code.gitea.io/gitea@v1.22.3/tests/integration/api_user_orgs_test.go (about) 1 // Copyright 2018 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package integration 5 6 import ( 7 "fmt" 8 "net/http" 9 "testing" 10 11 auth_model "code.gitea.io/gitea/models/auth" 12 "code.gitea.io/gitea/models/db" 13 "code.gitea.io/gitea/models/unittest" 14 user_model "code.gitea.io/gitea/models/user" 15 api "code.gitea.io/gitea/modules/structs" 16 "code.gitea.io/gitea/tests" 17 18 "github.com/stretchr/testify/assert" 19 ) 20 21 func TestUserOrgs(t *testing.T) { 22 defer tests.PrepareTestEnv(t)() 23 adminUsername := "user1" 24 normalUsername := "user2" 25 privateMemberUsername := "user4" 26 unrelatedUsername := "user5" 27 28 orgs := getUserOrgs(t, adminUsername, normalUsername) 29 30 org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"}) 31 org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"}) 32 org35 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "private_org35"}) 33 34 assert.Equal(t, []*api.Organization{ 35 { 36 ID: 17, 37 Name: org17.Name, 38 UserName: org17.Name, 39 FullName: org17.FullName, 40 Email: org17.Email, 41 AvatarURL: org17.AvatarLink(db.DefaultContext), 42 Description: "", 43 Website: "", 44 Location: "", 45 Visibility: "public", 46 }, 47 { 48 ID: 3, 49 Name: org3.Name, 50 UserName: org3.Name, 51 FullName: org3.FullName, 52 Email: org3.Email, 53 AvatarURL: org3.AvatarLink(db.DefaultContext), 54 Description: "", 55 Website: "", 56 Location: "", 57 Visibility: "public", 58 }, 59 { 60 ID: 35, 61 Name: org35.Name, 62 UserName: org35.Name, 63 FullName: org35.FullName, 64 Email: org35.Email, 65 AvatarURL: org35.AvatarLink(db.DefaultContext), 66 Description: "", 67 Website: "", 68 Location: "", 69 Visibility: "private", 70 }, 71 }, orgs) 72 73 // user itself should get it's org's he is a member of 74 orgs = getUserOrgs(t, privateMemberUsername, privateMemberUsername) 75 assert.Len(t, orgs, 1) 76 77 // unrelated user should not get private org membership of privateMemberUsername 78 orgs = getUserOrgs(t, unrelatedUsername, privateMemberUsername) 79 assert.Len(t, orgs, 0) 80 81 // not authenticated call should not be allowed 82 testUserOrgsUnauthenticated(t, privateMemberUsername) 83 } 84 85 func getUserOrgs(t *testing.T, userDoer, userCheck string) (orgs []*api.Organization) { 86 token := "" 87 if len(userDoer) != 0 { 88 token = getUserToken(t, userDoer, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser) 89 } 90 req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/%s/orgs", userCheck)). 91 AddTokenAuth(token) 92 resp := MakeRequest(t, req, http.StatusOK) 93 DecodeJSON(t, resp, &orgs) 94 return orgs 95 } 96 97 func testUserOrgsUnauthenticated(t *testing.T, userCheck string) { 98 session := emptyTestSession(t) 99 req := NewRequestf(t, "GET", "/api/v1/users/%s/orgs", userCheck) 100 session.MakeRequest(t, req, http.StatusUnauthorized) 101 } 102 103 func TestMyOrgs(t *testing.T) { 104 defer tests.PrepareTestEnv(t)() 105 106 req := NewRequest(t, "GET", "/api/v1/user/orgs") 107 MakeRequest(t, req, http.StatusUnauthorized) 108 109 normalUsername := "user2" 110 token := getUserToken(t, normalUsername, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser) 111 req = NewRequest(t, "GET", "/api/v1/user/orgs"). 112 AddTokenAuth(token) 113 resp := MakeRequest(t, req, http.StatusOK) 114 var orgs []*api.Organization 115 DecodeJSON(t, resp, &orgs) 116 org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"}) 117 org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"}) 118 org35 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "private_org35"}) 119 120 assert.Equal(t, []*api.Organization{ 121 { 122 ID: 17, 123 Name: org17.Name, 124 UserName: org17.Name, 125 FullName: org17.FullName, 126 Email: org17.Email, 127 AvatarURL: org17.AvatarLink(db.DefaultContext), 128 Description: "", 129 Website: "", 130 Location: "", 131 Visibility: "public", 132 }, 133 { 134 ID: 3, 135 Name: org3.Name, 136 UserName: org3.Name, 137 FullName: org3.FullName, 138 Email: org3.Email, 139 AvatarURL: org3.AvatarLink(db.DefaultContext), 140 Description: "", 141 Website: "", 142 Location: "", 143 Visibility: "public", 144 }, 145 { 146 ID: 35, 147 Name: org35.Name, 148 UserName: org35.Name, 149 FullName: org35.FullName, 150 Email: org35.Email, 151 AvatarURL: org35.AvatarLink(db.DefaultContext), 152 Description: "", 153 Website: "", 154 Location: "", 155 Visibility: "private", 156 }, 157 }, orgs) 158 }