code.gitea.io/gitea@v1.19.3/modules/repository/collaborator_test.go (about) 1 // Copyright 2019 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package repository 5 6 import ( 7 "testing" 8 9 "code.gitea.io/gitea/models/db" 10 "code.gitea.io/gitea/models/organization" 11 perm_model "code.gitea.io/gitea/models/perm" 12 access_model "code.gitea.io/gitea/models/perm/access" 13 repo_model "code.gitea.io/gitea/models/repo" 14 "code.gitea.io/gitea/models/unit" 15 "code.gitea.io/gitea/models/unittest" 16 user_model "code.gitea.io/gitea/models/user" 17 18 "github.com/stretchr/testify/assert" 19 ) 20 21 func TestRepository_AddCollaborator(t *testing.T) { 22 assert.NoError(t, unittest.PrepareTestDatabase()) 23 24 testSuccess := func(repoID, userID int64) { 25 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repoID}) 26 assert.NoError(t, repo.LoadOwner(db.DefaultContext)) 27 user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID}) 28 assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user)) 29 unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID}, &user_model.User{ID: userID}) 30 } 31 testSuccess(1, 4) 32 testSuccess(1, 4) 33 testSuccess(3, 4) 34 } 35 36 func TestRepoPermissionPublicNonOrgRepo(t *testing.T) { 37 assert.NoError(t, unittest.PrepareTestDatabase()) 38 39 // public non-organization repo 40 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}) 41 assert.NoError(t, repo.LoadUnits(db.DefaultContext)) 42 43 // plain user 44 user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) 45 perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 46 assert.NoError(t, err) 47 for _, unit := range repo.Units { 48 assert.True(t, perm.CanRead(unit.Type)) 49 assert.False(t, perm.CanWrite(unit.Type)) 50 } 51 52 // change to collaborator 53 assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user)) 54 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 55 assert.NoError(t, err) 56 for _, unit := range repo.Units { 57 assert.True(t, perm.CanRead(unit.Type)) 58 assert.True(t, perm.CanWrite(unit.Type)) 59 } 60 61 // collaborator 62 collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) 63 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator) 64 assert.NoError(t, err) 65 for _, unit := range repo.Units { 66 assert.True(t, perm.CanRead(unit.Type)) 67 assert.True(t, perm.CanWrite(unit.Type)) 68 } 69 70 // owner 71 owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) 72 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) 73 assert.NoError(t, err) 74 for _, unit := range repo.Units { 75 assert.True(t, perm.CanRead(unit.Type)) 76 assert.True(t, perm.CanWrite(unit.Type)) 77 } 78 79 // admin 80 admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) 81 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) 82 assert.NoError(t, err) 83 for _, unit := range repo.Units { 84 assert.True(t, perm.CanRead(unit.Type)) 85 assert.True(t, perm.CanWrite(unit.Type)) 86 } 87 } 88 89 func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) { 90 assert.NoError(t, unittest.PrepareTestDatabase()) 91 92 // private non-organization repo 93 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}) 94 assert.NoError(t, repo.LoadUnits(db.DefaultContext)) 95 96 // plain user 97 user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) 98 perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 99 assert.NoError(t, err) 100 for _, unit := range repo.Units { 101 assert.False(t, perm.CanRead(unit.Type)) 102 assert.False(t, perm.CanWrite(unit.Type)) 103 } 104 105 // change to collaborator to default write access 106 assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user)) 107 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 108 assert.NoError(t, err) 109 for _, unit := range repo.Units { 110 assert.True(t, perm.CanRead(unit.Type)) 111 assert.True(t, perm.CanWrite(unit.Type)) 112 } 113 114 assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, user.ID, perm_model.AccessModeRead)) 115 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 116 assert.NoError(t, err) 117 for _, unit := range repo.Units { 118 assert.True(t, perm.CanRead(unit.Type)) 119 assert.False(t, perm.CanWrite(unit.Type)) 120 } 121 122 // owner 123 owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) 124 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) 125 assert.NoError(t, err) 126 for _, unit := range repo.Units { 127 assert.True(t, perm.CanRead(unit.Type)) 128 assert.True(t, perm.CanWrite(unit.Type)) 129 } 130 131 // admin 132 admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) 133 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) 134 assert.NoError(t, err) 135 for _, unit := range repo.Units { 136 assert.True(t, perm.CanRead(unit.Type)) 137 assert.True(t, perm.CanWrite(unit.Type)) 138 } 139 } 140 141 func TestRepoPermissionPublicOrgRepo(t *testing.T) { 142 assert.NoError(t, unittest.PrepareTestDatabase()) 143 144 // public organization repo 145 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}) 146 assert.NoError(t, repo.LoadUnits(db.DefaultContext)) 147 148 // plain user 149 user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) 150 perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 151 assert.NoError(t, err) 152 for _, unit := range repo.Units { 153 assert.True(t, perm.CanRead(unit.Type)) 154 assert.False(t, perm.CanWrite(unit.Type)) 155 } 156 157 // change to collaborator to default write access 158 assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user)) 159 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 160 assert.NoError(t, err) 161 for _, unit := range repo.Units { 162 assert.True(t, perm.CanRead(unit.Type)) 163 assert.True(t, perm.CanWrite(unit.Type)) 164 } 165 166 assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, user.ID, perm_model.AccessModeRead)) 167 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 168 assert.NoError(t, err) 169 for _, unit := range repo.Units { 170 assert.True(t, perm.CanRead(unit.Type)) 171 assert.False(t, perm.CanWrite(unit.Type)) 172 } 173 174 // org member team owner 175 owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) 176 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) 177 assert.NoError(t, err) 178 for _, unit := range repo.Units { 179 assert.True(t, perm.CanRead(unit.Type)) 180 assert.True(t, perm.CanWrite(unit.Type)) 181 } 182 183 // org member team tester 184 member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}) 185 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member) 186 assert.NoError(t, err) 187 for _, unit := range repo.Units { 188 assert.True(t, perm.CanRead(unit.Type)) 189 } 190 assert.True(t, perm.CanWrite(unit.TypeIssues)) 191 assert.False(t, perm.CanWrite(unit.TypeCode)) 192 193 // admin 194 admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) 195 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) 196 assert.NoError(t, err) 197 for _, unit := range repo.Units { 198 assert.True(t, perm.CanRead(unit.Type)) 199 assert.True(t, perm.CanWrite(unit.Type)) 200 } 201 } 202 203 func TestRepoPermissionPrivateOrgRepo(t *testing.T) { 204 assert.NoError(t, unittest.PrepareTestDatabase()) 205 206 // private organization repo 207 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}) 208 assert.NoError(t, repo.LoadUnits(db.DefaultContext)) 209 210 // plain user 211 user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) 212 perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 213 assert.NoError(t, err) 214 for _, unit := range repo.Units { 215 assert.False(t, perm.CanRead(unit.Type)) 216 assert.False(t, perm.CanWrite(unit.Type)) 217 } 218 219 // change to collaborator to default write access 220 assert.NoError(t, AddCollaborator(db.DefaultContext, repo, user)) 221 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 222 assert.NoError(t, err) 223 for _, unit := range repo.Units { 224 assert.True(t, perm.CanRead(unit.Type)) 225 assert.True(t, perm.CanWrite(unit.Type)) 226 } 227 228 assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, user.ID, perm_model.AccessModeRead)) 229 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user) 230 assert.NoError(t, err) 231 for _, unit := range repo.Units { 232 assert.True(t, perm.CanRead(unit.Type)) 233 assert.False(t, perm.CanWrite(unit.Type)) 234 } 235 236 // org member team owner 237 owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}) 238 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) 239 assert.NoError(t, err) 240 for _, unit := range repo.Units { 241 assert.True(t, perm.CanRead(unit.Type)) 242 assert.True(t, perm.CanWrite(unit.Type)) 243 } 244 245 // update team information and then check permission 246 team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}) 247 err = organization.UpdateTeamUnits(team, nil) 248 assert.NoError(t, err) 249 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner) 250 assert.NoError(t, err) 251 for _, unit := range repo.Units { 252 assert.True(t, perm.CanRead(unit.Type)) 253 assert.True(t, perm.CanWrite(unit.Type)) 254 } 255 256 // org member team tester 257 tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) 258 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester) 259 assert.NoError(t, err) 260 assert.True(t, perm.CanWrite(unit.TypeIssues)) 261 assert.False(t, perm.CanWrite(unit.TypeCode)) 262 assert.False(t, perm.CanRead(unit.TypeCode)) 263 264 // org member team reviewer 265 reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}) 266 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer) 267 assert.NoError(t, err) 268 assert.False(t, perm.CanRead(unit.TypeIssues)) 269 assert.False(t, perm.CanWrite(unit.TypeCode)) 270 assert.True(t, perm.CanRead(unit.TypeCode)) 271 272 // admin 273 admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) 274 perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin) 275 assert.NoError(t, err) 276 for _, unit := range repo.Units { 277 assert.True(t, perm.CanRead(unit.Type)) 278 assert.True(t, perm.CanWrite(unit.Type)) 279 } 280 }