mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-23 19:11:58 +01:00
9302eba971
* DBContext is just a Context This PR removes some of the specialness from the DBContext and makes it context This allows us to simplify the GetEngine code to wrap around any context in future and means that we can change our loadRepo(e Engine) functions to simply take contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * fix unit tests Signed-off-by: Andrew Thornton <art27@cantab.net> * another place that needs to set the initial context Signed-off-by: Andrew Thornton <art27@cantab.net> * avoid race Signed-off-by: Andrew Thornton <art27@cantab.net> * change attachment error Signed-off-by: Andrew Thornton <art27@cantab.net>
258 lines
8 KiB
Go
258 lines
8 KiB
Go
// Copyright 2018 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package models
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/models/db"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
|
|
assert.NoError(t, db.PrepareTestDatabase())
|
|
|
|
// public non-organization repo
|
|
repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)
|
|
assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))
|
|
|
|
// plain user
|
|
user := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
|
|
perm, err := GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.False(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// change to collaborator
|
|
assert.NoError(t, repo.AddCollaborator(user))
|
|
perm, err = GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// collaborator
|
|
collaborator := db.AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, collaborator)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// owner
|
|
owner := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, owner)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// admin
|
|
admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, admin)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
}
|
|
|
|
func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
|
|
assert.NoError(t, db.PrepareTestDatabase())
|
|
|
|
// private non-organization repo
|
|
repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 2}).(*Repository)
|
|
assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))
|
|
|
|
// plain user
|
|
user := db.AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)
|
|
perm, err := GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.False(t, perm.CanRead(unit.Type))
|
|
assert.False(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// change to collaborator to default write access
|
|
assert.NoError(t, repo.AddCollaborator(user))
|
|
perm, err = GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
|
|
perm, err = GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.False(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// owner
|
|
owner := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, owner)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// admin
|
|
admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, admin)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
}
|
|
|
|
func TestRepoPermissionPublicOrgRepo(t *testing.T) {
|
|
assert.NoError(t, db.PrepareTestDatabase())
|
|
|
|
// public organization repo
|
|
repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 32}).(*Repository)
|
|
assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))
|
|
|
|
// plain user
|
|
user := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)
|
|
perm, err := GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.False(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// change to collaborator to default write access
|
|
assert.NoError(t, repo.AddCollaborator(user))
|
|
perm, err = GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
|
|
perm, err = GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.False(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// org member team owner
|
|
owner := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, owner)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// org member team tester
|
|
member := db.AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, member)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
}
|
|
assert.True(t, perm.CanWrite(UnitTypeIssues))
|
|
assert.False(t, perm.CanWrite(UnitTypeCode))
|
|
|
|
// admin
|
|
admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, admin)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
}
|
|
|
|
func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
|
assert.NoError(t, db.PrepareTestDatabase())
|
|
|
|
// private organization repo
|
|
repo := db.AssertExistsAndLoadBean(t, &Repository{ID: 24}).(*Repository)
|
|
assert.NoError(t, repo.getUnits(db.GetEngine(db.DefaultContext)))
|
|
|
|
// plain user
|
|
user := db.AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)
|
|
perm, err := GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.False(t, perm.CanRead(unit.Type))
|
|
assert.False(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// change to collaborator to default write access
|
|
assert.NoError(t, repo.AddCollaborator(user))
|
|
perm, err = GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
|
|
perm, err = GetUserRepoPermission(repo, user)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.False(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// org member team owner
|
|
owner := db.AssertExistsAndLoadBean(t, &User{ID: 15}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, owner)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// update team information and then check permission
|
|
team := db.AssertExistsAndLoadBean(t, &Team{ID: 5}).(*Team)
|
|
err = UpdateTeamUnits(team, nil)
|
|
assert.NoError(t, err)
|
|
perm, err = GetUserRepoPermission(repo, owner)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
|
|
// org member team tester
|
|
tester := db.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, tester)
|
|
assert.NoError(t, err)
|
|
assert.True(t, perm.CanWrite(UnitTypeIssues))
|
|
assert.False(t, perm.CanWrite(UnitTypeCode))
|
|
assert.False(t, perm.CanRead(UnitTypeCode))
|
|
|
|
// org member team reviewer
|
|
reviewer := db.AssertExistsAndLoadBean(t, &User{ID: 20}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, reviewer)
|
|
assert.NoError(t, err)
|
|
assert.False(t, perm.CanRead(UnitTypeIssues))
|
|
assert.False(t, perm.CanWrite(UnitTypeCode))
|
|
assert.True(t, perm.CanRead(UnitTypeCode))
|
|
|
|
// admin
|
|
admin := db.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
|
|
perm, err = GetUserRepoPermission(repo, admin)
|
|
assert.NoError(t, err)
|
|
for _, unit := range repo.Units {
|
|
assert.True(t, perm.CanRead(unit.Type))
|
|
assert.True(t, perm.CanWrite(unit.Type))
|
|
}
|
|
}
|