mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12280 Commits
17 Branches
Tree: df64fa4865
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'df64fa4865'
${ noResults }
gitea/models/repo_permission_test.go

repo_permission_test.go 8.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"testing"

  9. 

  10. 	"code.gitea.io/gitea/models/db"

  11. 	"code.gitea.io/gitea/models/unit"

  12. 	"code.gitea.io/gitea/models/unittest"

  13. 	"github.com/stretchr/testify/assert"

  14. )

  15. 

  16. func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

  17. 	assert.NoError(t, unittest.PrepareTestDatabase())

  18. 

  19. 	// public non-organization repo

  20. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)

  21. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  22. 

  23. 	// plain user

  24. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  25. 	perm, err := GetUserRepoPermission(repo, user)

  26. 	assert.NoError(t, err)

  27. 	for _, unit := range repo.Units {

  28. 		assert.True(t, perm.CanRead(unit.Type))

  29. 		assert.False(t, perm.CanWrite(unit.Type))

  30. 	}

  31. 

  32. 	// change to collaborator

  33. 	assert.NoError(t, repo.AddCollaborator(user))

  34. 	perm, err = GetUserRepoPermission(repo, user)

  35. 	assert.NoError(t, err)

  36. 	for _, unit := range repo.Units {

  37. 		assert.True(t, perm.CanRead(unit.Type))

  38. 		assert.True(t, perm.CanWrite(unit.Type))

  39. 	}

  40. 

  41. 	// collaborator

  42. 	collaborator := db.AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)

  43. 	perm, err = GetUserRepoPermission(repo, collaborator)

  44. 	assert.NoError(t, err)

  45. 	for _, unit := range repo.Units {

  46. 		assert.True(t, perm.CanRead(unit.Type))

  47. 		assert.True(t, perm.CanWrite(unit.Type))

  48. 	}

  49. 

  50. 	// owner

  51. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  52. 	perm, err = GetUserRepoPermission(repo, owner)

  53. 	assert.NoError(t, err)

  54. 	for _, unit := range repo.Units {

  55. 		assert.True(t, perm.CanRead(unit.Type))

  56. 		assert.True(t, perm.CanWrite(unit.Type))

  57. 	}

  58. 

  59. 	// admin

  60. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  61. 	perm, err = GetUserRepoPermission(repo, admin)

  62. 	assert.NoError(t, err)

  63. 	for _, unit := range repo.Units {

  64. 		assert.True(t, perm.CanRead(unit.Type))

  65. 		assert.True(t, perm.CanWrite(unit.Type))

  66. 	}

  67. }

  68. 

  69. func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

  70. 	assert.NoError(t, unittest.PrepareTestDatabase())

  71. 

  72. 	// private non-organization repo

  73. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 2}).(*Repository)

  74. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  75. 

  76. 	// plain user

  77. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)

  78. 	perm, err := GetUserRepoPermission(repo, user)

  79. 	assert.NoError(t, err)

  80. 	for _, unit := range repo.Units {

  81. 		assert.False(t, perm.CanRead(unit.Type))

  82. 		assert.False(t, perm.CanWrite(unit.Type))

  83. 	}

  84. 

  85. 	// change to collaborator to default write access

  86. 	assert.NoError(t, repo.AddCollaborator(user))

  87. 	perm, err = GetUserRepoPermission(repo, user)

  88. 	assert.NoError(t, err)

  89. 	for _, unit := range repo.Units {

  90. 		assert.True(t, perm.CanRead(unit.Type))

  91. 		assert.True(t, perm.CanWrite(unit.Type))

  92. 	}

  93. 

  94. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  95. 	perm, err = GetUserRepoPermission(repo, user)

  96. 	assert.NoError(t, err)

  97. 	for _, unit := range repo.Units {

  98. 		assert.True(t, perm.CanRead(unit.Type))

  99. 		assert.False(t, perm.CanWrite(unit.Type))

  100. 	}

  101. 

  102. 	// owner

  103. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  104. 	perm, err = GetUserRepoPermission(repo, owner)

  105. 	assert.NoError(t, err)

  106. 	for _, unit := range repo.Units {

  107. 		assert.True(t, perm.CanRead(unit.Type))

  108. 		assert.True(t, perm.CanWrite(unit.Type))

  109. 	}

  110. 

  111. 	// admin

  112. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  113. 	perm, err = GetUserRepoPermission(repo, admin)

  114. 	assert.NoError(t, err)

  115. 	for _, unit := range repo.Units {

  116. 		assert.True(t, perm.CanRead(unit.Type))

  117. 		assert.True(t, perm.CanWrite(unit.Type))

  118. 	}

  119. }

  120. 

  121. func TestRepoPermissionPublicOrgRepo(t *testing.T) {

  122. 	assert.NoError(t, unittest.PrepareTestDatabase())

  123. 

  124. 	// public organization repo

  125. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 32}).(*Repository)

  126. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  127. 

  128. 	// plain user

  129. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  130. 	perm, err := GetUserRepoPermission(repo, user)

  131. 	assert.NoError(t, err)

  132. 	for _, unit := range repo.Units {

  133. 		assert.True(t, perm.CanRead(unit.Type))

  134. 		assert.False(t, perm.CanWrite(unit.Type))

  135. 	}

  136. 

  137. 	// change to collaborator to default write access

  138. 	assert.NoError(t, repo.AddCollaborator(user))

  139. 	perm, err = GetUserRepoPermission(repo, user)

  140. 	assert.NoError(t, err)

  141. 	for _, unit := range repo.Units {

  142. 		assert.True(t, perm.CanRead(unit.Type))

  143. 		assert.True(t, perm.CanWrite(unit.Type))

  144. 	}

  145. 

  146. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  147. 	perm, err = GetUserRepoPermission(repo, user)

  148. 	assert.NoError(t, err)

  149. 	for _, unit := range repo.Units {

  150. 		assert.True(t, perm.CanRead(unit.Type))

  151. 		assert.False(t, perm.CanWrite(unit.Type))

  152. 	}

  153. 

  154. 	// org member team owner

  155. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  156. 	perm, err = GetUserRepoPermission(repo, owner)

  157. 	assert.NoError(t, err)

  158. 	for _, unit := range repo.Units {

  159. 		assert.True(t, perm.CanRead(unit.Type))

  160. 		assert.True(t, perm.CanWrite(unit.Type))

  161. 	}

  162. 

  163. 	// org member team tester

  164. 	member := db.AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)

  165. 	perm, err = GetUserRepoPermission(repo, member)

  166. 	assert.NoError(t, err)

  167. 	for _, unit := range repo.Units {

  168. 		assert.True(t, perm.CanRead(unit.Type))

  169. 	}

  170. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  171. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  172. 

  173. 	// admin

  174. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  175. 	perm, err = GetUserRepoPermission(repo, admin)

  176. 	assert.NoError(t, err)

  177. 	for _, unit := range repo.Units {

  178. 		assert.True(t, perm.CanRead(unit.Type))

  179. 		assert.True(t, perm.CanWrite(unit.Type))

  180. 	}

  181. }

  182. 

  183. func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

  184. 	assert.NoError(t, unittest.PrepareTestDatabase())

  185. 

  186. 	// private organization repo

  187. 	repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 24}).(*Repository)

  188. 	assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))

  189. 

  190. 	// plain user

  191. 	user := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  192. 	perm, err := GetUserRepoPermission(repo, user)

  193. 	assert.NoError(t, err)

  194. 	for _, unit := range repo.Units {

  195. 		assert.False(t, perm.CanRead(unit.Type))

  196. 		assert.False(t, perm.CanWrite(unit.Type))

  197. 	}

  198. 

  199. 	// change to collaborator to default write access

  200. 	assert.NoError(t, repo.AddCollaborator(user))

  201. 	perm, err = GetUserRepoPermission(repo, user)

  202. 	assert.NoError(t, err)

  203. 	for _, unit := range repo.Units {

  204. 		assert.True(t, perm.CanRead(unit.Type))

  205. 		assert.True(t, perm.CanWrite(unit.Type))

  206. 	}

  207. 

  208. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  209. 	perm, err = GetUserRepoPermission(repo, user)

  210. 	assert.NoError(t, err)

  211. 	for _, unit := range repo.Units {

  212. 		assert.True(t, perm.CanRead(unit.Type))

  213. 		assert.False(t, perm.CanWrite(unit.Type))

  214. 	}

  215. 

  216. 	// org member team owner

  217. 	owner := db.AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)

  218. 	perm, err = GetUserRepoPermission(repo, owner)

  219. 	assert.NoError(t, err)

  220. 	for _, unit := range repo.Units {

  221. 		assert.True(t, perm.CanRead(unit.Type))

  222. 		assert.True(t, perm.CanWrite(unit.Type))

  223. 	}

  224. 

  225. 	// update team information and then check permission

  226. 	team := db.AssertExistsAndLoadBean(t, &Team{ID: 5}).(*Team)

  227. 	err = UpdateTeamUnits(team, nil)

  228. 	assert.NoError(t, err)

  229. 	perm, err = GetUserRepoPermission(repo, owner)

  230. 	assert.NoError(t, err)

  231. 	for _, unit := range repo.Units {

  232. 		assert.True(t, perm.CanRead(unit.Type))

  233. 		assert.True(t, perm.CanWrite(unit.Type))

  234. 	}

  235. 

  236. 	// org member team tester

  237. 	tester := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  238. 	perm, err = GetUserRepoPermission(repo, tester)

  239. 	assert.NoError(t, err)

  240. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  241. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  242. 	assert.False(t, perm.CanRead(unit.TypeCode))

  243. 

  244. 	// org member team reviewer

  245. 	reviewer := db.AssertExistsAndLoadBean(t, &User{ID: 20}).(*User)

  246. 	perm, err = GetUserRepoPermission(repo, reviewer)

  247. 	assert.NoError(t, err)

  248. 	assert.False(t, perm.CanRead(unit.TypeIssues))

  249. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  250. 	assert.True(t, perm.CanRead(unit.TypeCode))

  251. 

  252. 	// admin

  253. 	admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  254. 	perm, err = GetUserRepoPermission(repo, admin)

  255. 	assert.NoError(t, err)

  256. 	for _, unit := range repo.Units {

  257. 		assert.True(t, perm.CanRead(unit.Type))

  258. 		assert.True(t, perm.CanWrite(unit.Type))

  259. 	}

  260. }