mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12238 Commits
17 Branches
Tree: 12938dd35f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '12938dd35f'
${ noResults }
gitea/models/repo_permission_test.go

repo_permission_test.go 8.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"testing"

  9. 

  10. 	"code.gitea.io/gitea/models/db"

  11. 	"github.com/stretchr/testify/assert"

  12. )

  13. 

  14. func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

  15. 	assert.NoError(t, db.PrepareTestDatabase())

  16. 

  17. 	// public non-organization repo

  18. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)

  19. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  20. 

  21. 	// plain user

  22. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  23. 	perm, err := GetUserRepoPermission(repo, user)

  24. 	assert.NoError(t, err)

  25. 	for _, unit := range repo.Units {

  26. 		assert.True(t, perm.CanRead(unit.Type))

  27. 		assert.False(t, perm.CanWrite(unit.Type))

  28. 	}

  29. 

  30. 	// change to collaborator

  31. 	assert.NoError(t, repo.AddCollaborator(user))

  32. 	perm, err = GetUserRepoPermission(repo, user)

  33. 	assert.NoError(t, err)

  34. 	for _, unit := range repo.Units {

  35. 		assert.True(t, perm.CanRead(unit.Type))

  36. 		assert.True(t, perm.CanWrite(unit.Type))

  37. 	}

  38. 

  39. 	// collaborator

  40. 	collaborator := db.AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)

  41. 	perm, err = GetUserRepoPermission(repo, collaborator)

  42. 	assert.NoError(t, err)

  43. 	for _, unit := range repo.Units {

  44. 		assert.True(t, perm.CanRead(unit.Type))

  45. 		assert.True(t, perm.CanWrite(unit.Type))

  46. 	}

  47. 

  48. 	// owner

  49. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  50. 	perm, err = GetUserRepoPermission(repo, owner)

  51. 	assert.NoError(t, err)

  52. 	for _, unit := range repo.Units {

  53. 		assert.True(t, perm.CanRead(unit.Type))

  54. 		assert.True(t, perm.CanWrite(unit.Type))

  55. 	}

  56. 

  57. 	// admin

  58. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  59. 	perm, err = GetUserRepoPermission(repo, admin)

  60. 	assert.NoError(t, err)

  61. 	for _, unit := range repo.Units {

  62. 		assert.True(t, perm.CanRead(unit.Type))

  63. 		assert.True(t, perm.CanWrite(unit.Type))

  64. 	}

  65. }

  66. 

  67. func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

  68. 	assert.NoError(t, db.PrepareTestDatabase())

  69. 

  70. 	// private non-organization repo

  71. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 2}).(*Repository)

  72. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  73. 

  74. 	// plain user

  75. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)

  76. 	perm, err := GetUserRepoPermission(repo, user)

  77. 	assert.NoError(t, err)

  78. 	for _, unit := range repo.Units {

  79. 		assert.False(t, perm.CanRead(unit.Type))

  80. 		assert.False(t, perm.CanWrite(unit.Type))

  81. 	}

  82. 

  83. 	// change to collaborator to default write access

  84. 	assert.NoError(t, repo.AddCollaborator(user))

  85. 	perm, err = GetUserRepoPermission(repo, user)

  86. 	assert.NoError(t, err)

  87. 	for _, unit := range repo.Units {

  88. 		assert.True(t, perm.CanRead(unit.Type))

  89. 		assert.True(t, perm.CanWrite(unit.Type))

  90. 	}

  91. 

  92. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  93. 	perm, err = GetUserRepoPermission(repo, user)

  94. 	assert.NoError(t, err)

  95. 	for _, unit := range repo.Units {

  96. 		assert.True(t, perm.CanRead(unit.Type))

  97. 		assert.False(t, perm.CanWrite(unit.Type))

  98. 	}

  99. 

  100. 	// owner

  101. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  102. 	perm, err = GetUserRepoPermission(repo, owner)

  103. 	assert.NoError(t, err)

  104. 	for _, unit := range repo.Units {

  105. 		assert.True(t, perm.CanRead(unit.Type))

  106. 		assert.True(t, perm.CanWrite(unit.Type))

  107. 	}

  108. 

  109. 	// admin

  110. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  111. 	perm, err = GetUserRepoPermission(repo, admin)

  112. 	assert.NoError(t, err)

  113. 	for _, unit := range repo.Units {

  114. 		assert.True(t, perm.CanRead(unit.Type))

  115. 		assert.True(t, perm.CanWrite(unit.Type))

  116. 	}

  117. }

  118. 

  119. func TestRepoPermissionPublicOrgRepo(t *testing.T) {

  120. 	assert.NoError(t, db.PrepareTestDatabase())

  121. 

  122. 	// public organization repo

  123. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 32}).(*Repository)

  124. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  125. 

  126. 	// plain user

  127. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  128. 	perm, err := GetUserRepoPermission(repo, user)

  129. 	assert.NoError(t, err)

  130. 	for _, unit := range repo.Units {

  131. 		assert.True(t, perm.CanRead(unit.Type))

  132. 		assert.False(t, perm.CanWrite(unit.Type))

  133. 	}

  134. 

  135. 	// change to collaborator to default write access

  136. 	assert.NoError(t, repo.AddCollaborator(user))

  137. 	perm, err = GetUserRepoPermission(repo, user)

  138. 	assert.NoError(t, err)

  139. 	for _, unit := range repo.Units {

  140. 		assert.True(t, perm.CanRead(unit.Type))

  141. 		assert.True(t, perm.CanWrite(unit.Type))

  142. 	}

  143. 

  144. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  145. 	perm, err = GetUserRepoPermission(repo, user)

  146. 	assert.NoError(t, err)

  147. 	for _, unit := range repo.Units {

  148. 		assert.True(t, perm.CanRead(unit.Type))

  149. 		assert.False(t, perm.CanWrite(unit.Type))

  150. 	}

  151. 

  152. 	// org member team owner

  153. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  154. 	perm, err = GetUserRepoPermission(repo, owner)

  155. 	assert.NoError(t, err)

  156. 	for _, unit := range repo.Units {

  157. 		assert.True(t, perm.CanRead(unit.Type))

  158. 		assert.True(t, perm.CanWrite(unit.Type))

  159. 	}

  160. 

  161. 	// org member team tester

  162. 	member := db.AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)

  163. 	perm, err = GetUserRepoPermission(repo, member)

  164. 	assert.NoError(t, err)

  165. 	for _, unit := range repo.Units {

  166. 		assert.True(t, perm.CanRead(unit.Type))

  167. 	}

  168. 	assert.True(t, perm.CanWrite(UnitTypeIssues))

  169. 	assert.False(t, perm.CanWrite(UnitTypeCode))

  170. 

  171. 	// admin

  172. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  173. 	perm, err = GetUserRepoPermission(repo, admin)

  174. 	assert.NoError(t, err)

  175. 	for _, unit := range repo.Units {

  176. 		assert.True(t, perm.CanRead(unit.Type))

  177. 		assert.True(t, perm.CanWrite(unit.Type))

  178. 	}

  179. }

  180. 

  181. func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

  182. 	assert.NoError(t, db.PrepareTestDatabase())

  183. 

  184. 	// private organization repo

  185. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 24}).(*Repository)

  186. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  187. 

  188. 	// plain user

  189. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  190. 	perm, err := GetUserRepoPermission(repo, user)

  191. 	assert.NoError(t, err)

  192. 	for _, unit := range repo.Units {

  193. 		assert.False(t, perm.CanRead(unit.Type))

  194. 		assert.False(t, perm.CanWrite(unit.Type))

  195. 	}

  196. 

  197. 	// change to collaborator to default write access

  198. 	assert.NoError(t, repo.AddCollaborator(user))

  199. 	perm, err = GetUserRepoPermission(repo, user)

  200. 	assert.NoError(t, err)

  201. 	for _, unit := range repo.Units {

  202. 		assert.True(t, perm.CanRead(unit.Type))

  203. 		assert.True(t, perm.CanWrite(unit.Type))

  204. 	}

  205. 

  206. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  207. 	perm, err = GetUserRepoPermission(repo, user)

  208. 	assert.NoError(t, err)

  209. 	for _, unit := range repo.Units {

  210. 		assert.True(t, perm.CanRead(unit.Type))

  211. 		assert.False(t, perm.CanWrite(unit.Type))

  212. 	}

  213. 

  214. 	// org member team owner

  215. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)

  216. 	perm, err = GetUserRepoPermission(repo, owner)

  217. 	assert.NoError(t, err)

  218. 	for _, unit := range repo.Units {

  219. 		assert.True(t, perm.CanRead(unit.Type))

  220. 		assert.True(t, perm.CanWrite(unit.Type))

  221. 	}

  222. 

  223. 	// update team information and then check permission

  224. 	team := db.AssertExistsAndLoadBean(t, &Team{ID: 5}).(*Team)

  225. 	err = UpdateTeamUnits(team, nil)

  226. 	assert.NoError(t, err)

  227. 	perm, err = GetUserRepoPermission(repo, owner)

  228. 	assert.NoError(t, err)

  229. 	for _, unit := range repo.Units {

  230. 		assert.True(t, perm.CanRead(unit.Type))

  231. 		assert.True(t, perm.CanWrite(unit.Type))

  232. 	}

  233. 

  234. 	// org member team tester

  235. 	tester := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  236. 	perm, err = GetUserRepoPermission(repo, tester)

  237. 	assert.NoError(t, err)

  238. 	assert.True(t, perm.CanWrite(UnitTypeIssues))

  239. 	assert.False(t, perm.CanWrite(UnitTypeCode))

  240. 	assert.False(t, perm.CanRead(UnitTypeCode))

  241. 

  242. 	// org member team reviewer

  243. 	reviewer := db.AssertExistsAndLoadBean(t, &User{ID: 20}).(*User)

  244. 	perm, err = GetUserRepoPermission(repo, reviewer)

  245. 	assert.NoError(t, err)

  246. 	assert.False(t, perm.CanRead(UnitTypeIssues))

  247. 	assert.False(t, perm.CanWrite(UnitTypeCode))

  248. 	assert.True(t, perm.CanRead(UnitTypeCode))

  249. 

  250. 	// admin

  251. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  252. 	perm, err = GetUserRepoPermission(repo, admin)

  253. 	assert.NoError(t, err)

  254. 	for _, unit := range repo.Units {

  255. 		assert.True(t, perm.CanRead(unit.Type))

  256. 		assert.True(t, perm.CanWrite(unit.Type))

  257. 	}

  258. }