fix(commenter roles): don't give system users roles (#6766)

Currently on every pull request Ghost would have a misleading "First-time contributor" role. Also, if the issue author is a Ghost, all other ghosts who commented will be labeled as authors even if they are different ghosts. I've added a missing check to abort all other permission and contribution checks early if the user is a ghost. Also applies to other system users, as suggested by @earl-warren. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6766 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: 0ko <0ko@noreply.codeberg.org> Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-21 17:24:10 +00:00 · 2025-02-05 17:34:45 +00:00 · 2025-02-05 17:34:45 +00:00 · d1d78c1b14
commit d1d78c1b14
parent 862f4ad60c
5 changed files with 140 additions and 5 deletions
--- a/tests/integration/comment_roles_system_test.go
+++ b/tests/integration/comment_roles_system_test.go
@ -0,0 +1,56 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	issues_model "code.gitea.io/gitea/models/issues"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TestSystemCommentRoles verifies that system users don't have role labels.
+// As it is not possible to do actions as system users, the tests are done using fixtures.
+
+func TestSystemCommentRoles(t *testing.T) {
+	defer tests.AddFixtures("tests/integration/fixtures/TestSystemCommentRoles/")()
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	testCases := []struct {
+		name      string
+		username  string
+		index     int64
+		roleCount int64
+	}{
+		{"user2", "user2", 1000, 1}, // As a verification, also check a normal user with one role.
+		{"Ghost", "Ghost", 1001, 0}, // System users should not have any roles, so 0.
+		{"Actions", "forgejo-actions", 1002, 0},
+		{"APActor", "Ghost", 1003, 0}, // actor is displayed as Ghost, could be a bug.
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{
+				RepoID: repo.ID,
+				Index:  tc.index,
+			})
+
+			req := NewRequestf(t, "GET", "%s/issues/%d", repo.Link(), issue.Index)
+			resp := MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+
+			assert.EqualValues(t, tc.username, htmlDoc.Find("a.author").Text())
+			assert.EqualValues(t, tc.roleCount, htmlDoc.Find(".role-label").Length())
+		})
+	}
+}