summaryrefslogtreecommitdiffstats
path: root/tests/integration/org_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'tests/integration/org_test.go')
-rw-r--r--tests/integration/org_test.go249
1 files changed, 249 insertions, 0 deletions
diff --git a/tests/integration/org_test.go b/tests/integration/org_test.go
new file mode 100644
index 00000000..a1e448be
--- /dev/null
+++ b/tests/integration/org_test.go
@@ -0,0 +1,249 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+ "fmt"
+ "net/http"
+ "strings"
+ "testing"
+
+ auth_model "code.gitea.io/gitea/models/auth"
+ "code.gitea.io/gitea/models/unittest"
+ user_model "code.gitea.io/gitea/models/user"
+ api "code.gitea.io/gitea/modules/structs"
+ "code.gitea.io/gitea/tests"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestOrgRepos(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ var (
+ users = []string{"user1", "user2"}
+ cases = map[string][]string{
+ "alphabetically": {"repo21", "repo3", "repo5"},
+ "reversealphabetically": {"repo5", "repo3", "repo21"},
+ }
+ )
+
+ for _, user := range users {
+ t.Run(user, func(t *testing.T) {
+ session := loginUser(t, user)
+ for sortBy, repos := range cases {
+ req := NewRequest(t, "GET", "/org3?sort="+sortBy)
+ resp := session.MakeRequest(t, req, http.StatusOK)
+
+ htmlDoc := NewHTMLParser(t, resp.Body)
+
+ sel := htmlDoc.doc.Find("a.name")
+ assert.Len(t, repos, len(sel.Nodes))
+ for i := 0; i < len(repos); i++ {
+ assert.EqualValues(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))
+ }
+ }
+ })
+ }
+}
+
+func TestLimitedOrg(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ // not logged in user
+ req := NewRequest(t, "GET", "/limited_org")
+ MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
+ MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
+ MakeRequest(t, req, http.StatusNotFound)
+
+ // login non-org member user
+ session := loginUser(t, "user2")
+ req = NewRequest(t, "GET", "/limited_org")
+ session.MakeRequest(t, req, http.StatusOK)
+ req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
+ session.MakeRequest(t, req, http.StatusOK)
+ req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
+ session.MakeRequest(t, req, http.StatusNotFound)
+
+ // site admin
+ session = loginUser(t, "user1")
+ req = NewRequest(t, "GET", "/limited_org")
+ session.MakeRequest(t, req, http.StatusOK)
+ req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
+ session.MakeRequest(t, req, http.StatusOK)
+ req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
+ session.MakeRequest(t, req, http.StatusOK)
+}
+
+func TestPrivateOrg(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ // not logged in user
+ req := NewRequest(t, "GET", "/privated_org")
+ MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
+ MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
+ MakeRequest(t, req, http.StatusNotFound)
+
+ // login non-org member user
+ session := loginUser(t, "user2")
+ req = NewRequest(t, "GET", "/privated_org")
+ session.MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
+ session.MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
+ session.MakeRequest(t, req, http.StatusNotFound)
+
+ // non-org member who is collaborator on repo in private org
+ session = loginUser(t, "user4")
+ req = NewRequest(t, "GET", "/privated_org")
+ session.MakeRequest(t, req, http.StatusNotFound)
+ req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo
+ session.MakeRequest(t, req, http.StatusOK)
+ req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
+ session.MakeRequest(t, req, http.StatusNotFound)
+
+ // site admin
+ session = loginUser(t, "user1")
+ req = NewRequest(t, "GET", "/privated_org")
+ session.MakeRequest(t, req, http.StatusOK)
+ req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
+ session.MakeRequest(t, req, http.StatusOK)
+ req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
+ session.MakeRequest(t, req, http.StatusOK)
+}
+
+func TestOrgMembers(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ // not logged in user
+ req := NewRequest(t, "GET", "/org/org25/members")
+ MakeRequest(t, req, http.StatusOK)
+
+ // org member
+ session := loginUser(t, "user24")
+ req = NewRequest(t, "GET", "/org/org25/members")
+ session.MakeRequest(t, req, http.StatusOK)
+
+ // site admin
+ session = loginUser(t, "user1")
+ req = NewRequest(t, "GET", "/org/org25/members")
+ session.MakeRequest(t, req, http.StatusOK)
+}
+
+func TestOrgRestrictedUser(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ // privated_org is a private org who has id 23
+ orgName := "privated_org"
+
+ // public_repo_on_private_org is a public repo on privated_org
+ repoName := "public_repo_on_private_org"
+
+ // user29 is a restricted user who is not a member of the organization
+ restrictedUser := "user29"
+
+ // #17003 reports a bug whereby adding a restricted user to a read-only team doesn't work
+
+ // assert restrictedUser cannot see the org or the public repo
+ restrictedSession := loginUser(t, restrictedUser)
+ req := NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))
+ restrictedSession.MakeRequest(t, req, http.StatusNotFound)
+
+ req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))
+ restrictedSession.MakeRequest(t, req, http.StatusNotFound)
+
+ // Therefore create a read-only team
+ adminSession := loginUser(t, "user1")
+ token := getTokenForLoggedInUser(t, adminSession, auth_model.AccessTokenScopeWriteOrganization)
+
+ teamToCreate := &api.CreateTeamOption{
+ Name: "codereader",
+ Description: "Code Reader",
+ IncludesAllRepositories: true,
+ Permission: "read",
+ Units: []string{"repo.code"},
+ }
+
+ req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams", orgName), teamToCreate).
+ AddTokenAuth(token)
+
+ var apiTeam api.Team
+
+ resp := adminSession.MakeRequest(t, req, http.StatusCreated)
+ DecodeJSON(t, resp, &apiTeam)
+ checkTeamResponse(t, "CreateTeam_codereader", &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
+ teamToCreate.Permission, teamToCreate.Units, nil)
+ checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
+ teamToCreate.Permission, teamToCreate.Units, nil)
+ // teamID := apiTeam.ID
+
+ // Now we need to add the restricted user to the team
+ req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/teams/%d/members/%s", apiTeam.ID, restrictedUser)).
+ AddTokenAuth(token)
+ _ = adminSession.MakeRequest(t, req, http.StatusNoContent)
+
+ // Now we need to check if the restrictedUser can access the repo
+ req = NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))
+ restrictedSession.MakeRequest(t, req, http.StatusOK)
+
+ req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))
+ restrictedSession.MakeRequest(t, req, http.StatusOK)
+}
+
+func TestTeamSearch(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15})
+ org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 17})
+
+ var results TeamSearchResults
+
+ session := loginUser(t, user.Name)
+ csrf := GetCSRF(t, session, "/"+org.Name)
+ req := NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "_team")
+ req.Header.Add("X-Csrf-Token", csrf)
+ resp := session.MakeRequest(t, req, http.StatusOK)
+ DecodeJSON(t, resp, &results)
+ assert.NotEmpty(t, results.Data)
+ assert.Len(t, results.Data, 2)
+ assert.Equal(t, "review_team", results.Data[0].Name)
+ assert.Equal(t, "test_team", results.Data[1].Name)
+
+ // no access if not organization member
+ user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+ session = loginUser(t, user5.Name)
+ csrf = GetCSRF(t, session, "/"+org.Name)
+ req = NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "team")
+ req.Header.Add("X-Csrf-Token", csrf)
+ session.MakeRequest(t, req, http.StatusNotFound)
+}
+
+func TestOrgDashboardLabels(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+ org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+ session := loginUser(t, user.Name)
+
+ req := NewRequestf(t, "GET", "/org/%s/issues?labels=3,4", org.Name)
+ resp := session.MakeRequest(t, req, http.StatusOK)
+ htmlDoc := NewHTMLParser(t, resp.Body)
+
+ labelFilterHref, ok := htmlDoc.Find(".list-header-sort a").Attr("href")
+ assert.True(t, ok)
+ assert.Contains(t, labelFilterHref, "labels=3%2c4")
+
+ // Exclude label
+ req = NewRequestf(t, "GET", "/org/%s/issues?labels=3,-4", org.Name)
+ resp = session.MakeRequest(t, req, http.StatusOK)
+ htmlDoc = NewHTMLParser(t, resp.Body)
+
+ labelFilterHref, ok = htmlDoc.Find(".list-header-sort a").Attr("href")
+ assert.True(t, ok)
+ assert.Contains(t, labelFilterHref, "labels=3%2c-4")
+}