mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13291 Commits
17 Branches
Tree: 8720f876c7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8720f876c7'
${ noResults }
gitea/integrations/org_test.go

org_test.go 7.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package integrations

  6. 

  7. import (

  8. 	"fmt"

  9. 	"net/http"

  10. 	"strings"

  11. 	"testing"

  12. 

  13. 	"code.gitea.io/gitea/models/unittest"

  14. 	user_model "code.gitea.io/gitea/models/user"

  15. 	api "code.gitea.io/gitea/modules/structs"

  16. 

  17. 	"github.com/stretchr/testify/assert"

  18. )

  19. 

  20. func TestOrgRepos(t *testing.T) {

  21. 	defer prepareTestEnv(t)()

  22. 

  23. 	var (

  24. 		users = []string{"user1", "user2"}

  25. 		cases = map[string][]string{

  26. 			"alphabetically":        {"repo21", "repo3", "repo5"},

  27. 			"reversealphabetically": {"repo5", "repo3", "repo21"},

  28. 		}

  29. 	)

  30. 

  31. 	for _, user := range users {

  32. 		t.Run(user, func(t *testing.T) {

  33. 			session := loginUser(t, user)

  34. 			for sortBy, repos := range cases {

  35. 				req := NewRequest(t, "GET", "/user3?sort="+sortBy)

  36. 				resp := session.MakeRequest(t, req, http.StatusOK)

  37. 

  38. 				htmlDoc := NewHTMLParser(t, resp.Body)

  39. 

  40. 				sel := htmlDoc.doc.Find("a.name")

  41. 				assert.Len(t, repos, len(sel.Nodes))

  42. 				for i := 0; i < len(repos); i++ {

  43. 					assert.EqualValues(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))

  44. 				}

  45. 			}

  46. 		})

  47. 	}

  48. }

  49. 

  50. func TestLimitedOrg(t *testing.T) {

  51. 	defer prepareTestEnv(t)()

  52. 

  53. 	// not logged in user

  54. 	req := NewRequest(t, "GET", "/limited_org")

  55. 	MakeRequest(t, req, http.StatusNotFound)

  56. 	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")

  57. 	MakeRequest(t, req, http.StatusNotFound)

  58. 	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")

  59. 	MakeRequest(t, req, http.StatusNotFound)

  60. 

  61. 	// login non-org member user

  62. 	session := loginUser(t, "user2")

  63. 	req = NewRequest(t, "GET", "/limited_org")

  64. 	session.MakeRequest(t, req, http.StatusOK)

  65. 	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")

  66. 	session.MakeRequest(t, req, http.StatusOK)

  67. 	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")

  68. 	session.MakeRequest(t, req, http.StatusNotFound)

  69. 

  70. 	// site admin

  71. 	session = loginUser(t, "user1")

  72. 	req = NewRequest(t, "GET", "/limited_org")

  73. 	session.MakeRequest(t, req, http.StatusOK)

  74. 	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")

  75. 	session.MakeRequest(t, req, http.StatusOK)

  76. 	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")

  77. 	session.MakeRequest(t, req, http.StatusOK)

  78. }

  79. 

  80. func TestPrivateOrg(t *testing.T) {

  81. 	defer prepareTestEnv(t)()

  82. 

  83. 	// not logged in user

  84. 	req := NewRequest(t, "GET", "/privated_org")

  85. 	MakeRequest(t, req, http.StatusNotFound)

  86. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")

  87. 	MakeRequest(t, req, http.StatusNotFound)

  88. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  89. 	MakeRequest(t, req, http.StatusNotFound)

  90. 

  91. 	// login non-org member user

  92. 	session := loginUser(t, "user2")

  93. 	req = NewRequest(t, "GET", "/privated_org")

  94. 	session.MakeRequest(t, req, http.StatusNotFound)

  95. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")

  96. 	session.MakeRequest(t, req, http.StatusNotFound)

  97. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  98. 	session.MakeRequest(t, req, http.StatusNotFound)

  99. 

  100. 	// non-org member who is collaborator on repo in private org

  101. 	session = loginUser(t, "user4")

  102. 	req = NewRequest(t, "GET", "/privated_org")

  103. 	session.MakeRequest(t, req, http.StatusNotFound)

  104. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo

  105. 	session.MakeRequest(t, req, http.StatusOK)

  106. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  107. 	session.MakeRequest(t, req, http.StatusNotFound)

  108. 

  109. 	// site admin

  110. 	session = loginUser(t, "user1")

  111. 	req = NewRequest(t, "GET", "/privated_org")

  112. 	session.MakeRequest(t, req, http.StatusOK)

  113. 	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")

  114. 	session.MakeRequest(t, req, http.StatusOK)

  115. 	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")

  116. 	session.MakeRequest(t, req, http.StatusOK)

  117. }

  118. 

  119. func TestOrgRestrictedUser(t *testing.T) {

  120. 	defer prepareTestEnv(t)()

  121. 

  122. 	// privated_org is a private org who has id 23

  123. 	orgName := "privated_org"

  124. 

  125. 	// public_repo_on_private_org is a public repo on privated_org

  126. 	repoName := "public_repo_on_private_org"

  127. 

  128. 	// user29 is a restricted user who is not a member of the organization

  129. 	restrictedUser := "user29"

  130. 

  131. 	// #17003 reports a bug whereby adding a restricted user to a read-only team doesn't work

  132. 

  133. 	// assert restrictedUser cannot see the org or the public repo

  134. 	restrictedSession := loginUser(t, restrictedUser)

  135. 	req := NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))

  136. 	restrictedSession.MakeRequest(t, req, http.StatusNotFound)

  137. 

  138. 	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))

  139. 	restrictedSession.MakeRequest(t, req, http.StatusNotFound)

  140. 

  141. 	// Therefore create a read-only team

  142. 	adminSession := loginUser(t, "user1")

  143. 	token := getTokenForLoggedInUser(t, adminSession)

  144. 

  145. 	teamToCreate := &api.CreateTeamOption{

  146. 		Name:                    "codereader",

  147. 		Description:             "Code Reader",

  148. 		IncludesAllRepositories: true,

  149. 		Permission:              "read",

  150. 		Units:                   []string{"repo.code"},

  151. 	}

  152. 

  153. 	req = NewRequestWithJSON(t, "POST",

  154. 		fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, token), teamToCreate)

  155. 

  156. 	var apiTeam api.Team

  157. 

  158. 	resp := adminSession.MakeRequest(t, req, http.StatusCreated)

  159. 	DecodeJSON(t, resp, &apiTeam)

  160. 	checkTeamResponse(t, "CreateTeam_codereader", &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,

  161. 		teamToCreate.Permission, teamToCreate.Units, nil)

  162. 	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,

  163. 		teamToCreate.Permission, teamToCreate.Units, nil)

  164. 	// teamID := apiTeam.ID

  165. 

  166. 	// Now we need to add the restricted user to the team

  167. 	req = NewRequest(t, "PUT",

  168. 		fmt.Sprintf("/api/v1/teams/%d/members/%s?token=%s", apiTeam.ID, restrictedUser, token))

  169. 	_ = adminSession.MakeRequest(t, req, http.StatusNoContent)

  170. 

  171. 	// Now we need to check if the restrictedUser can access the repo

  172. 	req = NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))

  173. 	restrictedSession.MakeRequest(t, req, http.StatusOK)

  174. 

  175. 	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))

  176. 	restrictedSession.MakeRequest(t, req, http.StatusOK)

  177. }

  178. 

  179. func TestTeamSearch(t *testing.T) {

  180. 	defer prepareTestEnv(t)()

  181. 

  182. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  183. 	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)

  184. 

  185. 	var results TeamSearchResults

  186. 

  187. 	session := loginUser(t, user.Name)

  188. 	csrf := GetCSRF(t, session, "/"+org.Name)

  189. 	req := NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "_team")

  190. 	req.Header.Add("X-Csrf-Token", csrf)

  191. 	resp := session.MakeRequest(t, req, http.StatusOK)

  192. 	DecodeJSON(t, resp, &results)

  193. 	assert.NotEmpty(t, results.Data)

  194. 	assert.Len(t, results.Data, 1)

  195. 	assert.Equal(t, "test_team", results.Data[0].Name)

  196. 

  197. 	// no access if not organization member

  198. 	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  199. 	session = loginUser(t, user5.Name)

  200. 	csrf = GetCSRF(t, session, "/"+org.Name)

  201. 	req = NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "team")

  202. 	req.Header.Add("X-Csrf-Token", csrf)

  203. 	session.MakeRequest(t, req, http.StatusNotFound)

  204. }