diff options
| author | Daniel Baumann <daniel@debian.org> | 2024-10-18 20:33:49 +0200 |
|---|---|---|
| committer | Daniel Baumann <daniel@debian.org> | 2024-12-12 23:57:56 +0100 |
| commit | e68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch) | |
| tree | 97775d6c13b0f416af55314eb6a89ef792474615 /tests/integration/org_project_test.go | |
| parent | Initial commit. (diff) | |
| download | forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip | |
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to 'tests/integration/org_project_test.go')
| -rw-r--r-- | tests/integration/org_project_test.go | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/tests/integration/org_project_test.go b/tests/integration/org_project_test.go new file mode 100644 index 0000000..31d10f1 --- /dev/null +++ b/tests/integration/org_project_test.go @@ -0,0 +1,63 @@ +// Copyright 2023 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package integration + +import ( + "net/http" + "slices" + "testing" + + unit_model "code.gitea.io/gitea/models/unit" + "code.gitea.io/gitea/tests" +) + +func TestOrgProjectAccess(t *testing.T) { + defer tests.PrepareTestEnv(t)() + + disabledRepoUnits := unit_model.DisabledRepoUnitsGet() + unit_model.DisabledRepoUnitsSet(append(slices.Clone(disabledRepoUnits), unit_model.TypeProjects)) + defer unit_model.DisabledRepoUnitsSet(disabledRepoUnits) + + // repo project, 404 + req := NewRequest(t, "GET", "/user2/repo1/projects") + MakeRequest(t, req, http.StatusNotFound) + + // user project, 200 + req = NewRequest(t, "GET", "/user2/-/projects") + MakeRequest(t, req, http.StatusOK) + + // org project, 200 + req = NewRequest(t, "GET", "/org3/-/projects") + MakeRequest(t, req, http.StatusOK) + + // change the org's visibility to private + session := loginUser(t, "user2") + req = NewRequestWithValues(t, "POST", "/org/org3/settings", map[string]string{ + "_csrf": GetCSRF(t, session, "/org3/-/projects"), + "name": "org3", + "visibility": "2", + }) + session.MakeRequest(t, req, http.StatusSeeOther) + + // user4 can still access the org's project because its team(team1) has the permission + session = loginUser(t, "user4") + req = NewRequest(t, "GET", "/org3/-/projects") + session.MakeRequest(t, req, http.StatusOK) + + // disable team1's project unit + session = loginUser(t, "user2") + req = NewRequestWithValues(t, "POST", "/org/org3/teams/team1/edit", map[string]string{ + "_csrf": GetCSRF(t, session, "/org3/-/projects"), + "team_name": "team1", + "repo_access": "specific", + "permission": "read", + "unit_8": "0", + }) + session.MakeRequest(t, req, http.StatusSeeOther) + + // user4 can no longer access the org's project + session = loginUser(t, "user4") + req = NewRequest(t, "GET", "/org3/-/projects") + session.MakeRequest(t, req, http.StatusNotFound) +} |