code.gitea.io/gitea@v1.21.7/tests/integration/org_test.go (about) 1 // Copyright 2019 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package integration 5 6 import ( 7 "fmt" 8 "net/http" 9 "strings" 10 "testing" 11 12 auth_model "code.gitea.io/gitea/models/auth" 13 "code.gitea.io/gitea/models/unittest" 14 user_model "code.gitea.io/gitea/models/user" 15 api "code.gitea.io/gitea/modules/structs" 16 "code.gitea.io/gitea/tests" 17 18 "github.com/stretchr/testify/assert" 19 ) 20 21 func TestOrgRepos(t *testing.T) { 22 defer tests.PrepareTestEnv(t)() 23 24 var ( 25 users = []string{"user1", "user2"} 26 cases = map[string][]string{ 27 "alphabetically": {"repo21", "repo3", "repo5"}, 28 "reversealphabetically": {"repo5", "repo3", "repo21"}, 29 } 30 ) 31 32 for _, user := range users { 33 t.Run(user, func(t *testing.T) { 34 session := loginUser(t, user) 35 for sortBy, repos := range cases { 36 req := NewRequest(t, "GET", "/org3?sort="+sortBy) 37 resp := session.MakeRequest(t, req, http.StatusOK) 38 39 htmlDoc := NewHTMLParser(t, resp.Body) 40 41 sel := htmlDoc.doc.Find("a.name") 42 assert.Len(t, repos, len(sel.Nodes)) 43 for i := 0; i < len(repos); i++ { 44 assert.EqualValues(t, repos[i], strings.TrimSpace(sel.Eq(i).Text())) 45 } 46 } 47 }) 48 } 49 } 50 51 func TestLimitedOrg(t *testing.T) { 52 defer tests.PrepareTestEnv(t)() 53 54 // not logged in user 55 req := NewRequest(t, "GET", "/limited_org") 56 MakeRequest(t, req, http.StatusNotFound) 57 req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org") 58 MakeRequest(t, req, http.StatusNotFound) 59 req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org") 60 MakeRequest(t, req, http.StatusNotFound) 61 62 // login non-org member user 63 session := loginUser(t, "user2") 64 req = NewRequest(t, "GET", "/limited_org") 65 session.MakeRequest(t, req, http.StatusOK) 66 req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org") 67 session.MakeRequest(t, req, http.StatusOK) 68 req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org") 69 session.MakeRequest(t, req, http.StatusNotFound) 70 71 // site admin 72 session = loginUser(t, "user1") 73 req = NewRequest(t, "GET", "/limited_org") 74 session.MakeRequest(t, req, http.StatusOK) 75 req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org") 76 session.MakeRequest(t, req, http.StatusOK) 77 req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org") 78 session.MakeRequest(t, req, http.StatusOK) 79 } 80 81 func TestPrivateOrg(t *testing.T) { 82 defer tests.PrepareTestEnv(t)() 83 84 // not logged in user 85 req := NewRequest(t, "GET", "/privated_org") 86 MakeRequest(t, req, http.StatusNotFound) 87 req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") 88 MakeRequest(t, req, http.StatusNotFound) 89 req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org") 90 MakeRequest(t, req, http.StatusNotFound) 91 92 // login non-org member user 93 session := loginUser(t, "user2") 94 req = NewRequest(t, "GET", "/privated_org") 95 session.MakeRequest(t, req, http.StatusNotFound) 96 req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") 97 session.MakeRequest(t, req, http.StatusNotFound) 98 req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org") 99 session.MakeRequest(t, req, http.StatusNotFound) 100 101 // non-org member who is collaborator on repo in private org 102 session = loginUser(t, "user4") 103 req = NewRequest(t, "GET", "/privated_org") 104 session.MakeRequest(t, req, http.StatusNotFound) 105 req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo 106 session.MakeRequest(t, req, http.StatusOK) 107 req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org") 108 session.MakeRequest(t, req, http.StatusNotFound) 109 110 // site admin 111 session = loginUser(t, "user1") 112 req = NewRequest(t, "GET", "/privated_org") 113 session.MakeRequest(t, req, http.StatusOK) 114 req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") 115 session.MakeRequest(t, req, http.StatusOK) 116 req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org") 117 session.MakeRequest(t, req, http.StatusOK) 118 } 119 120 func TestOrgMembers(t *testing.T) { 121 defer tests.PrepareTestEnv(t)() 122 123 // not logged in user 124 req := NewRequest(t, "GET", "/org/org25/members") 125 MakeRequest(t, req, http.StatusOK) 126 127 // org member 128 session := loginUser(t, "user24") 129 req = NewRequest(t, "GET", "/org/org25/members") 130 session.MakeRequest(t, req, http.StatusOK) 131 132 // site admin 133 session = loginUser(t, "user1") 134 req = NewRequest(t, "GET", "/org/org25/members") 135 session.MakeRequest(t, req, http.StatusOK) 136 } 137 138 func TestOrgRestrictedUser(t *testing.T) { 139 defer tests.PrepareTestEnv(t)() 140 141 // privated_org is a private org who has id 23 142 orgName := "privated_org" 143 144 // public_repo_on_private_org is a public repo on privated_org 145 repoName := "public_repo_on_private_org" 146 147 // user29 is a restricted user who is not a member of the organization 148 restrictedUser := "user29" 149 150 // #17003 reports a bug whereby adding a restricted user to a read-only team doesn't work 151 152 // assert restrictedUser cannot see the org or the public repo 153 restrictedSession := loginUser(t, restrictedUser) 154 req := NewRequest(t, "GET", fmt.Sprintf("/%s", orgName)) 155 restrictedSession.MakeRequest(t, req, http.StatusNotFound) 156 157 req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName)) 158 restrictedSession.MakeRequest(t, req, http.StatusNotFound) 159 160 // Therefore create a read-only team 161 adminSession := loginUser(t, "user1") 162 token := getTokenForLoggedInUser(t, adminSession, auth_model.AccessTokenScopeWriteOrganization) 163 164 teamToCreate := &api.CreateTeamOption{ 165 Name: "codereader", 166 Description: "Code Reader", 167 IncludesAllRepositories: true, 168 Permission: "read", 169 Units: []string{"repo.code"}, 170 } 171 172 req = NewRequestWithJSON(t, "POST", 173 fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, token), teamToCreate) 174 175 var apiTeam api.Team 176 177 resp := adminSession.MakeRequest(t, req, http.StatusCreated) 178 DecodeJSON(t, resp, &apiTeam) 179 checkTeamResponse(t, "CreateTeam_codereader", &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories, 180 teamToCreate.Permission, teamToCreate.Units, nil) 181 checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories, 182 teamToCreate.Permission, teamToCreate.Units, nil) 183 // teamID := apiTeam.ID 184 185 // Now we need to add the restricted user to the team 186 req = NewRequest(t, "PUT", 187 fmt.Sprintf("/api/v1/teams/%d/members/%s?token=%s", apiTeam.ID, restrictedUser, token)) 188 _ = adminSession.MakeRequest(t, req, http.StatusNoContent) 189 190 // Now we need to check if the restrictedUser can access the repo 191 req = NewRequest(t, "GET", fmt.Sprintf("/%s", orgName)) 192 restrictedSession.MakeRequest(t, req, http.StatusOK) 193 194 req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName)) 195 restrictedSession.MakeRequest(t, req, http.StatusOK) 196 } 197 198 func TestTeamSearch(t *testing.T) { 199 defer tests.PrepareTestEnv(t)() 200 201 user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}) 202 org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 17}) 203 204 var results TeamSearchResults 205 206 session := loginUser(t, user.Name) 207 csrf := GetCSRF(t, session, "/"+org.Name) 208 req := NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "_team") 209 req.Header.Add("X-Csrf-Token", csrf) 210 resp := session.MakeRequest(t, req, http.StatusOK) 211 DecodeJSON(t, resp, &results) 212 assert.NotEmpty(t, results.Data) 213 assert.Len(t, results.Data, 2) 214 assert.Equal(t, "review_team", results.Data[0].Name) 215 assert.Equal(t, "test_team", results.Data[1].Name) 216 217 // no access if not organization member 218 user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) 219 session = loginUser(t, user5.Name) 220 csrf = GetCSRF(t, session, "/"+org.Name) 221 req = NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "team") 222 req.Header.Add("X-Csrf-Token", csrf) 223 session.MakeRequest(t, req, http.StatusNotFound) 224 }