afan
/
gitea
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
gitea源码
2 коммитов
2 веток
Дерево: f5d5e77162
веток Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'f5d5e77162'
${ noResults }
gitea/tests/integration/api_repo_collaborator_test.go

api_repo_collaborator_test.go 6.3KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"net/http"

  8. 	"testing"

  9. 

  10. 	auth_model "code.gitea.io/gitea/models/auth"

  11. 	"code.gitea.io/gitea/models/perm"

  12. 	repo_model "code.gitea.io/gitea/models/repo"

  13. 	"code.gitea.io/gitea/models/unittest"

  14. 	user_model "code.gitea.io/gitea/models/user"

  15. 	api "code.gitea.io/gitea/modules/structs"

  16. 	"code.gitea.io/gitea/tests"

  17. 

  18. 	"github.com/stretchr/testify/assert"

  19. )

  20. 

  21. func TestAPIRepoCollaboratorPermission(t *testing.T) {

  22. 	defer tests.PrepareTestEnv(t)()

  23. 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})

  24. 	repo2Owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo2.OwnerID})

  25. 

  26. 	user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})

  27. 	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  28. 	user10 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 10})

  29. 	user11 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 11})

  30. 	user34 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 34})

  31. 

  32. 	testCtx := NewAPITestContext(t, repo2Owner.Name, repo2.Name, auth_model.AccessTokenScopeWriteRepository)

  33. 

  34. 	t.Run("RepoOwnerShouldBeOwner", func(t *testing.T) {

  35. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, repo2Owner.Name).

  36. 			AddTokenAuth(testCtx.Token)

  37. 		resp := MakeRequest(t, req, http.StatusOK)

  38. 

  39. 		var repoPermission api.RepoCollaboratorPermission

  40. 		DecodeJSON(t, resp, &repoPermission)

  41. 

  42. 		assert.Equal(t, "owner", repoPermission.Permission)

  43. 	})

  44. 

  45. 	t.Run("CollaboratorWithReadAccess", func(t *testing.T) {

  46. 		t.Run("AddUserAsCollaboratorWithReadAccess", doAPIAddCollaborator(testCtx, user4.Name, perm.AccessModeRead))

  47. 

  48. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user4.Name).

  49. 			AddTokenAuth(testCtx.Token)

  50. 		resp := MakeRequest(t, req, http.StatusOK)

  51. 

  52. 		var repoPermission api.RepoCollaboratorPermission

  53. 		DecodeJSON(t, resp, &repoPermission)

  54. 

  55. 		assert.Equal(t, "read", repoPermission.Permission)

  56. 	})

  57. 

  58. 	t.Run("CollaboratorWithWriteAccess", func(t *testing.T) {

  59. 		t.Run("AddUserAsCollaboratorWithWriteAccess", doAPIAddCollaborator(testCtx, user4.Name, perm.AccessModeWrite))

  60. 

  61. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user4.Name).

  62. 			AddTokenAuth(testCtx.Token)

  63. 		resp := MakeRequest(t, req, http.StatusOK)

  64. 

  65. 		var repoPermission api.RepoCollaboratorPermission

  66. 		DecodeJSON(t, resp, &repoPermission)

  67. 

  68. 		assert.Equal(t, "write", repoPermission.Permission)

  69. 	})

  70. 

  71. 	t.Run("CollaboratorWithAdminAccess", func(t *testing.T) {

  72. 		t.Run("AddUserAsCollaboratorWithAdminAccess", doAPIAddCollaborator(testCtx, user4.Name, perm.AccessModeAdmin))

  73. 

  74. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user4.Name).

  75. 			AddTokenAuth(testCtx.Token)

  76. 		resp := MakeRequest(t, req, http.StatusOK)

  77. 

  78. 		var repoPermission api.RepoCollaboratorPermission

  79. 		DecodeJSON(t, resp, &repoPermission)

  80. 

  81. 		assert.Equal(t, "admin", repoPermission.Permission)

  82. 	})

  83. 

  84. 	t.Run("CollaboratorNotFound", func(t *testing.T) {

  85. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, "non-existent-user").

  86. 			AddTokenAuth(testCtx.Token)

  87. 		MakeRequest(t, req, http.StatusNotFound)

  88. 	})

  89. 

  90. 	t.Run("CollaboratorBlocked", func(t *testing.T) {

  91. 		ctx := NewAPITestContext(t, repo2Owner.Name, repo2.Name, auth_model.AccessTokenScopeWriteRepository)

  92. 		ctx.ExpectedCode = http.StatusForbidden

  93. 		doAPIAddCollaborator(ctx, user34.Name, perm.AccessModeAdmin)(t)

  94. 	})

  95. 

  96. 	t.Run("CollaboratorCanQueryItsPermissions", func(t *testing.T) {

  97. 		t.Run("AddUserAsCollaboratorWithReadAccess", doAPIAddCollaborator(testCtx, user5.Name, perm.AccessModeRead))

  98. 

  99. 		_session := loginUser(t, user5.Name)

  100. 		_testCtx := NewAPITestContext(t, user5.Name, repo2.Name, auth_model.AccessTokenScopeReadRepository)

  101. 

  102. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user5.Name).

  103. 			AddTokenAuth(_testCtx.Token)

  104. 		resp := _session.MakeRequest(t, req, http.StatusOK)

  105. 

  106. 		var repoPermission api.RepoCollaboratorPermission

  107. 		DecodeJSON(t, resp, &repoPermission)

  108. 

  109. 		assert.Equal(t, "read", repoPermission.Permission)

  110. 

  111. 		t.Run("CollaboratorCanReadOwnPermission", func(t *testing.T) {

  112. 			session := loginUser(t, user5.Name)

  113. 			token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)

  114. 

  115. 			req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user5.Name).AddTokenAuth(token)

  116. 			resp = MakeRequest(t, req, http.StatusOK)

  117. 

  118. 			repoCollPerm := api.RepoCollaboratorPermission{}

  119. 			DecodeJSON(t, resp, &repoCollPerm)

  120. 

  121. 			assert.Equal(t, "read", repoCollPerm.Permission)

  122. 		})

  123. 	})

  124. 

  125. 	t.Run("CollaboratorCanQueryItsPermissions", func(t *testing.T) {

  126. 		t.Run("AddUserAsCollaboratorWithReadAccess", doAPIAddCollaborator(testCtx, user5.Name, perm.AccessModeRead))

  127. 

  128. 		_session := loginUser(t, user5.Name)

  129. 		_testCtx := NewAPITestContext(t, user5.Name, repo2.Name, auth_model.AccessTokenScopeReadRepository)

  130. 

  131. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user5.Name).

  132. 			AddTokenAuth(_testCtx.Token)

  133. 		resp := _session.MakeRequest(t, req, http.StatusOK)

  134. 

  135. 		var repoPermission api.RepoCollaboratorPermission

  136. 		DecodeJSON(t, resp, &repoPermission)

  137. 

  138. 		assert.Equal(t, "read", repoPermission.Permission)

  139. 	})

  140. 

  141. 	t.Run("RepoAdminCanQueryACollaboratorsPermissions", func(t *testing.T) {

  142. 		t.Run("AddUserAsCollaboratorWithAdminAccess", doAPIAddCollaborator(testCtx, user10.Name, perm.AccessModeAdmin))

  143. 		t.Run("AddUserAsCollaboratorWithReadAccess", doAPIAddCollaborator(testCtx, user11.Name, perm.AccessModeRead))

  144. 

  145. 		_session := loginUser(t, user10.Name)

  146. 		_testCtx := NewAPITestContext(t, user10.Name, repo2.Name, auth_model.AccessTokenScopeReadRepository)

  147. 

  148. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user11.Name).

  149. 			AddTokenAuth(_testCtx.Token)

  150. 		resp := _session.MakeRequest(t, req, http.StatusOK)

  151. 

  152. 		var repoPermission api.RepoCollaboratorPermission

  153. 		DecodeJSON(t, resp, &repoPermission)

  154. 

  155. 		assert.Equal(t, "read", repoPermission.Permission)

  156. 	})

  157. }