mirrors
/
gitea
miroir de https://github.com/go-gitea/gitea.git
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Versions 212 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
13171 Révisions
17 Branches
Aborescence: 8d34c2fab9
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '8d34c2fab9'
${ noResults }
gitea/models/repo_permission_test.go

repo_permission_test.go 9.3KB
Brut Annotations Historique

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"testing"

  9. 

  10. 	"code.gitea.io/gitea/models/db"

  11. 	"code.gitea.io/gitea/models/organization"

  12. 	perm_model "code.gitea.io/gitea/models/perm"

  13. 	repo_model "code.gitea.io/gitea/models/repo"

  14. 	"code.gitea.io/gitea/models/unit"

  15. 	"code.gitea.io/gitea/models/unittest"

  16. 	user_model "code.gitea.io/gitea/models/user"

  17. 

  18. 	"github.com/stretchr/testify/assert"

  19. )

  20. 

  21. func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

  22. 	assert.NoError(t, unittest.PrepareTestDatabase())

  23. 

  24. 	// public non-organization repo

  25. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)

  26. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  27. 

  28. 	// plain user

  29. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  30. 	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)

  31. 	assert.NoError(t, err)

  32. 	for _, unit := range repo.Units {

  33. 		assert.True(t, perm.CanRead(unit.Type))

  34. 		assert.False(t, perm.CanWrite(unit.Type))

  35. 	}

  36. 

  37. 	// change to collaborator

  38. 	assert.NoError(t, AddCollaborator(repo, user))

  39. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)

  40. 	assert.NoError(t, err)

  41. 	for _, unit := range repo.Units {

  42. 		assert.True(t, perm.CanRead(unit.Type))

  43. 		assert.True(t, perm.CanWrite(unit.Type))

  44. 	}

  45. 

  46. 	// collaborator

  47. 	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)

  48. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, collaborator)

  49. 	assert.NoError(t, err)

  50. 	for _, unit := range repo.Units {

  51. 		assert.True(t, perm.CanRead(unit.Type))

  52. 		assert.True(t, perm.CanWrite(unit.Type))

  53. 	}

  54. 

  55. 	// owner

  56. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  57. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)

  58. 	assert.NoError(t, err)

  59. 	for _, unit := range repo.Units {

  60. 		assert.True(t, perm.CanRead(unit.Type))

  61. 		assert.True(t, perm.CanWrite(unit.Type))

  62. 	}

  63. 

  64. 	// admin

  65. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  66. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)

  67. 	assert.NoError(t, err)

  68. 	for _, unit := range repo.Units {

  69. 		assert.True(t, perm.CanRead(unit.Type))

  70. 		assert.True(t, perm.CanWrite(unit.Type))

  71. 	}

  72. }

  73. 

  74. func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

  75. 	assert.NoError(t, unittest.PrepareTestDatabase())

  76. 

  77. 	// private non-organization repo

  78. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}).(*repo_model.Repository)

  79. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  80. 

  81. 	// plain user

  82. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)

  83. 	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)

  84. 	assert.NoError(t, err)

  85. 	for _, unit := range repo.Units {

  86. 		assert.False(t, perm.CanRead(unit.Type))

  87. 		assert.False(t, perm.CanWrite(unit.Type))

  88. 	}

  89. 

  90. 	// change to collaborator to default write access

  91. 	assert.NoError(t, AddCollaborator(repo, user))

  92. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)

  93. 	assert.NoError(t, err)

  94. 	for _, unit := range repo.Units {

  95. 		assert.True(t, perm.CanRead(unit.Type))

  96. 		assert.True(t, perm.CanWrite(unit.Type))

  97. 	}

  98. 

  99. 	assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))

  100. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)

  101. 	assert.NoError(t, err)

  102. 	for _, unit := range repo.Units {

  103. 		assert.True(t, perm.CanRead(unit.Type))

  104. 		assert.False(t, perm.CanWrite(unit.Type))

  105. 	}

  106. 

  107. 	// owner

  108. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  109. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)

  110. 	assert.NoError(t, err)

  111. 	for _, unit := range repo.Units {

  112. 		assert.True(t, perm.CanRead(unit.Type))

  113. 		assert.True(t, perm.CanWrite(unit.Type))

  114. 	}

  115. 

  116. 	// admin

  117. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  118. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)

  119. 	assert.NoError(t, err)

  120. 	for _, unit := range repo.Units {

  121. 		assert.True(t, perm.CanRead(unit.Type))

  122. 		assert.True(t, perm.CanWrite(unit.Type))

  123. 	}

  124. }

  125. 

  126. func TestRepoPermissionPublicOrgRepo(t *testing.T) {

  127. 	assert.NoError(t, unittest.PrepareTestDatabase())

  128. 

  129. 	// public organization repo

  130. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}).(*repo_model.Repository)

  131. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  132. 

  133. 	// plain user

  134. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  135. 	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)

  136. 	assert.NoError(t, err)

  137. 	for _, unit := range repo.Units {

  138. 		assert.True(t, perm.CanRead(unit.Type))

  139. 		assert.False(t, perm.CanWrite(unit.Type))

  140. 	}

  141. 

  142. 	// change to collaborator to default write access

  143. 	assert.NoError(t, AddCollaborator(repo, user))

  144. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)

  145. 	assert.NoError(t, err)

  146. 	for _, unit := range repo.Units {

  147. 		assert.True(t, perm.CanRead(unit.Type))

  148. 		assert.True(t, perm.CanWrite(unit.Type))

  149. 	}

  150. 

  151. 	assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))

  152. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)

  153. 	assert.NoError(t, err)

  154. 	for _, unit := range repo.Units {

  155. 		assert.True(t, perm.CanRead(unit.Type))

  156. 		assert.False(t, perm.CanWrite(unit.Type))

  157. 	}

  158. 

  159. 	// org member team owner

  160. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  161. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)

  162. 	assert.NoError(t, err)

  163. 	for _, unit := range repo.Units {

  164. 		assert.True(t, perm.CanRead(unit.Type))

  165. 		assert.True(t, perm.CanWrite(unit.Type))

  166. 	}

  167. 

  168. 	// org member team tester

  169. 	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)

  170. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, member)

  171. 	assert.NoError(t, err)

  172. 	for _, unit := range repo.Units {

  173. 		assert.True(t, perm.CanRead(unit.Type))

  174. 	}

  175. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  176. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  177. 

  178. 	// admin

  179. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  180. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)

  181. 	assert.NoError(t, err)

  182. 	for _, unit := range repo.Units {

  183. 		assert.True(t, perm.CanRead(unit.Type))

  184. 		assert.True(t, perm.CanWrite(unit.Type))

  185. 	}

  186. }

  187. 

  188. func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

  189. 	assert.NoError(t, unittest.PrepareTestDatabase())

  190. 

  191. 	// private organization repo

  192. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)

  193. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  194. 

  195. 	// plain user

  196. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  197. 	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)

  198. 	assert.NoError(t, err)

  199. 	for _, unit := range repo.Units {

  200. 		assert.False(t, perm.CanRead(unit.Type))

  201. 		assert.False(t, perm.CanWrite(unit.Type))

  202. 	}

  203. 

  204. 	// change to collaborator to default write access

  205. 	assert.NoError(t, AddCollaborator(repo, user))

  206. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)

  207. 	assert.NoError(t, err)

  208. 	for _, unit := range repo.Units {

  209. 		assert.True(t, perm.CanRead(unit.Type))

  210. 		assert.True(t, perm.CanWrite(unit.Type))

  211. 	}

  212. 

  213. 	assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))

  214. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)

  215. 	assert.NoError(t, err)

  216. 	for _, unit := range repo.Units {

  217. 		assert.True(t, perm.CanRead(unit.Type))

  218. 		assert.False(t, perm.CanWrite(unit.Type))

  219. 	}

  220. 

  221. 	// org member team owner

  222. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)

  223. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)

  224. 	assert.NoError(t, err)

  225. 	for _, unit := range repo.Units {

  226. 		assert.True(t, perm.CanRead(unit.Type))

  227. 		assert.True(t, perm.CanWrite(unit.Type))

  228. 	}

  229. 

  230. 	// update team information and then check permission

  231. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)

  232. 	err = organization.UpdateTeamUnits(team, nil)

  233. 	assert.NoError(t, err)

  234. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)

  235. 	assert.NoError(t, err)

  236. 	for _, unit := range repo.Units {

  237. 		assert.True(t, perm.CanRead(unit.Type))

  238. 		assert.True(t, perm.CanWrite(unit.Type))

  239. 	}

  240. 

  241. 	// org member team tester

  242. 	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  243. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, tester)

  244. 	assert.NoError(t, err)

  245. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  246. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  247. 	assert.False(t, perm.CanRead(unit.TypeCode))

  248. 

  249. 	// org member team reviewer

  250. 	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)

  251. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, reviewer)

  252. 	assert.NoError(t, err)

  253. 	assert.False(t, perm.CanRead(unit.TypeIssues))

  254. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  255. 	assert.True(t, perm.CanRead(unit.TypeCode))

  256. 

  257. 	// admin

  258. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  259. 	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)

  260. 	assert.NoError(t, err)

  261. 	for _, unit := range repo.Units {

  262. 		assert.True(t, perm.CanRead(unit.Type))

  263. 		assert.True(t, perm.CanWrite(unit.Type))

  264. 	}

  265. }