third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extend TestUserOrgs to cover permission cases (#14495)

Browse Source 
* TestMyOrgs: add unauthorized test

* Extend TestUserOrgs, to cover permission cases
tokarchuk/v1.17
6543 4 years ago committed by GitHub
parent 99b7af6fc8
commit 3599d44399
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 11 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 49
      integrations/api_user_orgs_test.go

49
integrations/api_user_orgs_test.go
Unescape View File

@ -19,15 +19,12 @@ func TestUserOrgs(t *testing.T) {
defer prepareTestEnv(t)()
adminUsername := "user1"
normalUsername := "user2"
session := loginUser(t, adminUsername)
token := getTokenForLoggedInUser(t, session)
urlStr := fmt.Sprintf("/api/v1/users/%s/orgs?token=%s", normalUsername, token)
req := NewRequest(t, "GET", urlStr)
resp := session.MakeRequest(t, req, http.StatusOK)
var orgs []*api.Organization
user3 := models.AssertExistsAndLoadBean(t, &models.User{Name: "user3"}).(*models.User)
privateMemberUsername := "user4"
unrelatedUsername := "user5"
DecodeJSON(t, resp, &orgs)
orgs := getUserOrgs(t, adminUsername, normalUsername)
user3 := models.AssertExistsAndLoadBean(t, &models.User{Name: "user3"}).(*models.User)
assert.Equal(t, []*api.Organization{
{
@ -41,16 +38,46 @@ func TestUserOrgs(t *testing.T) {
Visibility: "public",
},
}, orgs)
// user itself should get it's org's he is a member of
orgs = getUserOrgs(t, privateMemberUsername, privateMemberUsername)
assert.Len(t, orgs, 1)
// unrelated user should not get private org membership of privateMemberUsername
orgs = getUserOrgs(t, unrelatedUsername, privateMemberUsername)
assert.Len(t, orgs, 0)
// not authenticated call also should hide org membership
orgs = getUserOrgs(t, "", privateMemberUsername)
assert.Len(t, orgs, 0)
}
func getUserOrgs(t *testing.T, userDoer, userCheck string) (orgs []*api.Organization) {
var token = ""
session := emptyTestSession(t)
if len(userDoer) != 0 {
session = loginUser(t, userDoer)
token = getTokenForLoggedInUser(t, session)
}
urlStr := fmt.Sprintf("/api/v1/users/%s/orgs?token=%s", userCheck, token)
req := NewRequest(t, "GET", urlStr)
resp := session.MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &orgs)
return orgs
}
func TestMyOrgs(t *testing.T) {
defer prepareTestEnv(t)()
session := emptyTestSession(t)
req := NewRequest(t, "GET", "/api/v1/user/orgs")
resp := session.MakeRequest(t, req, http.StatusUnauthorized)
normalUsername := "user2"
session := loginUser(t, normalUsername)
session = loginUser(t, normalUsername)
token := getTokenForLoggedInUser(t, session)
req := NewRequest(t, "GET", "/api/v1/user/orgs?token="+token)
resp := session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/api/v1/user/orgs?token="+token)
resp = session.MakeRequest(t, req, http.StatusOK)
var orgs []*api.Organization
DecodeJSON(t, resp, &orgs)
user3 := models.AssertExistsAndLoadBean(t, &models.User{Name: "user3"}).(*models.User)

Write Preview
Loading…
Cancel
Save