aboutsummaryrefslogtreecommitdiffstats
path: root/integrations/api_team_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'integrations/api_team_test.go')
-rw-r--r--integrations/api_team_test.go13
1 files changed, 13 insertions, 0 deletions
diff --git a/integrations/api_team_test.go b/integrations/api_team_test.go
index f59d95c712..da29dea9f7 100644
--- a/integrations/api_team_test.go
+++ b/integrations/api_team_test.go
@@ -16,6 +16,7 @@ import (
func TestAPITeam(t *testing.T) {
prepareTestEnv(t)
+
teamUser := models.AssertExistsAndLoadBean(t, &models.TeamUser{}).(*models.TeamUser)
team := models.AssertExistsAndLoadBean(t, &models.Team{ID: teamUser.TeamID}).(*models.Team)
user := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser.UID}).(*models.User)
@@ -29,4 +30,16 @@ func TestAPITeam(t *testing.T) {
DecodeJSON(t, resp, &apiTeam)
assert.EqualValues(t, team.ID, apiTeam.ID)
assert.Equal(t, team.Name, apiTeam.Name)
+
+ // non team member user will not access the teams details
+ teamUser2 := models.AssertExistsAndLoadBean(t, &models.TeamUser{ID: 3}).(*models.TeamUser)
+ user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser2.UID}).(*models.User)
+
+ session = loginUser(t, user2.Name)
+ token = getTokenForLoggedInUser(t, session)
+ req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
+ resp = session.MakeRequest(t, req, http.StatusForbidden)
+
+ req = NewRequestf(t, "GET", "/api/v1/teams/%d", teamUser.TeamID)
+ resp = session.MakeRequest(t, req, http.StatusUnauthorized)
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 03:29:18 +0000