summaryrefslogtreecommitdiffstats
path: root/tests/integration/api_user_orgs_test.go
blob: e31199406dde3cdd9eaeda495cc6f399e67a5e2f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package integration

import (
	"fmt"
	"net/http"
	"testing"

	auth_model "code.gitea.io/gitea/models/auth"
	"code.gitea.io/gitea/models/db"
	"code.gitea.io/gitea/models/unittest"
	user_model "code.gitea.io/gitea/models/user"
	api "code.gitea.io/gitea/modules/structs"
	"code.gitea.io/gitea/tests"

	"github.com/stretchr/testify/assert"
)

func TestUserOrgs(t *testing.T) {
	defer tests.PrepareTestEnv(t)()
	adminUsername := "user1"
	normalUsername := "user2"
	privateMemberUsername := "user4"
	unrelatedUsername := "user5"

	orgs := getUserOrgs(t, adminUsername, normalUsername)

	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
	org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"})

	assert.Equal(t, []*api.Organization{
		{
			ID:          17,
			Name:        org17.Name,
			UserName:    org17.Name,
			FullName:    org17.FullName,
			Email:       org17.Email,
			AvatarURL:   org17.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
		{
			ID:          3,
			Name:        org3.Name,
			UserName:    org3.Name,
			FullName:    org3.FullName,
			Email:       org3.Email,
			AvatarURL:   org3.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
	}, orgs)

	// user itself should get it's org's he is a member of
	orgs = getUserOrgs(t, privateMemberUsername, privateMemberUsername)
	assert.Len(t, orgs, 1)

	// unrelated user should not get private org membership of privateMemberUsername
	orgs = getUserOrgs(t, unrelatedUsername, privateMemberUsername)
	assert.Empty(t, orgs)

	// not authenticated call should not be allowed
	testUserOrgsUnauthenticated(t, privateMemberUsername)
}

func getUserOrgs(t *testing.T, userDoer, userCheck string) (orgs []*api.Organization) {
	token := ""
	if len(userDoer) != 0 {
		token = getUserToken(t, userDoer, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
	}
	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/%s/orgs", userCheck)).
		AddTokenAuth(token)
	resp := MakeRequest(t, req, http.StatusOK)
	DecodeJSON(t, resp, &orgs)
	return orgs
}

func testUserOrgsUnauthenticated(t *testing.T, userCheck string) {
	session := emptyTestSession(t)
	req := NewRequestf(t, "GET", "/api/v1/users/%s/orgs", userCheck)
	session.MakeRequest(t, req, http.StatusUnauthorized)
}

func TestMyOrgs(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	req := NewRequest(t, "GET", "/api/v1/user/orgs")
	MakeRequest(t, req, http.StatusUnauthorized)

	normalUsername := "user2"
	token := getUserToken(t, normalUsername, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
	req = NewRequest(t, "GET", "/api/v1/user/orgs").
		AddTokenAuth(token)
	resp := MakeRequest(t, req, http.StatusOK)
	var orgs []*api.Organization
	DecodeJSON(t, resp, &orgs)
	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
	org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"})

	assert.Equal(t, []*api.Organization{
		{
			ID:          17,
			Name:        org17.Name,
			UserName:    org17.Name,
			FullName:    org17.FullName,
			Email:       org17.Email,
			AvatarURL:   org17.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
		{
			ID:          3,
			Name:        org3.Name,
			UserName:    org3.Name,
			FullName:    org3.FullName,
			Email:       org3.Email,
			AvatarURL:   org3.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
	}, orgs)
}