2017-01-08 06:10:53 +03:00
// Copyright 2017 The Gitea Authors. All rights reserved.
2022-11-27 21:20:29 +03:00
// SPDX-License-Identifier: MIT
2017-01-08 06:10:53 +03:00
2022-06-15 10:02:00 +03:00
package access_test
2017-01-08 06:10:53 +03:00
import (
"testing"
2017-01-25 05:49:51 +03:00
2021-09-19 14:49:59 +03:00
"code.gitea.io/gitea/models/db"
2022-06-15 10:02:00 +03:00
perm_model "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
2021-12-10 04:27:50 +03:00
repo_model "code.gitea.io/gitea/models/repo"
2021-11-12 17:36:47 +03:00
"code.gitea.io/gitea/models/unittest"
2021-11-24 12:49:20 +03:00
user_model "code.gitea.io/gitea/models/user"
2021-11-17 15:34:35 +03:00
2017-01-08 06:10:53 +03:00
"github.com/stretchr/testify/assert"
)
func TestAccessLevel ( t * testing . T ) {
2021-11-12 17:36:47 +03:00
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
2017-01-08 06:10:53 +03:00
2022-08-16 05:22:25 +03:00
user2 := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 2 } )
user5 := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 5 } )
user29 := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 29 } )
2018-06-21 19:00:13 +03:00
// A public repository owned by User 2
2022-08-16 05:22:25 +03:00
repo1 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 1 } )
2018-06-21 19:00:13 +03:00
assert . False ( t , repo1 . IsPrivate )
// A private repository owned by Org 3
2022-08-16 05:22:25 +03:00
repo3 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 3 } )
2018-11-28 14:26:14 +03:00
assert . True ( t , repo3 . IsPrivate )
2017-01-08 06:10:53 +03:00
2020-01-13 20:33:46 +03:00
// Another public repository
2022-08-16 05:22:25 +03:00
repo4 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 4 } )
2020-01-13 20:33:46 +03:00
assert . False ( t , repo4 . IsPrivate )
// org. owned private repo
2022-08-16 05:22:25 +03:00
repo24 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 24 } )
2020-01-13 20:33:46 +03:00
2022-11-19 11:12:33 +03:00
level , err := access_model . AccessLevel ( db . DefaultContext , user2 , repo1 )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeOwner , level )
2017-01-08 06:10:53 +03:00
2022-11-19 11:12:33 +03:00
level , err = access_model . AccessLevel ( db . DefaultContext , user2 , repo3 )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeOwner , level )
2017-01-08 06:10:53 +03:00
2022-11-19 11:12:33 +03:00
level , err = access_model . AccessLevel ( db . DefaultContext , user5 , repo1 )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeRead , level )
2017-01-08 06:10:53 +03:00
2022-11-19 11:12:33 +03:00
level , err = access_model . AccessLevel ( db . DefaultContext , user5 , repo3 )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeNone , level )
2020-01-13 20:33:46 +03:00
// restricted user has no access to a public repo
2022-11-19 11:12:33 +03:00
level , err = access_model . AccessLevel ( db . DefaultContext , user29 , repo1 )
2020-01-13 20:33:46 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeNone , level )
2020-01-13 20:33:46 +03:00
// ... unless he's a collaborator
2022-11-19 11:12:33 +03:00
level , err = access_model . AccessLevel ( db . DefaultContext , user29 , repo4 )
2020-01-13 20:33:46 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeWrite , level )
2020-01-13 20:33:46 +03:00
// ... or a team member
2022-11-19 11:12:33 +03:00
level , err = access_model . AccessLevel ( db . DefaultContext , user29 , repo24 )
2020-01-13 20:33:46 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeRead , level )
2017-01-08 06:10:53 +03:00
}
func TestHasAccess ( t * testing . T ) {
2021-11-12 17:36:47 +03:00
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
2017-01-08 06:10:53 +03:00
2022-08-16 05:22:25 +03:00
user1 := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 2 } )
user2 := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 5 } )
2018-06-21 19:00:13 +03:00
// A public repository owned by User 2
2022-08-16 05:22:25 +03:00
repo1 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 1 } )
2018-06-21 19:00:13 +03:00
assert . False ( t , repo1 . IsPrivate )
// A private repository owned by Org 3
2022-08-16 05:22:25 +03:00
repo2 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 3 } )
2018-06-21 19:00:13 +03:00
assert . True ( t , repo2 . IsPrivate )
2017-01-08 06:10:53 +03:00
2022-06-15 10:02:00 +03:00
has , err := access_model . HasAccess ( db . DefaultContext , user1 . ID , repo1 )
2018-11-28 14:26:14 +03:00
assert . NoError ( t , err )
assert . True ( t , has )
2017-01-08 06:10:53 +03:00
2022-06-15 10:02:00 +03:00
_ , err = access_model . HasAccess ( db . DefaultContext , user1 . ID , repo2 )
2018-11-28 14:26:14 +03:00
assert . NoError ( t , err )
2017-01-08 06:10:53 +03:00
2022-06-15 10:02:00 +03:00
_ , err = access_model . HasAccess ( db . DefaultContext , user2 . ID , repo1 )
2018-11-28 14:26:14 +03:00
assert . NoError ( t , err )
2017-01-08 06:10:53 +03:00
2022-06-15 10:02:00 +03:00
_ , err = access_model . HasAccess ( db . DefaultContext , user2 . ID , repo2 )
2018-11-28 14:26:14 +03:00
assert . NoError ( t , err )
2017-01-08 06:10:53 +03:00
}
func TestRepository_RecalculateAccesses ( t * testing . T ) {
// test with organization repo
2021-11-12 17:36:47 +03:00
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
2022-08-16 05:22:25 +03:00
repo1 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 3 } )
2023-02-18 15:11:03 +03:00
assert . NoError ( t , repo1 . LoadOwner ( db . DefaultContext ) )
2017-01-08 06:10:53 +03:00
2022-05-11 13:09:36 +03:00
_ , err := db . GetEngine ( db . DefaultContext ) . Delete ( & repo_model . Collaboration { UserID : 2 , RepoID : 3 } )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . NoError ( t , access_model . RecalculateAccesses ( db . DefaultContext , repo1 ) )
2017-01-08 06:10:53 +03:00
2022-06-15 10:02:00 +03:00
access := & access_model . Access { UserID : 2 , RepoID : 3 }
2021-09-23 18:45:36 +03:00
has , err := db . GetEngine ( db . DefaultContext ) . Get ( access )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
assert . True ( t , has )
2022-06-15 10:02:00 +03:00
assert . Equal ( t , perm_model . AccessModeOwner , access . Mode )
2017-01-08 06:10:53 +03:00
}
func TestRepository_RecalculateAccesses2 ( t * testing . T ) {
// test with non-organization repo
2021-11-12 17:36:47 +03:00
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
2022-08-16 05:22:25 +03:00
repo1 := unittest . AssertExistsAndLoadBean ( t , & repo_model . Repository { ID : 4 } )
2023-02-18 15:11:03 +03:00
assert . NoError ( t , repo1 . LoadOwner ( db . DefaultContext ) )
2017-01-08 06:10:53 +03:00
2022-05-11 13:09:36 +03:00
_ , err := db . GetEngine ( db . DefaultContext ) . Delete ( & repo_model . Collaboration { UserID : 4 , RepoID : 4 } )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
2022-06-15 10:02:00 +03:00
assert . NoError ( t , access_model . RecalculateAccesses ( db . DefaultContext , repo1 ) )
2017-01-08 06:10:53 +03:00
2022-06-15 10:02:00 +03:00
has , err := db . GetEngine ( db . DefaultContext ) . Get ( & access_model . Access { UserID : 4 , RepoID : 4 } )
2017-01-08 06:10:53 +03:00
assert . NoError ( t , err )
assert . False ( t , has )
}
