2022-08-25 05:31:57 +03:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2022-11-27 21:20:29 +03:00
// SPDX-License-Identifier: MIT
2022-08-25 05:31:57 +03:00
package repository
import (
"testing"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization"
perm_model "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"github.com/stretchr/testify/assert"
)
func TestRepository_AddCollaborator ( t * testing . T ) {
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
testSuccess := func ( repoID , userID int64 ) {
repo := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : repoID } )
2023-02-18 15:11:03 +03:00
assert . NoError ( t , repo . LoadOwner ( db . DefaultContext ) )
2022-08-25 05:31:57 +03:00
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : userID } )
2022-12-10 05:46:31 +03:00
assert . NoError ( t , AddCollaborator ( db . DefaultContext , repo , user ) )
2022-08-25 05:31:57 +03:00
unittest . CheckConsistencyFor ( t , & repo_model . Repository { ID : repoID } , & user_model . User { ID : userID } )
}
testSuccess ( 1 , 4 )
testSuccess ( 1 , 4 )
testSuccess ( 3 , 4 )
}
func TestRepoPermissionPublicNonOrgRepo ( t * testing . T ) {
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
// public non-organization repo
repo := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 4 } )
assert . NoError ( t , repo . LoadUnits ( db . DefaultContext ) )
// plain user
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 2 } )
perm , err := access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . False ( t , perm . CanWrite ( unit . Type ) )
}
// change to collaborator
2022-12-10 05:46:31 +03:00
assert . NoError ( t , AddCollaborator ( db . DefaultContext , repo , user ) )
2022-08-25 05:31:57 +03:00
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
// collaborator
collaborator := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 4 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , collaborator )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
// owner
owner := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 5 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , owner )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
// admin
admin := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 1 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , admin )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
}
func TestRepoPermissionPrivateNonOrgRepo ( t * testing . T ) {
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
// private non-organization repo
repo := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 2 } )
assert . NoError ( t , repo . LoadUnits ( db . DefaultContext ) )
// plain user
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 4 } )
perm , err := access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . False ( t , perm . CanRead ( unit . Type ) )
assert . False ( t , perm . CanWrite ( unit . Type ) )
}
// change to collaborator to default write access
2022-12-10 05:46:31 +03:00
assert . NoError ( t , AddCollaborator ( db . DefaultContext , repo , user ) )
2022-08-25 05:31:57 +03:00
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
2022-12-10 05:46:31 +03:00
assert . NoError ( t , repo_model . ChangeCollaborationAccessMode ( db . DefaultContext , repo , user . ID , perm_model . AccessModeRead ) )
2022-08-25 05:31:57 +03:00
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . False ( t , perm . CanWrite ( unit . Type ) )
}
// owner
owner := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 2 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , owner )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
// admin
admin := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 1 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , admin )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
}
func TestRepoPermissionPublicOrgRepo ( t * testing . T ) {
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
// public organization repo
repo := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 32 } )
assert . NoError ( t , repo . LoadUnits ( db . DefaultContext ) )
// plain user
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 5 } )
perm , err := access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . False ( t , perm . CanWrite ( unit . Type ) )
}
// change to collaborator to default write access
2022-12-10 05:46:31 +03:00
assert . NoError ( t , AddCollaborator ( db . DefaultContext , repo , user ) )
2022-08-25 05:31:57 +03:00
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
2022-12-10 05:46:31 +03:00
assert . NoError ( t , repo_model . ChangeCollaborationAccessMode ( db . DefaultContext , repo , user . ID , perm_model . AccessModeRead ) )
2022-08-25 05:31:57 +03:00
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . False ( t , perm . CanWrite ( unit . Type ) )
}
// org member team owner
owner := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 2 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , owner )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
// org member team tester
member := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 15 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , member )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
}
assert . True ( t , perm . CanWrite ( unit . TypeIssues ) )
assert . False ( t , perm . CanWrite ( unit . TypeCode ) )
// admin
admin := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 1 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , admin )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
}
func TestRepoPermissionPrivateOrgRepo ( t * testing . T ) {
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
// private organization repo
repo := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 24 } )
assert . NoError ( t , repo . LoadUnits ( db . DefaultContext ) )
// plain user
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 5 } )
perm , err := access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . False ( t , perm . CanRead ( unit . Type ) )
assert . False ( t , perm . CanWrite ( unit . Type ) )
}
// change to collaborator to default write access
2022-12-10 05:46:31 +03:00
assert . NoError ( t , AddCollaborator ( db . DefaultContext , repo , user ) )
2022-08-25 05:31:57 +03:00
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
2022-12-10 05:46:31 +03:00
assert . NoError ( t , repo_model . ChangeCollaborationAccessMode ( db . DefaultContext , repo , user . ID , perm_model . AccessModeRead ) )
2022-08-25 05:31:57 +03:00
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , user )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . False ( t , perm . CanWrite ( unit . Type ) )
}
// org member team owner
owner := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 15 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , owner )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
// update team information and then check permission
team := unittest . AssertExistsAndLoadBean ( t , & organization . Team { ID : 5 } )
err = organization . UpdateTeamUnits ( team , nil )
assert . NoError ( t , err )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , owner )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
// org member team tester
tester := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 2 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , tester )
assert . NoError ( t , err )
assert . True ( t , perm . CanWrite ( unit . TypeIssues ) )
assert . False ( t , perm . CanWrite ( unit . TypeCode ) )
assert . False ( t , perm . CanRead ( unit . TypeCode ) )
// org member team reviewer
reviewer := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 20 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , reviewer )
assert . NoError ( t , err )
assert . False ( t , perm . CanRead ( unit . TypeIssues ) )
assert . False ( t , perm . CanWrite ( unit . TypeCode ) )
assert . True ( t , perm . CanRead ( unit . TypeCode ) )
// admin
admin := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 1 } )
perm , err = access_model . GetUserRepoPermission ( db . DefaultContext , repo , admin )
assert . NoError ( t , err )
for _ , unit := range repo . Units {
assert . True ( t , perm . CanRead ( unit . Type ) )
assert . True ( t , perm . CanWrite ( unit . Type ) )
}
}