summaryrefslogtreecommitdiffstats
path: root/tests/integration/org_project_test.go
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2024-10-18 20:33:49 +0200
committerDaniel Baumann <daniel@debian.org>2024-12-12 23:57:56 +0100
commite68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch)
tree97775d6c13b0f416af55314eb6a89ef792474615 /tests/integration/org_project_test.go
parentInitial commit. (diff)
downloadforgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz
forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '')
-rw-r--r--tests/integration/org_project_test.go63
1 files changed, 63 insertions, 0 deletions
diff --git a/tests/integration/org_project_test.go b/tests/integration/org_project_test.go
new file mode 100644
index 0000000..31d10f1
--- /dev/null
+++ b/tests/integration/org_project_test.go
@@ -0,0 +1,63 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+ "net/http"
+ "slices"
+ "testing"
+
+ unit_model "code.gitea.io/gitea/models/unit"
+ "code.gitea.io/gitea/tests"
+)
+
+func TestOrgProjectAccess(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ disabledRepoUnits := unit_model.DisabledRepoUnitsGet()
+ unit_model.DisabledRepoUnitsSet(append(slices.Clone(disabledRepoUnits), unit_model.TypeProjects))
+ defer unit_model.DisabledRepoUnitsSet(disabledRepoUnits)
+
+ // repo project, 404
+ req := NewRequest(t, "GET", "/user2/repo1/projects")
+ MakeRequest(t, req, http.StatusNotFound)
+
+ // user project, 200
+ req = NewRequest(t, "GET", "/user2/-/projects")
+ MakeRequest(t, req, http.StatusOK)
+
+ // org project, 200
+ req = NewRequest(t, "GET", "/org3/-/projects")
+ MakeRequest(t, req, http.StatusOK)
+
+ // change the org's visibility to private
+ session := loginUser(t, "user2")
+ req = NewRequestWithValues(t, "POST", "/org/org3/settings", map[string]string{
+ "_csrf": GetCSRF(t, session, "/org3/-/projects"),
+ "name": "org3",
+ "visibility": "2",
+ })
+ session.MakeRequest(t, req, http.StatusSeeOther)
+
+ // user4 can still access the org's project because its team(team1) has the permission
+ session = loginUser(t, "user4")
+ req = NewRequest(t, "GET", "/org3/-/projects")
+ session.MakeRequest(t, req, http.StatusOK)
+
+ // disable team1's project unit
+ session = loginUser(t, "user2")
+ req = NewRequestWithValues(t, "POST", "/org/org3/teams/team1/edit", map[string]string{
+ "_csrf": GetCSRF(t, session, "/org3/-/projects"),
+ "team_name": "team1",
+ "repo_access": "specific",
+ "permission": "read",
+ "unit_8": "0",
+ })
+ session.MakeRequest(t, req, http.StatusSeeOther)
+
+ // user4 can no longer access the org's project
+ session = loginUser(t, "user4")
+ req = NewRequest(t, "GET", "/org3/-/projects")
+ session.MakeRequest(t, req, http.StatusNotFound)
+}