code.gitea.io/gitea@v1.21.7/tests/integration/api_user_org_perm_test.go

code.gitea.io/gitea@v1.21.7/tests/integration/api_user_org_perm_test.go (about)

     1  // Copyright 2021 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package integration
     5  
     6  import (
     7  	"fmt"
     8  	"net/http"
     9  	"testing"
    10  
    11  	auth_model "code.gitea.io/gitea/models/auth"
    12  	api "code.gitea.io/gitea/modules/structs"
    13  	"code.gitea.io/gitea/tests"
    14  
    15  	"github.com/stretchr/testify/assert"
    16  )
    17  
    18  type apiUserOrgPermTestCase struct {
    19  	LoginUser                       string
    20  	User                            string
    21  	Organization                    string
    22  	ExpectedOrganizationPermissions api.OrganizationPermissions
    23  }
    24  
    25  func TestTokenNeeded(t *testing.T) {
    26  	defer tests.PrepareTestEnv(t)()
    27  
    28  	req := NewRequest(t, "GET", "/api/v1/users/user1/orgs/org6/permissions")
    29  	MakeRequest(t, req, http.StatusUnauthorized)
    30  }
    31  
    32  func sampleTest(t *testing.T, auoptc apiUserOrgPermTestCase) {
    33  	defer tests.PrepareTestEnv(t)()
    34  
    35  	session := loginUser(t, auoptc.LoginUser)
    36  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
    37  
    38  	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/%s/orgs/%s/permissions?token=%s", auoptc.User, auoptc.Organization, token))
    39  	resp := MakeRequest(t, req, http.StatusOK)
    40  
    41  	var apiOP api.OrganizationPermissions
    42  	DecodeJSON(t, resp, &apiOP)
    43  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.IsOwner, apiOP.IsOwner)
    44  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.IsAdmin, apiOP.IsAdmin)
    45  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.CanWrite, apiOP.CanWrite)
    46  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.CanRead, apiOP.CanRead)
    47  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.CanCreateRepository, apiOP.CanCreateRepository)
    48  }
    49  
    50  func TestWithOwnerUser(t *testing.T) {
    51  	sampleTest(t, apiUserOrgPermTestCase{
    52  		LoginUser:    "user2",
    53  		User:         "user2",
    54  		Organization: "org3",
    55  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
    56  			IsOwner:             true,
    57  			IsAdmin:             true,
    58  			CanWrite:            true,
    59  			CanRead:             true,
    60  			CanCreateRepository: true,
    61  		},
    62  	})
    63  }
    64  
    65  func TestCanWriteUser(t *testing.T) {
    66  	sampleTest(t, apiUserOrgPermTestCase{
    67  		LoginUser:    "user4",
    68  		User:         "user4",
    69  		Organization: "org3",
    70  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
    71  			IsOwner:             false,
    72  			IsAdmin:             false,
    73  			CanWrite:            true,
    74  			CanRead:             true,
    75  			CanCreateRepository: false,
    76  		},
    77  	})
    78  }
    79  
    80  func TestAdminUser(t *testing.T) {
    81  	sampleTest(t, apiUserOrgPermTestCase{
    82  		LoginUser:    "user1",
    83  		User:         "user28",
    84  		Organization: "org3",
    85  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
    86  			IsOwner:             false,
    87  			IsAdmin:             true,
    88  			CanWrite:            true,
    89  			CanRead:             true,
    90  			CanCreateRepository: true,
    91  		},
    92  	})
    93  }
    94  
    95  func TestAdminCanNotCreateRepo(t *testing.T) {
    96  	sampleTest(t, apiUserOrgPermTestCase{
    97  		LoginUser:    "user1",
    98  		User:         "user28",
    99  		Organization: "org6",
   100  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
   101  			IsOwner:             false,
   102  			IsAdmin:             true,
   103  			CanWrite:            true,
   104  			CanRead:             true,
   105  			CanCreateRepository: false,
   106  		},
   107  	})
   108  }
   109  
   110  func TestCanReadUser(t *testing.T) {
   111  	sampleTest(t, apiUserOrgPermTestCase{
   112  		LoginUser:    "user1",
   113  		User:         "user24",
   114  		Organization: "org25",
   115  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
   116  			IsOwner:             false,
   117  			IsAdmin:             false,
   118  			CanWrite:            false,
   119  			CanRead:             true,
   120  			CanCreateRepository: false,
   121  		},
   122  	})
   123  }
   124  
   125  func TestUnknowUser(t *testing.T) {
   126  	defer tests.PrepareTestEnv(t)()
   127  
   128  	session := loginUser(t, "user1")
   129  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadOrganization)
   130  
   131  	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/unknow/orgs/org25/permissions?token=%s", token))
   132  	resp := MakeRequest(t, req, http.StatusNotFound)
   133  
   134  	var apiError api.APIError
   135  	DecodeJSON(t, resp, &apiError)
   136  	assert.Equal(t, "user redirect does not exist [name: unknow]", apiError.Message)
   137  }
   138  
   139  func TestUnknowOrganization(t *testing.T) {
   140  	defer tests.PrepareTestEnv(t)()
   141  
   142  	session := loginUser(t, "user1")
   143  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadOrganization)
   144  
   145  	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/user1/orgs/unknow/permissions?token=%s", token))
   146  	resp := MakeRequest(t, req, http.StatusNotFound)
   147  	var apiError api.APIError
   148  	DecodeJSON(t, resp, &apiError)
   149  	assert.Equal(t, "GetUserByName", apiError.Message)
   150  }