Fixes #6881 - API users search fix (#6882)

This commit is contained in:
Richard Mahn 2019-05-08 15:17:32 -04:00 committed by Lauris BH
parent d8b2ed6627
commit 6db3dc7c02
4 changed files with 69 additions and 2 deletions

View File

@ -129,3 +129,18 @@ func TestAPIListUsers(t *testing.T) {
numberOfUsers := models.GetCount(t, &models.User{}, "type = 0")
assert.Equal(t, numberOfUsers, len(users))
}
func TestAPIListUsersNotLoggedIn(t *testing.T) {
prepareTestEnv(t)
req := NewRequest(t, "GET", "/api/v1/admin/users")
MakeRequest(t, req, http.StatusUnauthorized)
}
func TestAPIListUsersNonAdmin(t *testing.T) {
prepareTestEnv(t)
nonAdminUsername := "user2"
session := loginUser(t, nonAdminUsername)
token := getTokenForLoggedInUser(t, session)
req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token)
session.MakeRequest(t, req, http.StatusForbidden)
}

View File

@ -0,0 +1,52 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.package models
package integrations
import (
"net/http"
"testing"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
type SearchResults struct {
OK bool `json:"ok"`
Data []*api.User `json:"data"`
}
func TestAPIUserSearchLoggedIn(t *testing.T) {
prepareTestEnv(t)
adminUsername := "user1"
session := loginUser(t, adminUsername)
token := getTokenForLoggedInUser(t, session)
query := "user2"
req := NewRequestf(t, "GET", "/api/v1/users/search?token=%s&q=%s", token, query)
resp := session.MakeRequest(t, req, http.StatusOK)
var results SearchResults
DecodeJSON(t, resp, &results)
assert.NotEmpty(t, results.Data)
for _, user := range results.Data {
assert.Contains(t, user.UserName, query)
assert.NotEmpty(t, user.Email)
}
}
func TestAPIUserSearchNotLoggedIn(t *testing.T) {
prepareTestEnv(t)
query := "user2"
req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)
resp := MakeRequest(t, req, http.StatusOK)
var results SearchResults
DecodeJSON(t, resp, &results)
assert.NotEmpty(t, results.Data)
for _, user := range results.Data {
assert.Contains(t, user.UserName, query)
assert.Empty(t, user.Email)
}
}

View File

@ -326,7 +326,7 @@ func GetAllUsers(ctx *context.APIContext) {
results := make([]*api.User, len(users))
for i := range users {
results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User.IsAdmin)
results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin)
}
ctx.JSON(200, &results)

View File

@ -67,7 +67,7 @@ func Search(ctx *context.APIContext) {
results := make([]*api.User, len(users))
for i := range users {
results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User.IsAdmin)
results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin)
}
ctx.JSON(200, map[string]interface{}{