Skip to content

Commit 8acf3d3

Browse files
lunnylunny
committed
Add tests
1 parent 8214177 commit 8acf3d3

File tree

2 files changed

+30
-15
lines changed

2 files changed

+30
-15
lines changed

routers/api/v1/api.go

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -388,6 +388,8 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
388388
ctx.Error(http.StatusForbidden, "reqRepoWriter", "user should have a permission to write to a repo")
389389
return
390390
}
391+
392+
checkPublicOnly(ctx, unit.TypeCode)
391393
}
392394
}
393395

@@ -398,6 +400,23 @@ func reqRepoBranchWriter(ctx *context.APIContext) {
398400
ctx.Error(http.StatusForbidden, "reqRepoBranchWriter", "user should have a permission to write to this branch")
399401
return
400402
}
403+
404+
checkPublicOnly(ctx, unit.TypeCode)
405+
}
406+
407+
func checkPublicOnly(ctx *context.APIContext, unitType unit.Type) {
408+
if true == ctx.Data["IsApiToken"] {
409+
switch unitType {
410+
case unit.TypeCode:
411+
publicRepo, pubRepoExists := ctx.Data["ApiTokenScopePublicRepoOnly"]
412+
413+
if pubRepoExists && publicRepo.(bool) &&
414+
ctx.Repo.Repository != nil && ctx.Repo.Repository.IsPrivate {
415+
ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public repos")
416+
return
417+
}
418+
}
419+
}
401420
}
402421

403422
// reqRepoReader user should have specific read permission or be a repo admin or a site admin
@@ -408,20 +427,7 @@ func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
408427
return
409428
}
410429

411-
if true == ctx.Data["IsApiToken"] {
412-
switch unitType {
413-
case unit.TypeCode:
414-
publicRepo, pubRepoExists := ctx.Data["ApiTokenScopePublicRepoOnly"]
415-
416-
if pubRepoExists && publicRepo.(bool) &&
417-
ctx.Repo.Repository != nil && ctx.Repo.Repository.IsPrivate {
418-
ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public repos")
419-
return
420-
}
421-
422-
return
423-
}
424-
}
430+
checkPublicOnly(ctx, unitType)
425431
}
426432
}
427433

tests/integration/api_repo_branch_test.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,13 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
2828
repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
2929
user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
3030
session := loginUser(t, user1.LowerName)
31-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
3231

32+
// public only token should be forbidden
33+
publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteRepository)
3334
link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo3.Name)) // a plain repo
35+
MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
36+
37+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
3438
resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
3539
bs, err := io.ReadAll(resp.Body)
3640
assert.NoError(t, err)
@@ -42,13 +46,17 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
4246
assert.EqualValues(t, "master", branches[1].Name)
4347

4448
link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo3.Name))
49+
MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
50+
4551
resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK)
4652
bs, err = io.ReadAll(resp.Body)
4753
assert.NoError(t, err)
4854
var branch api.Branch
4955
assert.NoError(t, json.Unmarshal(bs, &branch))
5056
assert.EqualValues(t, "test_branch", branch.Name)
5157

58+
MakeRequest(t, NewRequest(t, "POST", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
59+
5260
req := NewRequest(t, "POST", link.String()).AddTokenAuth(token)
5361
req.Header.Add("Content-Type", "application/json")
5462
req.Body = io.NopCloser(bytes.NewBufferString(`{"new_branch_name":"test_branch2", "old_branch_name": "test_branch", "old_ref_name":"refs/heads/test_branch"}`))
@@ -73,6 +81,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
7381

7482
link3, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch2", repo3.Name))
7583
MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNotFound)
84+
MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
7685

7786
MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(token), http.StatusNoContent)
7887
assert.NoError(t, err)

0 commit comments

Comments
 (0)