diff options
Diffstat (limited to 'modules/repository/collaborator_test.go')
-rw-r--r-- | modules/repository/collaborator_test.go | 281 |
1 files changed, 281 insertions, 0 deletions
diff --git a/modules/repository/collaborator_test.go b/modules/repository/collaborator_test.go new file mode 100644 index 0000000000..1b927aa3b6 --- /dev/null +++ b/modules/repository/collaborator_test.go @@ -0,0 +1,281 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package repository + +import ( + "testing" + + "code.gitea.io/gitea/models/db" + "code.gitea.io/gitea/models/organization" + perm_model "code.gitea.io/gitea/models/perm" + access_model "code.gitea.io/gitea/models/perm/access" + repo_model "code.gitea.io/gitea/models/repo" + "code.gitea.io/gitea/models/unit" + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" + + "github.com/stretchr/testify/assert" +) + +func TestRepository_AddCollaborator(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + testSuccess := func(repoID, userID int64) { + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repoID}) + assert.NoError(t, repo.GetOwner(db.DefaultContext)) + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID}) + assert.NoError(t, AddCollaborator(repo, user)) + unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID}, &user_model.User{ID: userID}) + } + testSuccess(1, 4) + testSuccess(1, 4) + testSuccess(3, 4) +} + +func TestRepoPermissionPublicNonOrgRepo(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + // public non-organization repo + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}) + assert.NoError(t, repo.LoadUnits(db.DefaultContext)) + + // plain user + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.False(t, perm.CanWrite(unit.Type)) + } + + // change to collaborator + assert.NoError(t, AddCollaborator(repo, user)) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + // collaborator + collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + // owner + owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + // admin + admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } +} + +func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + // private non-organization repo + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}) + assert.NoError(t, repo.LoadUnits(db.DefaultContext)) + + // plain user + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) + perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.False(t, perm.CanRead(unit.Type)) + assert.False(t, perm.CanWrite(unit.Type)) + } + + // change to collaborator to default write access + assert.NoError(t, AddCollaborator(repo, user)) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead)) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.False(t, perm.CanWrite(unit.Type)) + } + + // owner + owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + // admin + admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } +} + +func TestRepoPermissionPublicOrgRepo(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + // public organization repo + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}) + assert.NoError(t, repo.LoadUnits(db.DefaultContext)) + + // plain user + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) + perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.False(t, perm.CanWrite(unit.Type)) + } + + // change to collaborator to default write access + assert.NoError(t, AddCollaborator(repo, user)) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead)) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.False(t, perm.CanWrite(unit.Type)) + } + + // org member team owner + owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + // org member team tester + member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + } + assert.True(t, perm.CanWrite(unit.TypeIssues)) + assert.False(t, perm.CanWrite(unit.TypeCode)) + + // admin + admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } +} + +func TestRepoPermissionPrivateOrgRepo(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + // private organization repo + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}) + assert.NoError(t, repo.LoadUnits(db.DefaultContext)) + + // plain user + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) + perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.False(t, perm.CanRead(unit.Type)) + assert.False(t, perm.CanWrite(unit.Type)) + } + + // change to collaborator to default write access + assert.NoError(t, AddCollaborator(repo, user)) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead)) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.False(t, perm.CanWrite(unit.Type)) + } + + // org member team owner + owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + // update team information and then check permission + team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}) + err = organization.UpdateTeamUnits(team, nil) + assert.NoError(t, err) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } + + // org member team tester + tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester) + assert.NoError(t, err) + assert.True(t, perm.CanWrite(unit.TypeIssues)) + assert.False(t, perm.CanWrite(unit.TypeCode)) + assert.False(t, perm.CanRead(unit.TypeCode)) + + // org member team reviewer + reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer) + assert.NoError(t, err) + assert.False(t, perm.CanRead(unit.TypeIssues)) + assert.False(t, perm.CanWrite(unit.TypeCode)) + assert.True(t, perm.CanRead(unit.TypeCode)) + + // admin + admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) + assert.NoError(t, err) + for _, unit := range repo.Units { + assert.True(t, perm.CanRead(unit.Type)) + assert.True(t, perm.CanWrite(unit.Type)) + } +} |