gitea/integrations/org_test.go

176 lines
6.0 KiB
Go
Raw Normal View History

// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"fmt"
"net/http"
"strings"
"testing"
api "code.gitea.io/gitea/modules/structs"
"github.com/stretchr/testify/assert"
)
func TestOrgRepos(t *testing.T) {
defer prepareTestEnv(t)()
var (
users = []string{"user1", "user2"}
cases = map[string][]string{
"alphabetically": {"repo21", "repo3", "repo5"},
"reversealphabetically": {"repo5", "repo3", "repo21"},
}
)
for _, user := range users {
t.Run(user, func(t *testing.T) {
session := loginUser(t, user)
for sortBy, repos := range cases {
req := NewRequest(t, "GET", "/user3?sort="+sortBy)
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
sel := htmlDoc.doc.Find("a.name")
2021-06-06 23:27:09 -06:00
assert.Len(t, repos, len(sel.Nodes))
for i := 0; i < len(repos); i++ {
assert.EqualValues(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))
}
}
})
}
}
func TestLimitedOrg(t *testing.T) {
defer prepareTestEnv(t)()
// not logged in user
req := NewRequest(t, "GET", "/limited_org")
MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
MakeRequest(t, req, http.StatusNotFound)
// login non-org member user
session := loginUser(t, "user2")
req = NewRequest(t, "GET", "/limited_org")
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
session.MakeRequest(t, req, http.StatusNotFound)
// site admin
session = loginUser(t, "user1")
req = NewRequest(t, "GET", "/limited_org")
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
session.MakeRequest(t, req, http.StatusOK)
}
func TestPrivateOrg(t *testing.T) {
defer prepareTestEnv(t)()
// not logged in user
req := NewRequest(t, "GET", "/privated_org")
MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
MakeRequest(t, req, http.StatusNotFound)
// login non-org member user
session := loginUser(t, "user2")
req = NewRequest(t, "GET", "/privated_org")
session.MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
session.MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
session.MakeRequest(t, req, http.StatusNotFound)
// non-org member who is collaborator on repo in private org
session = loginUser(t, "user4")
req = NewRequest(t, "GET", "/privated_org")
session.MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
session.MakeRequest(t, req, http.StatusNotFound)
// site admin
session = loginUser(t, "user1")
req = NewRequest(t, "GET", "/privated_org")
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
session.MakeRequest(t, req, http.StatusOK)
}
func TestOrgRestrictedUser(t *testing.T) {
defer prepareTestEnv(t)()
// privated_org is a private org who has id 23
orgName := "privated_org"
// public_repo_on_private_org is a public repo on privated_org
repoName := "public_repo_on_private_org"
// user29 is a restricted user who is not a member of the organization
restrictedUser := "user29"
// #17003 reports a bug whereby adding a restricted user to a read-only team doesn't work
// assert restrictedUser cannot see the org or the public repo
restrictedSession := loginUser(t, restrictedUser)
req := NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))
restrictedSession.MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))
restrictedSession.MakeRequest(t, req, http.StatusNotFound)
// Therefore create a read-only team
adminSession := loginUser(t, "user1")
token := getTokenForLoggedInUser(t, adminSession)
teamToCreate := &api.CreateTeamOption{
Name: "codereader",
Description: "Code Reader",
IncludesAllRepositories: true,
Permission: "read",
Units: []string{"repo.code"},
}
req = NewRequestWithJSON(t, "POST",
fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, token), teamToCreate)
var apiTeam api.Team
resp := adminSession.MakeRequest(t, req, http.StatusCreated)
DecodeJSON(t, resp, &apiTeam)
checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
teamToCreate.Permission, teamToCreate.Units)
checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
teamToCreate.Permission, teamToCreate.Units)
//teamID := apiTeam.ID
// Now we need to add the restricted user to the team
req = NewRequest(t, "PUT",
fmt.Sprintf("/api/v1/teams/%d/members/%s?token=%s", apiTeam.ID, restrictedUser, token))
_ = adminSession.MakeRequest(t, req, http.StatusNoContent)
// Now we need to check if the restrictedUser can access the repo
req = NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))
restrictedSession.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))
restrictedSession.MakeRequest(t, req, http.StatusOK)
}