mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-30 10:11:23 +02:00
commit
4d22c5f6e4
@ -115,10 +115,20 @@ func Setup() {
|
|||||||
Token: "789",
|
Token: "789",
|
||||||
GitlabToken: "789",
|
GitlabToken: "789",
|
||||||
Admin: false}
|
Admin: false}
|
||||||
|
user4 := User{
|
||||||
|
Password: "$2a$10$b8d63QsTL38vx7lj0HEHfOdbu1PCAg6Gfca74UavkXooIBx9YxopS",
|
||||||
|
Name: "Rick El Toro",
|
||||||
|
Email: "rick@el.to.ro",
|
||||||
|
Gravatar: "c2180a539620d90d68eaeb848364f1c2",
|
||||||
|
Token: "987",
|
||||||
|
GitlabToken: "987",
|
||||||
|
Admin: false}
|
||||||
|
|
||||||
|
|
||||||
database.SaveUser(&user1)
|
database.SaveUser(&user1)
|
||||||
database.SaveUser(&user2)
|
database.SaveUser(&user2)
|
||||||
database.SaveUser(&user3)
|
database.SaveUser(&user3)
|
||||||
|
database.SaveUser(&user4)
|
||||||
|
|
||||||
// create dummy team data
|
// create dummy team data
|
||||||
team1 := Team{
|
team1 := Team{
|
||||||
|
@ -146,8 +146,8 @@ func TestListUsers(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// verify user count
|
// verify user count
|
||||||
if len(users) != 3 {
|
if len(users) != 4 {
|
||||||
t.Errorf("Exepected %d users in database, got %d", 3, len(users))
|
t.Errorf("Exepected %d users in database, got %d", 4, len(users))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -102,7 +102,7 @@ func (h RepoHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
// The User must own the repository OR be a member
|
// The User must own the repository OR be a member
|
||||||
// of the Team that owns the repository OR the repo
|
// of the Team that owns the repository OR the repo
|
||||||
// must not be private.
|
// must not be private.
|
||||||
if repo.Private == false && user.ID != repo.UserID {
|
if repo.Private && user.ID != repo.UserID {
|
||||||
if member, _ := database.IsMember(user.ID, repo.TeamID); !member {
|
if member, _ := database.IsMember(user.ID, repo.TeamID); !member {
|
||||||
RenderNotFound(w)
|
RenderNotFound(w)
|
||||||
return
|
return
|
||||||
|
68
pkg/handler/testing/handler_test.go
Normal file
68
pkg/handler/testing/handler_test.go
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
package testing
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
. "github.com/drone/drone/pkg/database/testing"
|
||||||
|
"github.com/drone/drone/pkg/handler"
|
||||||
|
. "github.com/drone/drone/pkg/model"
|
||||||
|
|
||||||
|
"github.com/bmizerany/pat"
|
||||||
|
. "github.com/smartystreets/goconvey/convey"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestRepoHandler(t *testing.T) {
|
||||||
|
Setup()
|
||||||
|
defer Teardown()
|
||||||
|
|
||||||
|
m := pat.New()
|
||||||
|
|
||||||
|
Convey("Repo Handler", t, func() {
|
||||||
|
m.Get("/:host/:owner/:name", handler.RepoHandler(dummyUserRepo))
|
||||||
|
Convey("Public repo can be viewed without login", func() {
|
||||||
|
req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
m.ServeHTTP(rec, req)
|
||||||
|
So(rec.Code, ShouldEqual, 200)
|
||||||
|
})
|
||||||
|
Convey("Public repo can be viewed by another user", func() {
|
||||||
|
req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
setUserSession(rec, req, "cavepig@gmail.com")
|
||||||
|
m.ServeHTTP(rec, req)
|
||||||
|
So(rec.Code, ShouldEqual, 200)
|
||||||
|
})
|
||||||
|
|
||||||
|
Convey("Private repo can not be viewed without login", func() {
|
||||||
|
req, err := http.NewRequest("GET", "/github.com/drone/drone", nil)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
m.ServeHTTP(rec, req)
|
||||||
|
So(rec.Code, ShouldEqual, 303)
|
||||||
|
})
|
||||||
|
Convey("Private repo can not be viewed by a non team member", func() {
|
||||||
|
req, err := http.NewRequest("GET", "/github.com/drone/drone", nil)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
setUserSession(rec, req, "rick@el.to.ro")
|
||||||
|
m.ServeHTTP(rec, req)
|
||||||
|
So(rec.Code, ShouldEqual, 404)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func dummyUserRepo(w http.ResponseWriter, r *http.Request, u *User, repo *Repo) error {
|
||||||
|
return handler.RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
|
||||||
|
}
|
||||||
|
|
||||||
|
func setUserSession(w http.ResponseWriter, r *http.Request, username string) {
|
||||||
|
handler.SetCookie(w, r, "_sess", username)
|
||||||
|
resp := http.Response{Header: w.Header()}
|
||||||
|
for _, v := range resp.Cookies() {
|
||||||
|
r.AddCookie(v)
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user