mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16782 Commits
17 Branches
Tree: v1.21.10
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'v1.21.10'
${ noResults }
gitea/modules/repository/collaborator_test.go

collaborator_test.go 10.0KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package repository

  5. 

  6. import (

  7. 	"testing"

  8. 

  9. 	"code.gitea.io/gitea/models/db"

  10. 	"code.gitea.io/gitea/models/organization"

  11. 	perm_model "code.gitea.io/gitea/models/perm"

  12. 	access_model "code.gitea.io/gitea/models/perm/access"

  13. 	repo_model "code.gitea.io/gitea/models/repo"

  14. 	"code.gitea.io/gitea/models/unit"

  15. 	"code.gitea.io/gitea/models/unittest"

  16. 	user_model "code.gitea.io/gitea/models/user"

  17. 

  18. 	"github.com/stretchr/testify/assert"

  19. )

  20. 

  21. func TestRepository_AddCollaborator(t *testing.T) {

  22. 	assert.NoError(t, unittest.PrepareTestDatabase())

  23. 

  24. 	testSuccess := func(repoID, userID int64) {

  25. 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repoID})

  26. 		assert.NoError(t, repo.LoadOwner(db.DefaultContext))

  27. 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID})

  28. 		assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user))

  29. 		unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID}, &user_model.User{ID: userID})

  30. 	}

  31. 	testSuccess(1, 4)

  32. 	testSuccess(1, 4)

  33. 	testSuccess(3, 4)

  34. }

  35. 

  36. func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

  37. 	assert.NoError(t, unittest.PrepareTestDatabase())

  38. 

  39. 	// public non-organization repo

  40. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})

  41. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  42. 

  43. 	// plain user

  44. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  45. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  46. 	assert.NoError(t, err)

  47. 	for _, unit := range repo.Units {

  48. 		assert.True(t, perm.CanRead(unit.Type))

  49. 		assert.False(t, perm.CanWrite(unit.Type))

  50. 	}

  51. 

  52. 	// change to collaborator

  53. 	assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user))

  54. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  55. 	assert.NoError(t, err)

  56. 	for _, unit := range repo.Units {

  57. 		assert.True(t, perm.CanRead(unit.Type))

  58. 		assert.True(t, perm.CanWrite(unit.Type))

  59. 	}

  60. 

  61. 	// collaborator

  62. 	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})

  63. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator)

  64. 	assert.NoError(t, err)

  65. 	for _, unit := range repo.Units {

  66. 		assert.True(t, perm.CanRead(unit.Type))

  67. 		assert.True(t, perm.CanWrite(unit.Type))

  68. 	}

  69. 

  70. 	// owner

  71. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  72. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  73. 	assert.NoError(t, err)

  74. 	for _, unit := range repo.Units {

  75. 		assert.True(t, perm.CanRead(unit.Type))

  76. 		assert.True(t, perm.CanWrite(unit.Type))

  77. 	}

  78. 

  79. 	// admin

  80. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

  81. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  82. 	assert.NoError(t, err)

  83. 	for _, unit := range repo.Units {

  84. 		assert.True(t, perm.CanRead(unit.Type))

  85. 		assert.True(t, perm.CanWrite(unit.Type))

  86. 	}

  87. }

  88. 

  89. func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

  90. 	assert.NoError(t, unittest.PrepareTestDatabase())

  91. 

  92. 	// private non-organization repo

  93. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})

  94. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  95. 

  96. 	// plain user

  97. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})

  98. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  99. 	assert.NoError(t, err)

  100. 	for _, unit := range repo.Units {

  101. 		assert.False(t, perm.CanRead(unit.Type))

  102. 		assert.False(t, perm.CanWrite(unit.Type))

  103. 	}

  104. 

  105. 	// change to collaborator to default write access

  106. 	assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user))

  107. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  108. 	assert.NoError(t, err)

  109. 	for _, unit := range repo.Units {

  110. 		assert.True(t, perm.CanRead(unit.Type))

  111. 		assert.True(t, perm.CanWrite(unit.Type))

  112. 	}

  113. 

  114. 	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, user.ID, perm_model.AccessModeRead))

  115. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  116. 	assert.NoError(t, err)

  117. 	for _, unit := range repo.Units {

  118. 		assert.True(t, perm.CanRead(unit.Type))

  119. 		assert.False(t, perm.CanWrite(unit.Type))

  120. 	}

  121. 

  122. 	// owner

  123. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  124. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  125. 	assert.NoError(t, err)

  126. 	for _, unit := range repo.Units {

  127. 		assert.True(t, perm.CanRead(unit.Type))

  128. 		assert.True(t, perm.CanWrite(unit.Type))

  129. 	}

  130. 

  131. 	// admin

  132. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

  133. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  134. 	assert.NoError(t, err)

  135. 	for _, unit := range repo.Units {

  136. 		assert.True(t, perm.CanRead(unit.Type))

  137. 		assert.True(t, perm.CanWrite(unit.Type))

  138. 	}

  139. }

  140. 

  141. func TestRepoPermissionPublicOrgRepo(t *testing.T) {

  142. 	assert.NoError(t, unittest.PrepareTestDatabase())

  143. 

  144. 	// public organization repo

  145. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32})

  146. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  147. 

  148. 	// plain user

  149. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  150. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  151. 	assert.NoError(t, err)

  152. 	for _, unit := range repo.Units {

  153. 		assert.True(t, perm.CanRead(unit.Type))

  154. 		assert.False(t, perm.CanWrite(unit.Type))

  155. 	}

  156. 

  157. 	// change to collaborator to default write access

  158. 	assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user))

  159. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  160. 	assert.NoError(t, err)

  161. 	for _, unit := range repo.Units {

  162. 		assert.True(t, perm.CanRead(unit.Type))

  163. 		assert.True(t, perm.CanWrite(unit.Type))

  164. 	}

  165. 

  166. 	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, user.ID, perm_model.AccessModeRead))

  167. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  168. 	assert.NoError(t, err)

  169. 	for _, unit := range repo.Units {

  170. 		assert.True(t, perm.CanRead(unit.Type))

  171. 		assert.False(t, perm.CanWrite(unit.Type))

  172. 	}

  173. 

  174. 	// org member team owner

  175. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  176. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  177. 	assert.NoError(t, err)

  178. 	for _, unit := range repo.Units {

  179. 		assert.True(t, perm.CanRead(unit.Type))

  180. 		assert.True(t, perm.CanWrite(unit.Type))

  181. 	}

  182. 

  183. 	// org member team tester

  184. 	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15})

  185. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member)

  186. 	assert.NoError(t, err)

  187. 	for _, unit := range repo.Units {

  188. 		assert.True(t, perm.CanRead(unit.Type))

  189. 	}

  190. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  191. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  192. 

  193. 	// admin

  194. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

  195. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  196. 	assert.NoError(t, err)

  197. 	for _, unit := range repo.Units {

  198. 		assert.True(t, perm.CanRead(unit.Type))

  199. 		assert.True(t, perm.CanWrite(unit.Type))

  200. 	}

  201. }

  202. 

  203. func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

  204. 	assert.NoError(t, unittest.PrepareTestDatabase())

  205. 

  206. 	// private organization repo

  207. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24})

  208. 	assert.NoError(t, repo.LoadUnits(db.DefaultContext))

  209. 

  210. 	// plain user

  211. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  212. 	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  213. 	assert.NoError(t, err)

  214. 	for _, unit := range repo.Units {

  215. 		assert.False(t, perm.CanRead(unit.Type))

  216. 		assert.False(t, perm.CanWrite(unit.Type))

  217. 	}

  218. 

  219. 	// change to collaborator to default write access

  220. 	assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user))

  221. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  222. 	assert.NoError(t, err)

  223. 	for _, unit := range repo.Units {

  224. 		assert.True(t, perm.CanRead(unit.Type))

  225. 		assert.True(t, perm.CanWrite(unit.Type))

  226. 	}

  227. 

  228. 	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, user.ID, perm_model.AccessModeRead))

  229. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)

  230. 	assert.NoError(t, err)

  231. 	for _, unit := range repo.Units {

  232. 		assert.True(t, perm.CanRead(unit.Type))

  233. 		assert.False(t, perm.CanWrite(unit.Type))

  234. 	}

  235. 

  236. 	// org member team owner

  237. 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15})

  238. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  239. 	assert.NoError(t, err)

  240. 	for _, unit := range repo.Units {

  241. 		assert.True(t, perm.CanRead(unit.Type))

  242. 		assert.True(t, perm.CanWrite(unit.Type))

  243. 	}

  244. 

  245. 	// update team information and then check permission

  246. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5})

  247. 	err = organization.UpdateTeamUnits(team, nil)

  248. 	assert.NoError(t, err)

  249. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)

  250. 	assert.NoError(t, err)

  251. 	for _, unit := range repo.Units {

  252. 		assert.True(t, perm.CanRead(unit.Type))

  253. 		assert.True(t, perm.CanWrite(unit.Type))

  254. 	}

  255. 

  256. 	// org member team tester

  257. 	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  258. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester)

  259. 	assert.NoError(t, err)

  260. 	assert.True(t, perm.CanWrite(unit.TypeIssues))

  261. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  262. 	assert.False(t, perm.CanRead(unit.TypeCode))

  263. 

  264. 	// org member team reviewer

  265. 	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20})

  266. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer)

  267. 	assert.NoError(t, err)

  268. 	assert.False(t, perm.CanRead(unit.TypeIssues))

  269. 	assert.False(t, perm.CanWrite(unit.TypeCode))

  270. 	assert.True(t, perm.CanRead(unit.TypeCode))

  271. 

  272. 	// admin

  273. 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

  274. 	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)

  275. 	assert.NoError(t, err)

  276. 	for _, unit := range repo.Units {

  277. 		assert.True(t, perm.CanRead(unit.Type))

  278. 		assert.True(t, perm.CanWrite(unit.Type))

  279. 	}

  280. }