osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Watch 15
Star 7
Wiki 捐赠
本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 4f0cac5ea6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4f0cac5ea6'
${ noResults }
com/models/repo_permission_test.go

258 lines
7.8KB
Raw Blame History 

  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"testing"

  9. 

  10. 	"github.com/stretchr/testify/assert"

  11. )

  12. 

  13. func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

  14. 	assert.NoError(t, PrepareTestDatabase())

  15. 

  16. 	// public non-organization repo

  17. 	repo := AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)

  18. 	assert.NoError(t, repo.getUnits(x))

  19. 

  20. 	// plain user

  21. 	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  22. 	perm, err := GetUserRepoPermission(repo, user)

  23. 	assert.NoError(t, err)

  24. 	for _, unit := range repo.Units {

  25. 		assert.True(t, perm.CanRead(unit.Type))

  26. 		assert.False(t, perm.CanWrite(unit.Type))

  27. 	}

  28. 

  29. 	// change to collaborator

  30. 	assert.NoError(t, repo.AddCollaborator(user))

  31. 	perm, err = GetUserRepoPermission(repo, user)

  32. 	assert.NoError(t, err)

  33. 	for _, unit := range repo.Units {

  34. 		assert.True(t, perm.CanRead(unit.Type))

  35. 		assert.True(t, perm.CanWrite(unit.Type))

  36. 	}

  37. 

  38. 	// collaborator

  39. 	collaborator := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)

  40. 	perm, err = GetUserRepoPermission(repo, collaborator)

  41. 	assert.NoError(t, err)

  42. 	for _, unit := range repo.Units {

  43. 		assert.True(t, perm.CanRead(unit.Type))

  44. 		assert.True(t, perm.CanWrite(unit.Type))

  45. 	}

  46. 

  47. 	// owner

  48. 	owner := AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  49. 	perm, err = GetUserRepoPermission(repo, owner)

  50. 	assert.NoError(t, err)

  51. 	for _, unit := range repo.Units {

  52. 		assert.True(t, perm.CanRead(unit.Type))

  53. 		assert.True(t, perm.CanWrite(unit.Type))

  54. 	}

  55. 

  56. 	// admin

  57. 	admin := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  58. 	perm, err = GetUserRepoPermission(repo, admin)

  59. 	assert.NoError(t, err)

  60. 	for _, unit := range repo.Units {

  61. 		assert.True(t, perm.CanRead(unit.Type))

  62. 		assert.True(t, perm.CanWrite(unit.Type))

  63. 	}

  64. }

  65. 

  66. func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

  67. 	assert.NoError(t, PrepareTestDatabase())

  68. 

  69. 	// private non-organization repo

  70. 	repo := AssertExistsAndLoadBean(t, &Repository{ID: 2}).(*Repository)

  71. 	assert.NoError(t, repo.getUnits(x))

  72. 

  73. 	// plain user

  74. 	user := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)

  75. 	perm, err := GetUserRepoPermission(repo, user)

  76. 	assert.NoError(t, err)

  77. 	for _, unit := range repo.Units {

  78. 		assert.False(t, perm.CanRead(unit.Type))

  79. 		assert.False(t, perm.CanWrite(unit.Type))

  80. 	}

  81. 

  82. 	// change to collaborator to default write access

  83. 	assert.NoError(t, repo.AddCollaborator(user))

  84. 	perm, err = GetUserRepoPermission(repo, user)

  85. 	assert.NoError(t, err)

  86. 	for _, unit := range repo.Units {

  87. 		assert.True(t, perm.CanRead(unit.Type))

  88. 		assert.True(t, perm.CanWrite(unit.Type))

  89. 	}

  90. 

  91. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  92. 	perm, err = GetUserRepoPermission(repo, user)

  93. 	assert.NoError(t, err)

  94. 	for _, unit := range repo.Units {

  95. 		assert.True(t, perm.CanRead(unit.Type))

  96. 		assert.False(t, perm.CanWrite(unit.Type))

  97. 	}

  98. 

  99. 	// owner

  100. 	owner := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  101. 	perm, err = GetUserRepoPermission(repo, owner)

  102. 	assert.NoError(t, err)

  103. 	for _, unit := range repo.Units {

  104. 		assert.True(t, perm.CanRead(unit.Type))

  105. 		assert.True(t, perm.CanWrite(unit.Type))

  106. 	}

  107. 

  108. 	// admin

  109. 	admin := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  110. 	perm, err = GetUserRepoPermission(repo, admin)

  111. 	assert.NoError(t, err)

  112. 	for _, unit := range repo.Units {

  113. 		assert.True(t, perm.CanRead(unit.Type))

  114. 		assert.True(t, perm.CanWrite(unit.Type))

  115. 	}

  116. }

  117. 

  118. func TestRepoPermissionPublicOrgRepo(t *testing.T) {

  119. 	assert.NoError(t, PrepareTestDatabase())

  120. 

  121. 	// public organization repo

  122. 	repo := AssertExistsAndLoadBean(t, &Repository{ID: 32}).(*Repository)

  123. 	assert.NoError(t, repo.getUnits(x))

  124. 

  125. 	// plain user

  126. 	user := AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  127. 	perm, err := GetUserRepoPermission(repo, user)

  128. 	assert.NoError(t, err)

  129. 	for _, unit := range repo.Units {

  130. 		assert.True(t, perm.CanRead(unit.Type))

  131. 		assert.False(t, perm.CanWrite(unit.Type))

  132. 	}

  133. 

  134. 	// change to collaborator to default write access

  135. 	assert.NoError(t, repo.AddCollaborator(user))

  136. 	perm, err = GetUserRepoPermission(repo, user)

  137. 	assert.NoError(t, err)

  138. 	for _, unit := range repo.Units {

  139. 		assert.True(t, perm.CanRead(unit.Type))

  140. 		assert.True(t, perm.CanWrite(unit.Type))

  141. 	}

  142. 

  143. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  144. 	perm, err = GetUserRepoPermission(repo, user)

  145. 	assert.NoError(t, err)

  146. 	for _, unit := range repo.Units {

  147. 		assert.True(t, perm.CanRead(unit.Type))

  148. 		assert.False(t, perm.CanWrite(unit.Type))

  149. 	}

  150. 

  151. 	// org member team owner

  152. 	owner := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  153. 	perm, err = GetUserRepoPermission(repo, owner)

  154. 	assert.NoError(t, err)

  155. 	for _, unit := range repo.Units {

  156. 		assert.True(t, perm.CanRead(unit.Type))

  157. 		assert.True(t, perm.CanWrite(unit.Type))

  158. 	}

  159. 

  160. 	// org member team tester

  161. 	member := AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)

  162. 	perm, err = GetUserRepoPermission(repo, member)

  163. 	assert.NoError(t, err)

  164. 	for _, unit := range repo.Units {

  165. 		assert.True(t, perm.CanRead(unit.Type))

  166. 	}

  167. 	assert.True(t, perm.CanWrite(UnitTypeIssues))

  168. 	assert.False(t, perm.CanWrite(UnitTypeCode))

  169. 

  170. 	// admin

  171. 	admin := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  172. 	perm, err = GetUserRepoPermission(repo, admin)

  173. 	assert.NoError(t, err)

  174. 	for _, unit := range repo.Units {

  175. 		assert.True(t, perm.CanRead(unit.Type))

  176. 		assert.True(t, perm.CanWrite(unit.Type))

  177. 	}

  178. }

  179. 

  180. func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

  181. 	assert.NoError(t, PrepareTestDatabase())

  182. 

  183. 	// private organization repo

  184. 	repo := AssertExistsAndLoadBean(t, &Repository{ID: 24}).(*Repository)

  185. 	assert.NoError(t, repo.getUnits(x))

  186. 

  187. 	// plain user

  188. 	user := AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)

  189. 	perm, err := GetUserRepoPermission(repo, user)

  190. 	assert.NoError(t, err)

  191. 	for _, unit := range repo.Units {

  192. 		assert.False(t, perm.CanRead(unit.Type))

  193. 		assert.False(t, perm.CanWrite(unit.Type))

  194. 	}

  195. 

  196. 	// change to collaborator to default write access

  197. 	assert.NoError(t, repo.AddCollaborator(user))

  198. 	perm, err = GetUserRepoPermission(repo, user)

  199. 	assert.NoError(t, err)

  200. 	for _, unit := range repo.Units {

  201. 		assert.True(t, perm.CanRead(unit.Type))

  202. 		assert.True(t, perm.CanWrite(unit.Type))

  203. 	}

  204. 

  205. 	assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))

  206. 	perm, err = GetUserRepoPermission(repo, user)

  207. 	assert.NoError(t, err)

  208. 	for _, unit := range repo.Units {

  209. 		assert.True(t, perm.CanRead(unit.Type))

  210. 		assert.False(t, perm.CanWrite(unit.Type))

  211. 	}

  212. 

  213. 	// org member team owner

  214. 	owner := AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)

  215. 	perm, err = GetUserRepoPermission(repo, owner)

  216. 	assert.NoError(t, err)

  217. 	for _, unit := range repo.Units {

  218. 		assert.True(t, perm.CanRead(unit.Type))

  219. 		assert.True(t, perm.CanWrite(unit.Type))

  220. 	}

  221. 

  222. 	// update team information and then check permission

  223. 	team := AssertExistsAndLoadBean(t, &Team{ID: 5}).(*Team)

  224. 	err = UpdateTeamUnits(team, nil)

  225. 	assert.NoError(t, err)

  226. 	perm, err = GetUserRepoPermission(repo, owner)

  227. 	assert.NoError(t, err)

  228. 	for _, unit := range repo.Units {

  229. 		assert.True(t, perm.CanRead(unit.Type))

  230. 		assert.True(t, perm.CanWrite(unit.Type))

  231. 	}

  232. 

  233. 	// org member team tester

  234. 	tester := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)

  235. 	perm, err = GetUserRepoPermission(repo, tester)

  236. 	assert.NoError(t, err)

  237. 	assert.True(t, perm.CanWrite(UnitTypeIssues))

  238. 	assert.False(t, perm.CanWrite(UnitTypeCode))

  239. 	assert.False(t, perm.CanRead(UnitTypeCode))

  240. 

  241. 	// org member team reviewer

  242. 	reviewer := AssertExistsAndLoadBean(t, &User{ID: 20}).(*User)

  243. 	perm, err = GetUserRepoPermission(repo, reviewer)

  244. 	assert.NoError(t, err)

  245. 	assert.False(t, perm.CanRead(UnitTypeIssues))

  246. 	assert.False(t, perm.CanWrite(UnitTypeCode))

  247. 	assert.True(t, perm.CanRead(UnitTypeCode))

  248. 

  249. 	// admin

  250. 	admin := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)

  251. 	perm, err = GetUserRepoPermission(repo, admin)

  252. 	assert.NoError(t, err)

  253. 	for _, unit := range repo.Units {

  254. 		assert.True(t, perm.CanRead(unit.Type))

  255. 		assert.True(t, perm.CanWrite(unit.Type))

  256. 	}

  257. }
上海开阖软件有限公司 沪ICP备12045867号-1