynamicArguments(commitSha).RunStdString(&git.RunOpts{Dir: path})
+@@ -343,7 +343,7 @@ func TestCantMergeUnrelated(t *testing.T) {
+ 		_, _, err = git.NewCommand("branch", "unrelated").AddDynamicArguments(commitSha).RunStdString(git.DefaultContext, &git.RunOpts{Dir: path})
  		assert.NoError(t, err)
  
 -		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "conflict", "README.md", "Hello, World (Edited Once)\n")
@@ -2042,7 +2010,7 @@ index 1521fcfe8a..9e0e89fe9a 100644
  
  		// Use API to create a conflicting pr
  		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-@@ -377,7 +377,7 @@ func TestFastForwardOnlyMerge(t *testing.T) {
+@@ -375,7 +375,7 @@ func TestFastForwardOnlyMerge(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2051,7 +2019,7 @@ index 1521fcfe8a..9e0e89fe9a 100644
  
  		// Use API to create a pr from update to master
  		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-@@ -418,7 +418,7 @@ func TestCantFastForwardOnlyMergeDiverging(t *testing.T) {
+@@ -416,7 +416,7 @@ func TestCantFastForwardOnlyMergeDiverging(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2060,7 +2028,7 @@ index 1521fcfe8a..9e0e89fe9a 100644
  		testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World 2\n")
  
  		// Use API to create a pr from diverging to update
-@@ -540,9 +540,9 @@ func TestConflictChecking(t *testing.T) {
+@@ -538,9 +538,9 @@ func TestConflictChecking(t *testing.T) {
  func TestPullRetargetChildOnBranchDelete(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
  		session := loginUser(t, "user1")
@@ -2072,7 +2040,7 @@ index 1521fcfe8a..9e0e89fe9a 100644
  
  		respBasePR := testPullCreate(t, session, "user2", "repo1", true, "master", "base-pr", "Base Pull Request")
  		elemBasePR := strings.Split(test.RedirectURL(respBasePR), "/")
-@@ -575,8 +575,8 @@ func TestPullDontRetargetChildOnWrongRepo(t *testing.T) {
+@@ -573,8 +573,8 @@ func TestPullDontRetargetChildOnWrongRepo(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2093,10 +2061,10 @@ index 1521fcfe8a..9e0e89fe9a 100644
  		respBasePR := testPullCreate(t, session, "user4", "repo1", false, "master", "base-pr", "Base Pull Request")
  		elemBasePR := strings.Split(test.RedirectURL(respBasePR), "/")
 diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
-index 878020625b..f648b272da 100644
+index 1121751c88..7ae0c65576 100644
 --- a/tests/integration/pull_review_test.go
 +++ b/tests/integration/pull_review_test.go
-@@ -246,7 +246,7 @@ func TestPullView_GivenApproveOrRejectReviewOnClosedPR(t *testing.T) {
+@@ -228,7 +228,7 @@ func TestPullView_GivenApproveOrRejectReviewOnClosedPR(t *testing.T) {
  
  		t.Run("Submit approve/reject review on closed PR", func(t *testing.T) {
  			// Created a closed PR (made by user1) in the upstream repo1.
@@ -2104,12 +2072,12 @@ index 878020625b..f648b272da 100644
 +			testEditFileToNewBranch(t, user1Session, "user1", "user1", "repo1", "master", "a-test-branch", "README.md", "Hello, World (Editied...again)\n")
  			resp := testPullCreate(t, user1Session, "user1", "repo1", false, "master", "a-test-branch", "This is a pull title")
  			elem := strings.Split(test.RedirectURL(resp), "/")
- 			assert.EqualValues(t, "pulls", elem[3])
+ 			assert.Equal(t, "pulls", elem[3])
 diff --git a/tests/integration/pull_status_test.go b/tests/integration/pull_status_test.go
-index ac9036ca96..c0e7532cfd 100644
+index 4d43847f1b..a659c4e502 100644
 --- a/tests/integration/pull_status_test.go
 +++ b/tests/integration/pull_status_test.go
-@@ -24,7 +24,7 @@ func TestPullCreate_CommitStatus(t *testing.T) {
+@@ -28,7 +28,7 @@ func TestPullCreate_CommitStatus(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, u *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2118,7 +2086,7 @@ index ac9036ca96..c0e7532cfd 100644
  
  		url := path.Join("user1", "repo1", "compare", "master...status1")
  		req := NewRequestWithValues(t, "POST", url,
-@@ -123,8 +123,8 @@ func TestPullCreate_EmptyChangesWithDifferentCommits(t *testing.T) {
+@@ -127,8 +127,8 @@ func TestPullCreate_EmptyChangesWithDifferentCommits(t *testing.T) {
  	onGiteaRun(t, func(t *testing.T, u *url.URL) {
  		session := loginUser(t, "user1")
  		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")
@@ -2130,11 +2098,11 @@ index ac9036ca96..c0e7532cfd 100644
  		url := path.Join("user1", "repo1", "compare", "master...status1")
  		req := NewRequestWithValues(t, "POST", url,
 diff --git a/tests/integration/repo_activity_test.go b/tests/integration/repo_activity_test.go
-index e520a0ed56..8a7cf04ce7 100644
+index d5025decba..85110e064c 100644
 --- a/tests/integration/repo_activity_test.go
 +++ b/tests/integration/repo_activity_test.go
-@@ -30,10 +30,10 @@ func TestRepoActivity(t *testing.T) {
- 		assert.EqualValues(t, "pulls", elem[3])
+@@ -29,10 +29,10 @@ func TestRepoActivity(t *testing.T) {
+ 		assert.Equal(t, "pulls", elem[3])
  		testPullMerge(t, session, elem[1], elem[2], elem[4], repo_model.MergeStyleMerge, false)
  
 -		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "feat/better_readme", "README.md", "Hello, World (Edited Again)\n")
@@ -2147,10 +2115,10 @@ index e520a0ed56..8a7cf04ce7 100644
  
  		// Create issues (3 new issues)
 diff --git a/tests/integration/repo_webhook_test.go b/tests/integration/repo_webhook_test.go
-index 0952263968..a31c5f67f7 100644
+index 3ccc34f20f..ac742ab172 100644
 --- a/tests/integration/repo_webhook_test.go
 +++ b/tests/integration/repo_webhook_test.go
-@@ -308,7 +308,7 @@ func Test_WebhookPush(t *testing.T) {
+@@ -359,7 +359,7 @@ func Test_WebhookPush(t *testing.T) {
  		testAPICreateWebhookForRepo(t, session, "user2", "repo1", provider.URL(), "push")
  
  		// 2. trigger the webhook
@@ -2158,8 +2126,8 @@ index 0952263968..a31c5f67f7 100644
 +		testCreateFile(t, session, "user2", "user2", "repo1", "master", "master", "direct", "test_webhook_push.md", "# a test file for webhook push", "")
  
  		// 3. validate the webhook is triggered
- 		assert.EqualValues(t, "push", triggeredEvent)
-@@ -601,7 +601,7 @@ func Test_WebhookStatus_NoWrongTrigger(t *testing.T) {
+ 		assert.Equal(t, "push", triggeredEvent)
+@@ -762,7 +762,7 @@ func Test_WebhookStatus_NoWrongTrigger(t *testing.T) {
  		testCreateWebhookForRepo(t, session, "gitea", "user2", "repo1", provider.URL(), "push_only")
  
  		// 2. trigger the webhook with a push action
@@ -2167,7 +2135,4 @@ index 0952263968..a31c5f67f7 100644
 +		testCreateFile(t, session, "user2", "user2", "repo1", "master", "master", "direct", "test_webhook_push.md", "# a test file for webhook push", "")
  
  		// 3. validate the webhook is triggered with right event
- 		assert.EqualValues(t, "push", trigger)
--- 
-2.49.0
-
+ 		assert.Equal(t, "push", trigger)