mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12405 Commits
17 Branches
Tree: b5a9ee94fd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b5a9ee94fd'
${ noResults }
gitea/models/repo_permission_test.go

repo_permission_test.go 8.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"testing"

  9. 

  10. 	"code.gitea.io/gitea/models/db"

  11. 	perm_model "code.gitea.io/gitea/models/perm"

  12. 	"code.gitea.io/gitea/models/unit"

  13. 	"code.gitea.io/gitea/models/unittest"

  14. 	user_model "code.gitea.io/gitea/models/user"

  15. 

  16. 	"github.com/stretchr/testify/assert"

  17. )

  18. 

  19. func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

  20. 	assert.NoError(t, unittest.PrepareTestDatabase())

  21. 

  22. 	// public non-organization repo

  23. 	repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)

  24. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  25. 

  26. 	// plain user

  27. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  28. 	perm, err := GetUserRepoPermission(repo, user)

  29. 	assert.NoError(t, err)

  30. 	for _, unit := range repo.Units {

  31. 		assert.True(t, perm.CanRead(unit.Type))

  32. 		assert.False(t, perm.CanWrite(unit.Type))

  33. 	}

  34. 

  35. 	// change to collaborator

  36. 	assert.NoError(t, repo.AddCollaborator(user))

  37. 	perm, err = GetUserRepoPermission(repo, user)

  38. 	assert.NoError(t, err)

  39. 	for _, unit := range repo.Units {

  40. 		assert.True(t, perm.CanRead(unit.Type))

  41. 		assert.True(t, perm.CanWrite(unit.Type))

  42. 	}

  43. 

  44. 	// collaborator

  45. 	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)

  46. 	perm, err = GetUserRepoPermission(repo, collaborator)

  47. 	assert.NoError(t, err)

  48. 	for _, unit := range repo.Units {

  49. 		assert.True(t, perm.CanRead(unit.Type))

  50. 		assert.True(t, perm.CanWrite(unit.Type))

  51. 	}

  52. 

  53. 	// owner

  54. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  55. 	perm, err = GetUserRepoPermission(repo, owner)

  56. 	assert.NoError(t, err)

  57. 	for _, unit := range repo.Units {

  58. 		assert.True(t, perm.CanRead(unit.Type))

  59. 		assert.True(t, perm.CanWrite(unit.Type))

  60. 	}

  61. 

  62. 	// admin

  63. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  64. 	perm, err = GetUserRepoPermission(repo, admin)

  65. 	assert.NoError(t, err)

  66. 	for _, unit := range repo.Units {

  67. 		assert.True(t, perm.CanRead(unit.Type))

  68. 		assert.True(t, perm.CanWrite(unit.Type))

  69. 	}

  70. }

  71. 

  72. func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

  73. 	assert.NoError(t, unittest.PrepareTestDatabase())

  74. 

  75. 	// private non-organization repo

  76. 	repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 2}).(*Repository)

  77. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  78. 

  79. 	// plain user

  80. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)

  81. 	perm, err := GetUserRepoPermission(repo, user)

  82. 	assert.NoError(t, err)

  83. 	for _, unit := range repo.Units {

  84. 		assert.False(t, perm.CanRead(unit.Type))

  85. 		assert.False(t, perm.CanWrite(unit.Type))

  86. 	}

  87. 

  88. 	// change to collaborator to default write access

  89. 	assert.NoError(t, repo.AddCollaborator(user))

  90. 	perm, err = GetUserRepoPermission(repo, user)

  91. 	assert.NoError(t, err)

  92. 	for _, unit := range repo.Units {

  93. 		assert.True(t, perm.CanRead(unit.Type))

  94. 		assert.True(t, perm.CanWrite(unit.Type))

  95. 	}

  96. 

  97. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))

  98. 	perm, err = GetUserRepoPermission(repo, user)

  99. 	assert.NoError(t, err)

  100. 	for _, unit := range repo.Units {

  101. 		assert.True(t, perm.CanRead(unit.Type))

  102. 		assert.False(t, perm.CanWrite(unit.Type))

  103. 	}

  104. 

  105. 	// owner

  106. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  107. 	perm, err = GetUserRepoPermission(repo, owner)

  108. 	assert.NoError(t, err)

  109. 	for _, unit := range repo.Units {

  110. 		assert.True(t, perm.CanRead(unit.Type))

  111. 		assert.True(t, perm.CanWrite(unit.Type))

  112. 	}

  113. 

  114. 	// admin

  115. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  116. 	perm, err = GetUserRepoPermission(repo, admin)

  117. 	assert.NoError(t, err)

  118. 	for _, unit := range repo.Units {

  119. 		assert.True(t, perm.CanRead(unit.Type))

  120. 		assert.True(t, perm.CanWrite(unit.Type))

  121. 	}

  122. }

  123. 

  124. func TestRepoPermissionPublicOrgRepo(t *testing.T) {

  125. 	assert.NoError(t, unittest.PrepareTestDatabase())

  126. 

  127. 	// public organization repo

  128. 	repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 32}).(*Repository)

  129. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  130. 

  131. 	// plain user

  132. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  133. 	perm, err := GetUserRepoPermission(repo, user)

  134. 	assert.NoError(t, err)

  135. 	for _, unit := range repo.Units {

  136. 		assert.True(t, perm.CanRead(unit.Type))

  137. 		assert.False(t, perm.CanWrite(unit.Type))

  138. 	}

  139. 

  140. 	// change to collaborator to default write access

  141. 	assert.NoError(t, repo.AddCollaborator(user))

  142. 	perm, err = GetUserRepoPermission(repo, user)

  143. 	assert.NoError(t, err)

  144. 	for _, unit := range repo.Units {

  145. 		assert.True(t, perm.CanRead(unit.Type))

  146. 		assert.True(t, perm.CanWrite(unit.Type))

  147. 	}

  148. 

  149. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))

  150. 	perm, err = GetUserRepoPermission(repo, user)

  151. 	assert.NoError(t, err)

  152. 	for _, unit := range repo.Units {

  153. 		assert.True(t, perm.CanRead(unit.Type))

  154. 		assert.False(t, perm.CanWrite(unit.Type))

  155. 	}

  156. 

  157. 	// org member team owner

  158. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  159. 	perm, err = GetUserRepoPermission(repo, owner)

  160. 	assert.NoError(t, err)

  161. 	for _, unit := range repo.Units {

  162. 		assert.True(t, perm.CanRead(unit.Type))

  163. 		assert.True(t, perm.CanWrite(unit.Type))

  164. 	}

  165. 

  166. 	// org member team tester

  167. 	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)

  168. 	perm, err = GetUserRepoPermission(repo, member)

  169. 	assert.NoError(t, err)

  170. 	for _, unit := range repo.Units {

  171. 		assert.True(t, perm.CanRead(unit.Type))

  172. 	}

  173. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  174. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  175. 

  176. 	// admin

  177. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  178. 	perm, err = GetUserRepoPermission(repo, admin)

  179. 	assert.NoError(t, err)

  180. 	for _, unit := range repo.Units {

  181. 		assert.True(t, perm.CanRead(unit.Type))

  182. 		assert.True(t, perm.CanWrite(unit.Type))

  183. 	}

  184. }

  185. 

  186. func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

  187. 	assert.NoError(t, unittest.PrepareTestDatabase())

  188. 

  189. 	// private organization repo

  190. 	repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 24}).(*Repository)

  191. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  192. 

  193. 	// plain user

  194. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  195. 	perm, err := GetUserRepoPermission(repo, user)

  196. 	assert.NoError(t, err)

  197. 	for _, unit := range repo.Units {

  198. 		assert.False(t, perm.CanRead(unit.Type))

  199. 		assert.False(t, perm.CanWrite(unit.Type))

  200. 	}

  201. 

  202. 	// change to collaborator to default write access

  203. 	assert.NoError(t, repo.AddCollaborator(user))

  204. 	perm, err = GetUserRepoPermission(repo, user)

  205. 	assert.NoError(t, err)

  206. 	for _, unit := range repo.Units {

  207. 		assert.True(t, perm.CanRead(unit.Type))

  208. 		assert.True(t, perm.CanWrite(unit.Type))

  209. 	}

  210. 

  211. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))

  212. 	perm, err = GetUserRepoPermission(repo, user)

  213. 	assert.NoError(t, err)

  214. 	for _, unit := range repo.Units {

  215. 		assert.True(t, perm.CanRead(unit.Type))

  216. 		assert.False(t, perm.CanWrite(unit.Type))

  217. 	}

  218. 

  219. 	// org member team owner

  220. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)

  221. 	perm, err = GetUserRepoPermission(repo, owner)

  222. 	assert.NoError(t, err)

  223. 	for _, unit := range repo.Units {

  224. 		assert.True(t, perm.CanRead(unit.Type))

  225. 		assert.True(t, perm.CanWrite(unit.Type))

  226. 	}

  227. 

  228. 	// update team information and then check permission

  229. 	team := unittest.AssertExistsAndLoadBean(t, &Team{ID: 5}).(*Team)

  230. 	err = UpdateTeamUnits(team, nil)

  231. 	assert.NoError(t, err)

  232. 	perm, err = GetUserRepoPermission(repo, owner)

  233. 	assert.NoError(t, err)

  234. 	for _, unit := range repo.Units {

  235. 		assert.True(t, perm.CanRead(unit.Type))

  236. 		assert.True(t, perm.CanWrite(unit.Type))

  237. 	}

  238. 

  239. 	// org member team tester

  240. 	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  241. 	perm, err = GetUserRepoPermission(repo, tester)

  242. 	assert.NoError(t, err)

  243. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  244. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  245. 	assert.False(t, perm.CanRead(unit.TypeCode))

  246. 

  247. 	// org member team reviewer

  248. 	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)

  249. 	perm, err = GetUserRepoPermission(repo, reviewer)

  250. 	assert.NoError(t, err)

  251. 	assert.False(t, perm.CanRead(unit.TypeIssues))

  252. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  253. 	assert.True(t, perm.CanRead(unit.TypeCode))

  254. 

  255. 	// admin

  256. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  257. 	perm, err = GetUserRepoPermission(repo, admin)

  258. 	assert.NoError(t, err)

  259. 	for _, unit := range repo.Units {

  260. 		assert.True(t, perm.CanRead(unit.Type))

  261. 		assert.True(t, perm.CanWrite(unit.Type))

  262. 	}

  263. }