luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-21 09:21:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Fix bug when a token is given public only

Browse source 
Port of https://github.com/go-gitea/gitea/pull/32204

(cherry picked from commit d6d3c96e6555fc91b3e2ef21f4d8d7475564bb3e)

Conflicts:
  routers/api/v1/api.go
	services/context/api.go
  trivial context conflicts
This commit is contained in:
Lunny Xiao 2024-10-08 17:51:09 +08:00 committed by Earl Warren
parent 67549e2d94
commit a052d2b602
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
11 changed files with 174 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

34
tests/integration/api_issue_test.go
View file

@ -76,6 +76,34 @@ func TestAPIListIssues(t *testing.T) {
}
}
func TestAPIListIssuesPublicOnly(t *testing.T) {
defer tests.PrepareTestEnv(t)()
repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
owner1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo1.OwnerID})
session := loginUser(t, owner1.Name)
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/issues", owner1.Name, repo1.Name))
link.RawQuery = url.Values{"state": {"all"}}.Encode()
req := NewRequest(t, "GET", link.String()).AddTokenAuth(token)
MakeRequest(t, req, http.StatusOK)
repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
owner2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo2.OwnerID})
session = loginUser(t, owner2.Name)
token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/issues", owner2.Name, repo2.Name))
link.RawQuery = url.Values{"state": {"all"}}.Encode()
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
MakeRequest(t, req, http.StatusOK)
publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue, auth_model.AccessTokenScopePublicOnly)
req = NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken)
MakeRequest(t, req, http.StatusForbidden)
}
func TestAPICreateIssue(t *testing.T) {
defer tests.PrepareTestEnv(t)()
const body, title = "apiTestBody", "apiTestTitle"
@ -404,6 +432,12 @@ func TestAPISearchIssues(t *testing.T) {
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, expectedIssueCount)
publicOnlyToken := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue, auth_model.AccessTokenScopePublicOnly)
req = NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 15) // 15 public issues
since := "2000-01-01T00:50:01+00:00" // 946687801
before := time.Unix(999307200, 0).Format(time.RFC3339)
query.Add("since", since)