mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-25 00:02:47 -04:00 
			
		
		
		
	* Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * fix * gofumpt * Integration test for migration (#18124) integrations: basic test for Gitea {dump,restore}-repo This is a first step for integration testing of DumpRepository and RestoreRepository. It: runs a Gitea server, dumps a repo via DumpRepository to the filesystem, restores the repo via RestoreRepository from the filesystem, dumps the restored repository to the filesystem, compares the first and second dump and expects them to be identical The verification is trivial and the goal is to add more tests for each topic of the dump. Signed-off-by: Loïc Dachary <loic@dachary.org> * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * Fix bug Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
		
			
				
	
	
		
			245 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			245 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2017 The Gitea Authors. All rights reserved.
 | |
| // Use of this source code is governed by a MIT-style
 | |
| // license that can be found in the LICENSE file.
 | |
| 
 | |
| package integrations
 | |
| 
 | |
| import (
 | |
| 	"fmt"
 | |
| 	"net/http"
 | |
| 	"sort"
 | |
| 	"testing"
 | |
| 
 | |
| 	"code.gitea.io/gitea/models"
 | |
| 	"code.gitea.io/gitea/models/unit"
 | |
| 	"code.gitea.io/gitea/models/unittest"
 | |
| 	user_model "code.gitea.io/gitea/models/user"
 | |
| 	"code.gitea.io/gitea/modules/convert"
 | |
| 	api "code.gitea.io/gitea/modules/structs"
 | |
| 
 | |
| 	"github.com/stretchr/testify/assert"
 | |
| )
 | |
| 
 | |
| func TestAPITeam(t *testing.T) {
 | |
| 	defer prepareTestEnv(t)()
 | |
| 
 | |
| 	teamUser := unittest.AssertExistsAndLoadBean(t, &models.TeamUser{}).(*models.TeamUser)
 | |
| 	team := unittest.AssertExistsAndLoadBean(t, &models.Team{ID: teamUser.TeamID}).(*models.Team)
 | |
| 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: teamUser.UID}).(*user_model.User)
 | |
| 
 | |
| 	session := loginUser(t, user.Name)
 | |
| 	token := getTokenForLoggedInUser(t, session)
 | |
| 	req := NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
 | |
| 	resp := session.MakeRequest(t, req, http.StatusOK)
 | |
| 
 | |
| 	var apiTeam api.Team
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	assert.EqualValues(t, team.ID, apiTeam.ID)
 | |
| 	assert.Equal(t, team.Name, apiTeam.Name)
 | |
| 
 | |
| 	// non team member user will not access the teams details
 | |
| 	teamUser2 := unittest.AssertExistsAndLoadBean(t, &models.TeamUser{ID: 3}).(*models.TeamUser)
 | |
| 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: teamUser2.UID}).(*user_model.User)
 | |
| 
 | |
| 	session = loginUser(t, user2.Name)
 | |
| 	token = getTokenForLoggedInUser(t, session)
 | |
| 	req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
 | |
| 	_ = session.MakeRequest(t, req, http.StatusForbidden)
 | |
| 
 | |
| 	req = NewRequestf(t, "GET", "/api/v1/teams/%d", teamUser.TeamID)
 | |
| 	_ = session.MakeRequest(t, req, http.StatusUnauthorized)
 | |
| 
 | |
| 	// Get an admin user able to create, update and delete teams.
 | |
| 	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
 | |
| 	session = loginUser(t, user.Name)
 | |
| 	token = getTokenForLoggedInUser(t, session)
 | |
| 
 | |
| 	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 6}).(*user_model.User)
 | |
| 
 | |
| 	// Create team.
 | |
| 	teamToCreate := &api.CreateTeamOption{
 | |
| 		Name:                    "team1",
 | |
| 		Description:             "team one",
 | |
| 		IncludesAllRepositories: true,
 | |
| 		Permission:              "write",
 | |
| 		Units:                   []string{"repo.code", "repo.issues"},
 | |
| 	}
 | |
| 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", org.Name, token), teamToCreate)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusCreated)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
 | |
| 		teamToCreate.Permission, teamToCreate.Units, nil)
 | |
| 	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
 | |
| 		teamToCreate.Permission, teamToCreate.Units, nil)
 | |
| 	teamID := apiTeam.ID
 | |
| 
 | |
| 	// Edit team.
 | |
| 	editDescription := "team 1"
 | |
| 	editFalse := false
 | |
| 	teamToEdit := &api.EditTeamOption{
 | |
| 		Name:                    "teamone",
 | |
| 		Description:             &editDescription,
 | |
| 		Permission:              "admin",
 | |
| 		IncludesAllRepositories: &editFalse,
 | |
| 		Units:                   []string{"repo.code", "repo.pulls", "repo.releases"},
 | |
| 	}
 | |
| 
 | |
| 	req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/teams/%d?token=%s", teamID, token), teamToEdit)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	checkTeamResponse(t, &apiTeam, teamToEdit.Name, *teamToEdit.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		teamToEdit.Permission, unit.AllUnitKeyNames(), nil)
 | |
| 	checkTeamBean(t, apiTeam.ID, teamToEdit.Name, *teamToEdit.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		teamToEdit.Permission, unit.AllUnitKeyNames(), nil)
 | |
| 
 | |
| 	// Edit team Description only
 | |
| 	editDescription = "first team"
 | |
| 	teamToEditDesc := api.EditTeamOption{Description: &editDescription}
 | |
| 	req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/teams/%d?token=%s", teamID, token), teamToEditDesc)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	checkTeamResponse(t, &apiTeam, teamToEdit.Name, *teamToEditDesc.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		teamToEdit.Permission, unit.AllUnitKeyNames(), nil)
 | |
| 	checkTeamBean(t, apiTeam.ID, teamToEdit.Name, *teamToEditDesc.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		teamToEdit.Permission, unit.AllUnitKeyNames(), nil)
 | |
| 
 | |
| 	// Read team.
 | |
| 	teamRead := unittest.AssertExistsAndLoadBean(t, &models.Team{ID: teamID}).(*models.Team)
 | |
| 	assert.NoError(t, teamRead.GetUnits())
 | |
| 	req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamID)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	checkTeamResponse(t, &apiTeam, teamRead.Name, *teamToEditDesc.Description, teamRead.IncludesAllRepositories,
 | |
| 		teamRead.AccessMode.String(), teamRead.GetUnitNames(), teamRead.GetUnitsMap())
 | |
| 
 | |
| 	// Delete team.
 | |
| 	req = NewRequestf(t, "DELETE", "/api/v1/teams/%d?token="+token, teamID)
 | |
| 	session.MakeRequest(t, req, http.StatusNoContent)
 | |
| 	unittest.AssertNotExistsBean(t, &models.Team{ID: teamID})
 | |
| 
 | |
| 	// create team again via UnitsMap
 | |
| 	// Create team.
 | |
| 	teamToCreate = &api.CreateTeamOption{
 | |
| 		Name:                    "team2",
 | |
| 		Description:             "team two",
 | |
| 		IncludesAllRepositories: true,
 | |
| 		Permission:              "write",
 | |
| 		UnitsMap:                map[string]string{"repo.code": "read", "repo.issues": "write", "repo.wiki": "none"},
 | |
| 	}
 | |
| 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", org.Name, token), teamToCreate)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusCreated)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
 | |
| 		"read", nil, teamToCreate.UnitsMap)
 | |
| 	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
 | |
| 		"read", nil, teamToCreate.UnitsMap)
 | |
| 	teamID = apiTeam.ID
 | |
| 
 | |
| 	// Edit team.
 | |
| 	editDescription = "team 1"
 | |
| 	editFalse = false
 | |
| 	teamToEdit = &api.EditTeamOption{
 | |
| 		Name:                    "teamtwo",
 | |
| 		Description:             &editDescription,
 | |
| 		Permission:              "write",
 | |
| 		IncludesAllRepositories: &editFalse,
 | |
| 		UnitsMap:                map[string]string{"repo.code": "read", "repo.pulls": "read", "repo.releases": "write"},
 | |
| 	}
 | |
| 
 | |
| 	req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/teams/%d?token=%s", teamID, token), teamToEdit)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	checkTeamResponse(t, &apiTeam, teamToEdit.Name, *teamToEdit.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		"read", nil, teamToEdit.UnitsMap)
 | |
| 	checkTeamBean(t, apiTeam.ID, teamToEdit.Name, *teamToEdit.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		"read", nil, teamToEdit.UnitsMap)
 | |
| 
 | |
| 	// Edit team Description only
 | |
| 	editDescription = "second team"
 | |
| 	teamToEditDesc = api.EditTeamOption{Description: &editDescription}
 | |
| 	req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/teams/%d?token=%s", teamID, token), teamToEditDesc)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	checkTeamResponse(t, &apiTeam, teamToEdit.Name, *teamToEditDesc.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		"read", nil, teamToEdit.UnitsMap)
 | |
| 	checkTeamBean(t, apiTeam.ID, teamToEdit.Name, *teamToEditDesc.Description, *teamToEdit.IncludesAllRepositories,
 | |
| 		"read", nil, teamToEdit.UnitsMap)
 | |
| 
 | |
| 	// Read team.
 | |
| 	teamRead = unittest.AssertExistsAndLoadBean(t, &models.Team{ID: teamID}).(*models.Team)
 | |
| 	req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamID)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	apiTeam = api.Team{}
 | |
| 	DecodeJSON(t, resp, &apiTeam)
 | |
| 	assert.NoError(t, teamRead.GetUnits())
 | |
| 	checkTeamResponse(t, &apiTeam, teamRead.Name, *teamToEditDesc.Description, teamRead.IncludesAllRepositories,
 | |
| 		teamRead.AccessMode.String(), teamRead.GetUnitNames(), teamRead.GetUnitsMap())
 | |
| 
 | |
| 	// Delete team.
 | |
| 	req = NewRequestf(t, "DELETE", "/api/v1/teams/%d?token="+token, teamID)
 | |
| 	session.MakeRequest(t, req, http.StatusNoContent)
 | |
| 	unittest.AssertNotExistsBean(t, &models.Team{ID: teamID})
 | |
| }
 | |
| 
 | |
| func checkTeamResponse(t *testing.T, apiTeam *api.Team, name, description string, includesAllRepositories bool, permission string, units []string, unitsMap map[string]string) {
 | |
| 	t.Run(name+description, func(t *testing.T) {
 | |
| 		assert.Equal(t, name, apiTeam.Name, "name")
 | |
| 		assert.Equal(t, description, apiTeam.Description, "description")
 | |
| 		assert.Equal(t, includesAllRepositories, apiTeam.IncludesAllRepositories, "includesAllRepositories")
 | |
| 		assert.Equal(t, permission, apiTeam.Permission, "permission")
 | |
| 		if units != nil {
 | |
| 			sort.StringSlice(units).Sort()
 | |
| 			sort.StringSlice(apiTeam.Units).Sort()
 | |
| 			assert.EqualValues(t, units, apiTeam.Units, "units")
 | |
| 		}
 | |
| 		if unitsMap != nil {
 | |
| 			assert.EqualValues(t, unitsMap, apiTeam.UnitsMap, "unitsMap")
 | |
| 		}
 | |
| 	})
 | |
| }
 | |
| 
 | |
| func checkTeamBean(t *testing.T, id int64, name, description string, includesAllRepositories bool, permission string, units []string, unitsMap map[string]string) {
 | |
| 	team := unittest.AssertExistsAndLoadBean(t, &models.Team{ID: id}).(*models.Team)
 | |
| 	assert.NoError(t, team.GetUnits(), "GetUnits")
 | |
| 	checkTeamResponse(t, convert.ToTeam(team), name, description, includesAllRepositories, permission, units, unitsMap)
 | |
| }
 | |
| 
 | |
| type TeamSearchResults struct {
 | |
| 	OK   bool        `json:"ok"`
 | |
| 	Data []*api.Team `json:"data"`
 | |
| }
 | |
| 
 | |
| func TestAPITeamSearch(t *testing.T) {
 | |
| 	defer prepareTestEnv(t)()
 | |
| 
 | |
| 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 | |
| 	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)
 | |
| 
 | |
| 	var results TeamSearchResults
 | |
| 
 | |
| 	session := loginUser(t, user.Name)
 | |
| 	csrf := GetCSRF(t, session, "/"+org.Name)
 | |
| 	req := NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "_team")
 | |
| 	req.Header.Add("X-Csrf-Token", csrf)
 | |
| 	resp := session.MakeRequest(t, req, http.StatusOK)
 | |
| 	DecodeJSON(t, resp, &results)
 | |
| 	assert.NotEmpty(t, results.Data)
 | |
| 	assert.Len(t, results.Data, 1)
 | |
| 	assert.Equal(t, "test_team", results.Data[0].Name)
 | |
| 
 | |
| 	// no access if not organization member
 | |
| 	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
 | |
| 	session = loginUser(t, user5.Name)
 | |
| 	csrf = GetCSRF(t, session, "/"+org.Name)
 | |
| 	req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "team")
 | |
| 	req.Header.Add("X-Csrf-Token", csrf)
 | |
| 	session.MakeRequest(t, req, http.StatusForbidden)
 | |
| }
 |