luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-06-23 09:30:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix team members API (#6714)

Browse source
This commit is contained in:
Lunny Xiao 2019-04-24 13:32:35 +08:00 committed by techknowlogick
parent e0172f0db7
commit 59be704efb
2 changed files with 51 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

13
integrations/api_team_test.go
View file

@ -16,6 +16,7 @@ import (
func TestAPITeam(t *testing.T) {
prepareTestEnv(t)
teamUser := models.AssertExistsAndLoadBean(t, &models.TeamUser{}).(*models.TeamUser)
team := models.AssertExistsAndLoadBean(t, &models.Team{ID: teamUser.TeamID}).(*models.Team)
user := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser.UID}).(*models.User)
@ -29,4 +30,16 @@ func TestAPITeam(t *testing.T) {
DecodeJSON(t, resp, &apiTeam)
assert.EqualValues(t, team.ID, apiTeam.ID)
assert.Equal(t, team.Name, apiTeam.Name)
// non team member user will not access the teams details
teamUser2 := models.AssertExistsAndLoadBean(t, &models.TeamUser{ID: 3}).(*models.TeamUser)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser2.UID}).(*models.User)
session = loginUser(t, user2.Name)
token = getTokenForLoggedInUser(t, session)
req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
resp = session.MakeRequest(t, req, http.StatusForbidden)
req = NewRequestf(t, "GET", "/api/v1/teams/%d", teamUser.TeamID)
resp = session.MakeRequest(t, req, http.StatusUnauthorized)
}