afan
/
gitea
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
gitea源码
3 커밋
2 브랜치
브렌치: master
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
gitea/tests/integration/org_test.go

org_test.go 9.3KB
고유링크 히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"strings"

  10. 	"testing"

  11. 

  12. 	auth_model "code.gitea.io/gitea/models/auth"

  13. 	"code.gitea.io/gitea/models/db"

  14. 	"code.gitea.io/gitea/models/organization"

  15. 	"code.gitea.io/gitea/models/perm"

  16. 	"code.gitea.io/gitea/models/unit"

  17. 	"code.gitea.io/gitea/models/unittest"

  18. 	user_model "code.gitea.io/gitea/models/user"

  19. 	api "code.gitea.io/gitea/modules/structs"

  20. 	"code.gitea.io/gitea/tests"

  21. 

  22. 	"github.com/stretchr/testify/assert"

  23. 	"github.com/stretchr/testify/require"

  24. )

  25. 

  26. func TestOrgRepos(t *testing.T) {

  27. 	defer tests.PrepareTestEnv(t)()

  28. 

  29. 	var (

  30. 		users = []string{"user1", "user2"}

  31. 		cases = map[string][]string{

  32. 			"alphabetically":        {"repo21", "repo3", "repo5"},

  33. 			"reversealphabetically": {"repo5", "repo3", "repo21"},

  34. 		}

  35. 	)

  36. 

  37. 	for _, user := range users {

  38. 		t.Run(user, func(t *testing.T) {

  39. 			session := loginUser(t, user)

  40. 			for sortBy, repos := range cases {

  41. 				req := NewRequest(t, "GET", "/org3?sort="+sortBy)

  42. 				resp := session.MakeRequest(t, req, http.StatusOK)

  43. 

  44. 				htmlDoc := NewHTMLParser(t, resp.Body)

  45. 

  46. 				sel := htmlDoc.doc.Find("a.name")

  47. 				assert.Len(t, repos, len(sel.Nodes))

  48. 				for i := range repos {

  49. 					assert.Equal(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))

  50. 				}

  51. 			}

  52. 		})

  53. 	}

  54. }

  55. 

  56. func TestLimitedOrg(t *testing.T) {

  57. 	defer tests.PrepareTestEnv(t)()

  58. 

  59. 	// not logged in user

  60. 	req := NewRequest(t, "GET", "/limited_org")

  61. 	MakeRequest(t, req, http.StatusNotFound)

  62. 	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")

  63. 	MakeRequest(t, req, http.StatusNotFound)

  64. 	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")

  65. 	MakeRequest(t, req, http.StatusNotFound)

  66. 

  67. 	// login non-org member user

  68. 	session := loginUser(t, "user2")

  69. 	req = NewRequest(t, "GET", "/limited_org")

  70. 	session.MakeRequest(t, req, http.StatusOK)

  71. 	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")

  72. 	session.MakeRequest(t, req, http.StatusOK)

  73. 	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")

  74. 	session.MakeRequest(t, req, http.StatusNotFound)

  75. 

  76. 	// site admin

  77. 	session = loginUser(t, "user1")

  78. 	req = NewRequest(t, "GET", "/limited_org")

  79. 	session.MakeRequest(t, req, http.StatusOK)

  80. 	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")

  81. 	session.MakeRequest(t, req, http.StatusOK)

  82. 	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")

  83. 	session.MakeRequest(t, req, http.StatusOK)

  84. }

  85. 

  86. func TestPrivateOrg(t *testing.T) {

  87. 	defer tests.PrepareTestEnv(t)()

  88. 

  89. 	// not logged in user

  90. 	req := NewRequest(t, "GET", "/privated_org")

  91. 	MakeRequest(t, req, http.StatusNotFound)

  92. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")

  93. 	MakeRequest(t, req, http.StatusNotFound)

  94. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  95. 	MakeRequest(t, req, http.StatusNotFound)

  96. 

  97. 	// login non-org member user

  98. 	session := loginUser(t, "user2")

  99. 	req = NewRequest(t, "GET", "/privated_org")

  100. 	session.MakeRequest(t, req, http.StatusNotFound)

  101. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")

  102. 	session.MakeRequest(t, req, http.StatusNotFound)

  103. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  104. 	session.MakeRequest(t, req, http.StatusNotFound)

  105. 

  106. 	// non-org member who is collaborator on repo in private org

  107. 	session = loginUser(t, "user4")

  108. 	req = NewRequest(t, "GET", "/privated_org")

  109. 	session.MakeRequest(t, req, http.StatusNotFound)

  110. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo

  111. 	session.MakeRequest(t, req, http.StatusOK)

  112. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  113. 	session.MakeRequest(t, req, http.StatusNotFound)

  114. 

  115. 	// site admin

  116. 	session = loginUser(t, "user1")

  117. 	req = NewRequest(t, "GET", "/privated_org")

  118. 	session.MakeRequest(t, req, http.StatusOK)

  119. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")

  120. 	session.MakeRequest(t, req, http.StatusOK)

  121. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  122. 	session.MakeRequest(t, req, http.StatusOK)

  123. }

  124. 

  125. func TestOrgMembers(t *testing.T) {

  126. 	defer tests.PrepareTestEnv(t)()

  127. 

  128. 	// not logged in user

  129. 	req := NewRequest(t, "GET", "/org/org25/members")

  130. 	MakeRequest(t, req, http.StatusOK)

  131. 

  132. 	// org member

  133. 	session := loginUser(t, "user24")

  134. 	req = NewRequest(t, "GET", "/org/org25/members")

  135. 	session.MakeRequest(t, req, http.StatusOK)

  136. 

  137. 	// site admin

  138. 	session = loginUser(t, "user1")

  139. 	req = NewRequest(t, "GET", "/org/org25/members")

  140. 	session.MakeRequest(t, req, http.StatusOK)

  141. }

  142. 

  143. func TestOrgRestrictedUser(t *testing.T) {

  144. 	defer tests.PrepareTestEnv(t)()

  145. 

  146. 	// privated_org is a private org who has id 23

  147. 	orgName := "privated_org"

  148. 

  149. 	// public_repo_on_private_org is a public repo on privated_org

  150. 	repoName := "public_repo_on_private_org"

  151. 

  152. 	// user29 is a restricted user who is not a member of the organization

  153. 	restrictedUser := "user29"

  154. 

  155. 	// #17003 reports a bug whereby adding a restricted user to a read-only team doesn't work

  156. 

  157. 	// assert restrictedUser cannot see the org or the public repo

  158. 	restrictedSession := loginUser(t, restrictedUser)

  159. 	req := NewRequest(t, "GET", "/"+orgName)

  160. 	restrictedSession.MakeRequest(t, req, http.StatusNotFound)

  161. 

  162. 	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))

  163. 	restrictedSession.MakeRequest(t, req, http.StatusNotFound)

  164. 

  165. 	// Therefore create a read-only team

  166. 	adminSession := loginUser(t, "user1")

  167. 	token := getTokenForLoggedInUser(t, adminSession, auth_model.AccessTokenScopeWriteOrganization)

  168. 

  169. 	teamToCreate := &api.CreateTeamOption{

  170. 		Name:                    "codereader",

  171. 		Description:             "Code Reader",

  172. 		IncludesAllRepositories: true,

  173. 		Permission:              "read",

  174. 		Units:                   []string{"repo.code"},

  175. 	}

  176. 

  177. 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams", orgName), teamToCreate).

  178. 		AddTokenAuth(token)

  179. 

  180. 	var apiTeam api.Team

  181. 

  182. 	resp := adminSession.MakeRequest(t, req, http.StatusCreated)

  183. 	DecodeJSON(t, resp, &apiTeam)

  184. 	checkTeamResponse(t, "CreateTeam_codereader", &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,

  185. 		"none", teamToCreate.Units, nil)

  186. 	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,

  187. 		"none", teamToCreate.Units, nil)

  188. 	// teamID := apiTeam.ID

  189. 

  190. 	// Now we need to add the restricted user to the team

  191. 	req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/teams/%d/members/%s", apiTeam.ID, restrictedUser)).

  192. 		AddTokenAuth(token)

  193. 	_ = adminSession.MakeRequest(t, req, http.StatusNoContent)

  194. 

  195. 	// Now we need to check if the restrictedUser can access the repo

  196. 	req = NewRequest(t, "GET", "/"+orgName)

  197. 	restrictedSession.MakeRequest(t, req, http.StatusOK)

  198. 

  199. 	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))

  200. 	restrictedSession.MakeRequest(t, req, http.StatusOK)

  201. }

  202. 

  203. func TestTeamSearch(t *testing.T) {

  204. 	defer tests.PrepareTestEnv(t)()

  205. 

  206. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15})

  207. 	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 17})

  208. 

  209. 	var results TeamSearchResults

  210. 

  211. 	session := loginUser(t, user.Name)

  212. 	req := NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "_team")

  213. 	resp := session.MakeRequest(t, req, http.StatusOK)

  214. 	DecodeJSON(t, resp, &results)

  215. 	assert.NotEmpty(t, results.Data)

  216. 	assert.Len(t, results.Data, 2)

  217. 	assert.Equal(t, "review_team", results.Data[0].Name)

  218. 	assert.Equal(t, "test_team", results.Data[1].Name)

  219. 

  220. 	// no access if not organization member

  221. 	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  222. 	session = loginUser(t, user5.Name)

  223. 	req = NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "team")

  224. 	session.MakeRequest(t, req, http.StatusNotFound)

  225. 

  226. 	t.Run("SearchWithPermission", func(t *testing.T) {

  227. 		ctx := t.Context()

  228. 		const testOrgID int64 = 500

  229. 		const testRepoID int64 = 2000

  230. 		testTeam := &organization.Team{OrgID: testOrgID, LowerName: "test_team", AccessMode: perm.AccessModeNone}

  231. 		require.NoError(t, db.Insert(ctx, testTeam))

  232. 		require.NoError(t, db.Insert(ctx, &organization.TeamRepo{OrgID: testOrgID, TeamID: testTeam.ID, RepoID: testRepoID}))

  233. 		require.NoError(t, db.Insert(ctx, &organization.TeamUnit{OrgID: testOrgID, TeamID: testTeam.ID, Type: unit.TypeCode, AccessMode: perm.AccessModeRead}))

  234. 		require.NoError(t, db.Insert(ctx, &organization.TeamUnit{OrgID: testOrgID, TeamID: testTeam.ID, Type: unit.TypeIssues, AccessMode: perm.AccessModeWrite}))

  235. 

  236. 		teams, err := organization.GetTeamsWithAccessToAnyRepoUnit(ctx, testOrgID, testRepoID, perm.AccessModeRead, unit.TypeCode, unit.TypeIssues)

  237. 		require.NoError(t, err)

  238. 		assert.Len(t, teams, 1) // can read "code" or "issues"

  239. 

  240. 		teams, err = organization.GetTeamsWithAccessToAnyRepoUnit(ctx, testOrgID, testRepoID, perm.AccessModeWrite, unit.TypeCode)

  241. 		require.NoError(t, err)

  242. 		assert.Empty(t, teams) // cannot write "code"

  243. 

  244. 		teams, err = organization.GetTeamsWithAccessToAnyRepoUnit(ctx, testOrgID, testRepoID, perm.AccessModeWrite, unit.TypeIssues)

  245. 		require.NoError(t, err)

  246. 		assert.Len(t, teams, 1) // can write "issues"

  247. 

  248. 		_, _ = db.GetEngine(ctx).ID(testTeam.ID).Update(&organization.Team{AccessMode: perm.AccessModeWrite})

  249. 		teams, err = organization.GetTeamsWithAccessToAnyRepoUnit(ctx, testOrgID, testRepoID, perm.AccessModeWrite, unit.TypeCode)

  250. 		require.NoError(t, err)

  251. 		assert.Len(t, teams, 1) // team permission is "write", so can write "code"

  252. 	})

  253. }