mirrors
/
gitea
огледало од https://github.com/go-gitea/gitea.git
Прати 1
Волим 0
Креирај огранак 0
Код Дискусије 0 Издања 211 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13287 Комити
17 Гране
Дрво: 0cbec3cd37
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '0cbec3cd37'
${ noResults }
gitea/models/repo_permission_test.go

repo_permission_test.go 9.7KB
Датотека Blame Историја

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"testing"

  9. 

  10. 	"code.gitea.io/gitea/models/db"

  11. 	"code.gitea.io/gitea/models/organization"

  12. 	perm_model "code.gitea.io/gitea/models/perm"

  13. 	access_model "code.gitea.io/gitea/models/perm/access"

  14. 	repo_model "code.gitea.io/gitea/models/repo"

  15. 	"code.gitea.io/gitea/models/unit"

  16. 	"code.gitea.io/gitea/models/unittest"

  17. 	user_model "code.gitea.io/gitea/models/user"

  18. 

  19. 	"github.com/stretchr/testify/assert"

  20. )

  21. 

  22. func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

  23. 	assert.NoError(t, unittest.PrepareTestDatabase())

  24. 

  25. 	// public non-organization repo

  26. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)

  27. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  28. 

  29. 	// plain user

  30. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  31. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  32. 	assert.NoError(t, err)

  33. 	for _, unit := range repo.Units {

  34. 		assert.True(t, perm.CanRead(unit.Type))

  35. 		assert.False(t, perm.CanWrite(unit.Type))

  36. 	}

  37. 

  38. 	// change to collaborator

  39. 	assert.NoError(t, AddCollaborator(repo, user))

  40. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  41. 	assert.NoError(t, err)

  42. 	for _, unit := range repo.Units {

  43. 		assert.True(t, perm.CanRead(unit.Type))

  44. 		assert.True(t, perm.CanWrite(unit.Type))

  45. 	}

  46. 

  47. 	// collaborator

  48. 	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)

  49. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator)

  50. 	assert.NoError(t, err)

  51. 	for _, unit := range repo.Units {

  52. 		assert.True(t, perm.CanRead(unit.Type))

  53. 		assert.True(t, perm.CanWrite(unit.Type))

  54. 	}

  55. 

  56. 	// owner

  57. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  58. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  59. 	assert.NoError(t, err)

  60. 	for _, unit := range repo.Units {

  61. 		assert.True(t, perm.CanRead(unit.Type))

  62. 		assert.True(t, perm.CanWrite(unit.Type))

  63. 	}

  64. 

  65. 	// admin

  66. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  67. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  68. 	assert.NoError(t, err)

  69. 	for _, unit := range repo.Units {

  70. 		assert.True(t, perm.CanRead(unit.Type))

  71. 		assert.True(t, perm.CanWrite(unit.Type))

  72. 	}

  73. }

  74. 

  75. func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

  76. 	assert.NoError(t, unittest.PrepareTestDatabase())

  77. 

  78. 	// private non-organization repo

  79. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}).(*repo_model.Repository)

  80. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  81. 

  82. 	// plain user

  83. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)

  84. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  85. 	assert.NoError(t, err)

  86. 	for _, unit := range repo.Units {

  87. 		assert.False(t, perm.CanRead(unit.Type))

  88. 		assert.False(t, perm.CanWrite(unit.Type))

  89. 	}

  90. 

  91. 	// change to collaborator to default write access

  92. 	assert.NoError(t, AddCollaborator(repo, user))

  93. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  94. 	assert.NoError(t, err)

  95. 	for _, unit := range repo.Units {

  96. 		assert.True(t, perm.CanRead(unit.Type))

  97. 		assert.True(t, perm.CanWrite(unit.Type))

  98. 	}

  99. 

  100. 	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))

  101. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  102. 	assert.NoError(t, err)

  103. 	for _, unit := range repo.Units {

  104. 		assert.True(t, perm.CanRead(unit.Type))

  105. 		assert.False(t, perm.CanWrite(unit.Type))

  106. 	}

  107. 

  108. 	// owner

  109. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  110. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  111. 	assert.NoError(t, err)

  112. 	for _, unit := range repo.Units {

  113. 		assert.True(t, perm.CanRead(unit.Type))

  114. 		assert.True(t, perm.CanWrite(unit.Type))

  115. 	}

  116. 

  117. 	// admin

  118. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  119. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  120. 	assert.NoError(t, err)

  121. 	for _, unit := range repo.Units {

  122. 		assert.True(t, perm.CanRead(unit.Type))

  123. 		assert.True(t, perm.CanWrite(unit.Type))

  124. 	}

  125. }

  126. 

  127. func TestRepoPermissionPublicOrgRepo(t *testing.T) {

  128. 	assert.NoError(t, unittest.PrepareTestDatabase())

  129. 

  130. 	// public organization repo

  131. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}).(*repo_model.Repository)

  132. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  133. 

  134. 	// plain user

  135. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  136. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  137. 	assert.NoError(t, err)

  138. 	for _, unit := range repo.Units {

  139. 		assert.True(t, perm.CanRead(unit.Type))

  140. 		assert.False(t, perm.CanWrite(unit.Type))

  141. 	}

  142. 

  143. 	// change to collaborator to default write access

  144. 	assert.NoError(t, AddCollaborator(repo, user))

  145. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  146. 	assert.NoError(t, err)

  147. 	for _, unit := range repo.Units {

  148. 		assert.True(t, perm.CanRead(unit.Type))

  149. 		assert.True(t, perm.CanWrite(unit.Type))

  150. 	}

  151. 

  152. 	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))

  153. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  154. 	assert.NoError(t, err)

  155. 	for _, unit := range repo.Units {

  156. 		assert.True(t, perm.CanRead(unit.Type))

  157. 		assert.False(t, perm.CanWrite(unit.Type))

  158. 	}

  159. 

  160. 	// org member team owner

  161. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  162. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  163. 	assert.NoError(t, err)

  164. 	for _, unit := range repo.Units {

  165. 		assert.True(t, perm.CanRead(unit.Type))

  166. 		assert.True(t, perm.CanWrite(unit.Type))

  167. 	}

  168. 

  169. 	// org member team tester

  170. 	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)

  171. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member)

  172. 	assert.NoError(t, err)

  173. 	for _, unit := range repo.Units {

  174. 		assert.True(t, perm.CanRead(unit.Type))

  175. 	}

  176. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  177. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  178. 

  179. 	// admin

  180. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  181. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  182. 	assert.NoError(t, err)

  183. 	for _, unit := range repo.Units {

  184. 		assert.True(t, perm.CanRead(unit.Type))

  185. 		assert.True(t, perm.CanWrite(unit.Type))

  186. 	}

  187. }

  188. 

  189. func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

  190. 	assert.NoError(t, unittest.PrepareTestDatabase())

  191. 

  192. 	// private organization repo

  193. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)

  194. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  195. 

  196. 	// plain user

  197. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  198. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  199. 	assert.NoError(t, err)

  200. 	for _, unit := range repo.Units {

  201. 		assert.False(t, perm.CanRead(unit.Type))

  202. 		assert.False(t, perm.CanWrite(unit.Type))

  203. 	}

  204. 

  205. 	// change to collaborator to default write access

  206. 	assert.NoError(t, AddCollaborator(repo, user))

  207. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  208. 	assert.NoError(t, err)

  209. 	for _, unit := range repo.Units {

  210. 		assert.True(t, perm.CanRead(unit.Type))

  211. 		assert.True(t, perm.CanWrite(unit.Type))

  212. 	}

  213. 

  214. 	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))

  215. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  216. 	assert.NoError(t, err)

  217. 	for _, unit := range repo.Units {

  218. 		assert.True(t, perm.CanRead(unit.Type))

  219. 		assert.False(t, perm.CanWrite(unit.Type))

  220. 	}

  221. 

  222. 	// org member team owner

  223. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)

  224. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  225. 	assert.NoError(t, err)

  226. 	for _, unit := range repo.Units {

  227. 		assert.True(t, perm.CanRead(unit.Type))

  228. 		assert.True(t, perm.CanWrite(unit.Type))

  229. 	}

  230. 

  231. 	// update team information and then check permission

  232. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)

  233. 	err = organization.UpdateTeamUnits(team, nil)

  234. 	assert.NoError(t, err)

  235. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  236. 	assert.NoError(t, err)

  237. 	for _, unit := range repo.Units {

  238. 		assert.True(t, perm.CanRead(unit.Type))

  239. 		assert.True(t, perm.CanWrite(unit.Type))

  240. 	}

  241. 

  242. 	// org member team tester

  243. 	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  244. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester)

  245. 	assert.NoError(t, err)

  246. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  247. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  248. 	assert.False(t, perm.CanRead(unit.TypeCode))

  249. 

  250. 	// org member team reviewer

  251. 	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)

  252. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer)

  253. 	assert.NoError(t, err)

  254. 	assert.False(t, perm.CanRead(unit.TypeIssues))

  255. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  256. 	assert.True(t, perm.CanRead(unit.TypeCode))

  257. 

  258. 	// admin

  259. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  260. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  261. 	assert.NoError(t, err)

  262. 	for _, unit := range repo.Units {

  263. 		assert.True(t, perm.CanRead(unit.Type))

  264. 		assert.True(t, perm.CanWrite(unit.Type))

  265. 	}

  266. }