aboutsummaryrefslogtreecommitdiffstats
path: root/tests/integration/api_org_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'tests/integration/api_org_test.go')
-rw-r--r--tests/integration/api_org_test.go232
1 files changed, 127 insertions, 105 deletions
diff --git a/tests/integration/api_org_test.go b/tests/integration/api_org_test.go
index d766b1e8be..6577bd1684 100644
--- a/tests/integration/api_org_test.go
+++ b/tests/integration/api_org_test.go
@@ -22,6 +22,7 @@ import (
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
)
func TestAPIOrgCreateRename(t *testing.T) {
@@ -59,7 +60,7 @@ func TestAPIOrgCreateRename(t *testing.T) {
req = NewRequestf(t, "GET", "/api/v1/orgs/%s", org.UserName).AddTokenAuth(token)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiOrg)
- assert.EqualValues(t, org.UserName, apiOrg.Name)
+ assert.Equal(t, org.UserName, apiOrg.Name)
t.Run("CheckPermission", func(t *testing.T) {
// Check owner team permission
@@ -86,7 +87,7 @@ func TestAPIOrgCreateRename(t *testing.T) {
var users []*api.User
DecodeJSON(t, resp, &users)
assert.Len(t, users, 1)
- assert.EqualValues(t, "user1", users[0].UserName)
+ assert.Equal(t, "user1", users[0].UserName)
})
t.Run("RenameOrg", func(t *testing.T) {
@@ -110,121 +111,142 @@ func TestAPIOrgCreateRename(t *testing.T) {
})
}
-func TestAPIOrgEdit(t *testing.T) {
+func TestAPIOrgGeneral(t *testing.T) {
defer tests.PrepareTestEnv(t)()
- session := loginUser(t, "user1")
-
- token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
- org := api.EditOrgOption{
- FullName: "Org3 organization new full name",
- Description: "A new description",
- Website: "https://try.gitea.io/new",
- Location: "Beijing",
- Visibility: "private",
- }
- req := NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &org).
- AddTokenAuth(token)
- resp := MakeRequest(t, req, http.StatusOK)
+ user1Session := loginUser(t, "user1")
+ user1Token := getTokenForLoggedInUser(t, user1Session, auth_model.AccessTokenScopeWriteOrganization)
+
+ t.Run("OrgGetAll", func(t *testing.T) {
+ // accessing with a token will return all orgs
+ req := NewRequest(t, "GET", "/api/v1/orgs").AddTokenAuth(user1Token)
+ resp := MakeRequest(t, req, http.StatusOK)
+ var apiOrgList []*api.Organization
+
+ DecodeJSON(t, resp, &apiOrgList)
+ assert.Len(t, apiOrgList, 13)
+ assert.Equal(t, "Limited Org 36", apiOrgList[1].FullName)
+ assert.Equal(t, "limited", apiOrgList[1].Visibility)
+
+ // accessing without a token will return only public orgs
+ req = NewRequest(t, "GET", "/api/v1/orgs")
+ resp = MakeRequest(t, req, http.StatusOK)
- var apiOrg api.Organization
- DecodeJSON(t, resp, &apiOrg)
+ DecodeJSON(t, resp, &apiOrgList)
+ assert.Len(t, apiOrgList, 9)
+ assert.Equal(t, "org 17", apiOrgList[0].FullName)
+ assert.Equal(t, "public", apiOrgList[0].Visibility)
+ })
- assert.Equal(t, "org3", apiOrg.Name)
- assert.Equal(t, org.FullName, apiOrg.FullName)
- assert.Equal(t, org.Description, apiOrg.Description)
- assert.Equal(t, org.Website, apiOrg.Website)
- assert.Equal(t, org.Location, apiOrg.Location)
- assert.Equal(t, org.Visibility, apiOrg.Visibility)
-}
+ t.Run("OrgEdit", func(t *testing.T) {
+ org := api.EditOrgOption{
+ FullName: "Org3 organization new full name",
+ Description: "A new description",
+ Website: "https://try.gitea.io/new",
+ Location: "Beijing",
+ Visibility: "private",
+ }
+ req := NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &org).AddTokenAuth(user1Token)
+ resp := MakeRequest(t, req, http.StatusOK)
+
+ var apiOrg api.Organization
+ DecodeJSON(t, resp, &apiOrg)
+
+ assert.Equal(t, "org3", apiOrg.Name)
+ assert.Equal(t, org.FullName, apiOrg.FullName)
+ assert.Equal(t, org.Description, apiOrg.Description)
+ assert.Equal(t, org.Website, apiOrg.Website)
+ assert.Equal(t, org.Location, apiOrg.Location)
+ assert.Equal(t, org.Visibility, apiOrg.Visibility)
+ })
-func TestAPIOrgEditBadVisibility(t *testing.T) {
- defer tests.PrepareTestEnv(t)()
- session := loginUser(t, "user1")
-
- token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
- org := api.EditOrgOption{
- FullName: "Org3 organization new full name",
- Description: "A new description",
- Website: "https://try.gitea.io/new",
- Location: "Beijing",
- Visibility: "badvisibility",
- }
- req := NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &org).
- AddTokenAuth(token)
- MakeRequest(t, req, http.StatusUnprocessableEntity)
-}
+ t.Run("OrgEditBadVisibility", func(t *testing.T) {
+ org := api.EditOrgOption{
+ FullName: "Org3 organization new full name",
+ Description: "A new description",
+ Website: "https://try.gitea.io/new",
+ Location: "Beijing",
+ Visibility: "badvisibility",
+ }
+ req := NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &org).AddTokenAuth(user1Token)
+ MakeRequest(t, req, http.StatusUnprocessableEntity)
+ })
-func TestAPIOrgDeny(t *testing.T) {
- defer tests.PrepareTestEnv(t)()
- defer test.MockVariableValue(&setting.Service.RequireSignInView, true)()
+ t.Run("OrgDeny", func(t *testing.T) {
+ defer test.MockVariableValue(&setting.Service.RequireSignInViewStrict, true)()
- orgName := "user1_org"
- req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName)
- MakeRequest(t, req, http.StatusNotFound)
+ orgName := "user1_org"
+ req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName)
+ MakeRequest(t, req, http.StatusNotFound)
- req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", orgName)
- MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", orgName)
+ MakeRequest(t, req, http.StatusNotFound)
- req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", orgName)
- MakeRequest(t, req, http.StatusNotFound)
-}
+ req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", orgName)
+ MakeRequest(t, req, http.StatusNotFound)
+ })
-func TestAPIGetAll(t *testing.T) {
- defer tests.PrepareTestEnv(t)()
- token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadOrganization)
+ t.Run("OrgSearchEmptyTeam", func(t *testing.T) {
+ orgName := "org_with_empty_team"
+ // create org
+ req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &api.CreateOrgOption{
+ UserName: orgName,
+ }).AddTokenAuth(user1Token)
+ MakeRequest(t, req, http.StatusCreated)
+
+ // create team with no member
+ req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams", orgName), &api.CreateTeamOption{
+ Name: "Empty",
+ IncludesAllRepositories: true,
+ Permission: "read",
+ Units: []string{"repo.code", "repo.issues", "repo.ext_issues", "repo.wiki", "repo.pulls"},
+ }).AddTokenAuth(user1Token)
+ MakeRequest(t, req, http.StatusCreated)
+
+ // case-insensitive search for teams that have no members
+ req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/teams/search?q=%s", orgName, "empty")).
+ AddTokenAuth(user1Token)
+ resp := MakeRequest(t, req, http.StatusOK)
+ data := struct {
+ Ok bool
+ Data []*api.Team
+ }{}
+ DecodeJSON(t, resp, &data)
+ assert.True(t, data.Ok)
+ if assert.Len(t, data.Data, 1) {
+ assert.Equal(t, "Empty", data.Data[0].Name)
+ }
+ })
- // accessing with a token will return all orgs
- req := NewRequest(t, "GET", "/api/v1/orgs").
- AddTokenAuth(token)
- resp := MakeRequest(t, req, http.StatusOK)
- var apiOrgList []*api.Organization
+ t.Run("User2ChangeStatus", func(t *testing.T) {
+ user2Session := loginUser(t, "user2")
+ user2Token := getTokenForLoggedInUser(t, user2Session, auth_model.AccessTokenScopeWriteOrganization)
- DecodeJSON(t, resp, &apiOrgList)
- assert.Len(t, apiOrgList, 13)
- assert.Equal(t, "Limited Org 36", apiOrgList[1].FullName)
- assert.Equal(t, "limited", apiOrgList[1].Visibility)
+ req := NewRequest(t, "PUT", "/api/v1/orgs/org3/public_members/user2").AddTokenAuth(user2Token)
+ MakeRequest(t, req, http.StatusNoContent)
+ req = NewRequest(t, "DELETE", "/api/v1/orgs/org3/public_members/user2").AddTokenAuth(user2Token)
+ MakeRequest(t, req, http.StatusNoContent)
- // accessing without a token will return only public orgs
- req = NewRequest(t, "GET", "/api/v1/orgs")
- resp = MakeRequest(t, req, http.StatusOK)
+ // non admin but org owner could also change other member's status
+ user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
+ require.False(t, user2.IsAdmin)
+ req = NewRequest(t, "PUT", "/api/v1/orgs/org3/public_members/user1").AddTokenAuth(user2Token)
+ MakeRequest(t, req, http.StatusNoContent)
+ req = NewRequest(t, "DELETE", "/api/v1/orgs/org3/public_members/user1").AddTokenAuth(user2Token)
+ MakeRequest(t, req, http.StatusNoContent)
+ })
- DecodeJSON(t, resp, &apiOrgList)
- assert.Len(t, apiOrgList, 9)
- assert.Equal(t, "org 17", apiOrgList[0].FullName)
- assert.Equal(t, "public", apiOrgList[0].Visibility)
-}
+ t.Run("User4ChangeStatus", func(t *testing.T) {
+ user4Session := loginUser(t, "user4")
+ user4Token := getTokenForLoggedInUser(t, user4Session, auth_model.AccessTokenScopeWriteOrganization)
-func TestAPIOrgSearchEmptyTeam(t *testing.T) {
- defer tests.PrepareTestEnv(t)()
- token := getUserToken(t, "user1", auth_model.AccessTokenScopeWriteOrganization)
- orgName := "org_with_empty_team"
-
- // create org
- req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &api.CreateOrgOption{
- UserName: orgName,
- }).AddTokenAuth(token)
- MakeRequest(t, req, http.StatusCreated)
-
- // create team with no member
- req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams", orgName), &api.CreateTeamOption{
- Name: "Empty",
- IncludesAllRepositories: true,
- Permission: "read",
- Units: []string{"repo.code", "repo.issues", "repo.ext_issues", "repo.wiki", "repo.pulls"},
- }).AddTokenAuth(token)
- MakeRequest(t, req, http.StatusCreated)
-
- // case-insensitive search for teams that have no members
- req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/teams/search?q=%s", orgName, "empty")).
- AddTokenAuth(token)
- resp := MakeRequest(t, req, http.StatusOK)
- data := struct {
- Ok bool
- Data []*api.Team
- }{}
- DecodeJSON(t, resp, &data)
- assert.True(t, data.Ok)
- if assert.Len(t, data.Data, 1) {
- assert.EqualValues(t, "Empty", data.Data[0].Name)
- }
+ // user4 is a normal team member, they could change their own status
+ req := NewRequest(t, "PUT", "/api/v1/orgs/org3/public_members/user4").AddTokenAuth(user4Token)
+ MakeRequest(t, req, http.StatusNoContent)
+ req = NewRequest(t, "DELETE", "/api/v1/orgs/org3/public_members/user4").AddTokenAuth(user4Token)
+ MakeRequest(t, req, http.StatusNoContent)
+ req = NewRequest(t, "PUT", "/api/v1/orgs/org3/public_members/user1").AddTokenAuth(user4Token)
+ MakeRequest(t, req, http.StatusForbidden)
+ req = NewRequest(t, "DELETE", "/api/v1/orgs/org3/public_members/user1").AddTokenAuth(user4Token)
+ MakeRequest(t, req, http.StatusForbidden)
+ })
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 23:34:30 +0000