code.gitea.io/gitea@v1.22.3/tests/integration/api_user_org_perm_test.go

code.gitea.io/gitea@v1.22.3/tests/integration/api_user_org_perm_test.go (about)

     1  // Copyright 2021 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package integration
     5  
     6  import (
     7  	"fmt"
     8  	"net/http"
     9  	"testing"
    10  
    11  	auth_model "code.gitea.io/gitea/models/auth"
    12  	api "code.gitea.io/gitea/modules/structs"
    13  	"code.gitea.io/gitea/tests"
    14  
    15  	"github.com/stretchr/testify/assert"
    16  )
    17  
    18  type apiUserOrgPermTestCase struct {
    19  	LoginUser                       string
    20  	User                            string
    21  	Organization                    string
    22  	ExpectedOrganizationPermissions api.OrganizationPermissions
    23  }
    24  
    25  func TestTokenNeeded(t *testing.T) {
    26  	defer tests.PrepareTestEnv(t)()
    27  
    28  	req := NewRequest(t, "GET", "/api/v1/users/user1/orgs/org6/permissions")
    29  	MakeRequest(t, req, http.StatusUnauthorized)
    30  }
    31  
    32  func sampleTest(t *testing.T, auoptc apiUserOrgPermTestCase) {
    33  	defer tests.PrepareTestEnv(t)()
    34  
    35  	session := loginUser(t, auoptc.LoginUser)
    36  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
    37  
    38  	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/%s/orgs/%s/permissions", auoptc.User, auoptc.Organization)).
    39  		AddTokenAuth(token)
    40  	resp := MakeRequest(t, req, http.StatusOK)
    41  
    42  	var apiOP api.OrganizationPermissions
    43  	DecodeJSON(t, resp, &apiOP)
    44  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.IsOwner, apiOP.IsOwner)
    45  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.IsAdmin, apiOP.IsAdmin)
    46  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.CanWrite, apiOP.CanWrite)
    47  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.CanRead, apiOP.CanRead)
    48  	assert.Equal(t, auoptc.ExpectedOrganizationPermissions.CanCreateRepository, apiOP.CanCreateRepository)
    49  }
    50  
    51  func TestWithOwnerUser(t *testing.T) {
    52  	sampleTest(t, apiUserOrgPermTestCase{
    53  		LoginUser:    "user2",
    54  		User:         "user2",
    55  		Organization: "org3",
    56  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
    57  			IsOwner:             true,
    58  			IsAdmin:             true,
    59  			CanWrite:            true,
    60  			CanRead:             true,
    61  			CanCreateRepository: true,
    62  		},
    63  	})
    64  }
    65  
    66  func TestCanWriteUser(t *testing.T) {
    67  	sampleTest(t, apiUserOrgPermTestCase{
    68  		LoginUser:    "user4",
    69  		User:         "user4",
    70  		Organization: "org3",
    71  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
    72  			IsOwner:             false,
    73  			IsAdmin:             false,
    74  			CanWrite:            true,
    75  			CanRead:             true,
    76  			CanCreateRepository: false,
    77  		},
    78  	})
    79  }
    80  
    81  func TestAdminUser(t *testing.T) {
    82  	sampleTest(t, apiUserOrgPermTestCase{
    83  		LoginUser:    "user1",
    84  		User:         "user28",
    85  		Organization: "org3",
    86  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
    87  			IsOwner:             false,
    88  			IsAdmin:             true,
    89  			CanWrite:            true,
    90  			CanRead:             true,
    91  			CanCreateRepository: true,
    92  		},
    93  	})
    94  }
    95  
    96  func TestAdminCanNotCreateRepo(t *testing.T) {
    97  	sampleTest(t, apiUserOrgPermTestCase{
    98  		LoginUser:    "user1",
    99  		User:         "user28",
   100  		Organization: "org6",
   101  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
   102  			IsOwner:             false,
   103  			IsAdmin:             true,
   104  			CanWrite:            true,
   105  			CanRead:             true,
   106  			CanCreateRepository: false,
   107  		},
   108  	})
   109  }
   110  
   111  func TestCanReadUser(t *testing.T) {
   112  	sampleTest(t, apiUserOrgPermTestCase{
   113  		LoginUser:    "user1",
   114  		User:         "user24",
   115  		Organization: "org25",
   116  		ExpectedOrganizationPermissions: api.OrganizationPermissions{
   117  			IsOwner:             false,
   118  			IsAdmin:             false,
   119  			CanWrite:            false,
   120  			CanRead:             true,
   121  			CanCreateRepository: false,
   122  		},
   123  	})
   124  }
   125  
   126  func TestUnknowUser(t *testing.T) {
   127  	defer tests.PrepareTestEnv(t)()
   128  
   129  	session := loginUser(t, "user1")
   130  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadOrganization)
   131  
   132  	req := NewRequest(t, "GET", "/api/v1/users/unknow/orgs/org25/permissions").
   133  		AddTokenAuth(token)
   134  	resp := MakeRequest(t, req, http.StatusNotFound)
   135  
   136  	var apiError api.APIError
   137  	DecodeJSON(t, resp, &apiError)
   138  	assert.Equal(t, "user redirect does not exist [name: unknow]", apiError.Message)
   139  }
   140  
   141  func TestUnknowOrganization(t *testing.T) {
   142  	defer tests.PrepareTestEnv(t)()
   143  
   144  	session := loginUser(t, "user1")
   145  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadOrganization)
   146  
   147  	req := NewRequest(t, "GET", "/api/v1/users/user1/orgs/unknow/permissions").
   148  		AddTokenAuth(token)
   149  	resp := MakeRequest(t, req, http.StatusNotFound)
   150  	var apiError api.APIError
   151  	DecodeJSON(t, resp, &apiError)
   152  	assert.Equal(t, "GetUserByName", apiError.Message)
   153  }