API: '/orgs/:org/repos': return private repos with read access (#5310) (#3829) (#5383)

Signed-off-by: Daniel Balko <inxonic+github@gmail.com>
This commit is contained in:
Daniel Balko 2018-11-23 22:23:27 +01:00 committed by techknowlogick
parent 49d9900b1f
commit 3379141d81
2 changed files with 46 additions and 19 deletions

View File

@ -212,22 +212,47 @@ func TestAPIViewRepo(t *testing.T) {
func TestAPIOrgRepos(t *testing.T) { func TestAPIOrgRepos(t *testing.T) {
prepareTestEnv(t) prepareTestEnv(t)
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
// User3 is an Org. Check their repos. // User3 is an Org. Check their repos.
sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
// Login as User2.
session := loginUser(t, user.Name) expectedResults := map[*models.User]struct {
token := getTokenForLoggedInUser(t, session) count int
includesPrivate bool
}{
nil: {count: 1},
user: {count: 2, includesPrivate: true},
user2: {count: 3, includesPrivate: true},
user3: {count: 1},
}
for userToLogin, expected := range expectedResults {
var session *TestSession
var testName string
var token string
if userToLogin != nil && userToLogin.ID > 0 {
testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
session = loginUser(t, userToLogin.Name)
token = getTokenForLoggedInUser(t, session)
} else {
testName = "AnonymousUser"
session = emptyTestSession(t)
}
t.Run(testName, func(t *testing.T) {
req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name) req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)
resp := session.MakeRequest(t, req, http.StatusOK) resp := session.MakeRequest(t, req, http.StatusOK)
var apiRepos []*api.Repository var apiRepos []*api.Repository
DecodeJSON(t, resp, &apiRepos) DecodeJSON(t, resp, &apiRepos)
expectedLen := models.GetCount(t, models.Repository{OwnerID: sourceOrg.ID}, assert.Len(t, apiRepos, expected.count)
models.Cond("is_private = ?", false))
assert.Len(t, apiRepos, expectedLen)
for _, repo := range apiRepos { for _, repo := range apiRepos {
if !expected.includesPrivate {
assert.False(t, repo.Private) assert.False(t, repo.Private)
} }
}
})
}
} }
func TestAPIGetRepoByIDUnauthorized(t *testing.T) { func TestAPIGetRepoByIDUnauthorized(t *testing.T) {

View File

@ -11,14 +11,13 @@ import (
) )
// listUserRepos - List the repositories owned by the given user. // listUserRepos - List the repositories owned by the given user.
func listUserRepos(ctx *context.APIContext, u *models.User) { func listUserRepos(ctx *context.APIContext, u *models.User, private bool) {
showPrivateRepos := ctx.IsSigned && (ctx.User.ID == u.ID || ctx.User.IsAdmin) repos, err := models.GetUserRepositories(u.ID, private, 1, u.NumRepos, "")
repos, err := models.GetUserRepositories(u.ID, showPrivateRepos, 1, u.NumRepos, "")
if err != nil { if err != nil {
ctx.Error(500, "GetUserRepositories", err) ctx.Error(500, "GetUserRepositories", err)
return return
} }
apiRepos := make([]*api.Repository, len(repos)) apiRepos := make([]*api.Repository, 0, len(repos))
var ctxUserID int64 var ctxUserID int64
if ctx.User != nil { if ctx.User != nil {
ctxUserID = ctx.User.ID ctxUserID = ctx.User.ID
@ -29,7 +28,9 @@ func listUserRepos(ctx *context.APIContext, u *models.User) {
ctx.Error(500, "AccessLevel", err) ctx.Error(500, "AccessLevel", err)
return return
} }
apiRepos[i] = repos[i].APIFormat(access) if ctx.IsSigned && ctx.User.IsAdmin || access >= models.AccessModeRead {
apiRepos = append(apiRepos, repos[i].APIFormat(access))
}
} }
ctx.JSON(200, &apiRepos) ctx.JSON(200, &apiRepos)
} }
@ -54,7 +55,8 @@ func ListUserRepos(ctx *context.APIContext) {
if ctx.Written() { if ctx.Written() {
return return
} }
listUserRepos(ctx, user) private := ctx.IsSigned && (ctx.User.ID == user.ID || ctx.User.IsAdmin)
listUserRepos(ctx, user, private)
} }
// ListMyRepos - list the repositories you own or have access to. // ListMyRepos - list the repositories you own or have access to.
@ -106,5 +108,5 @@ func ListOrgRepos(ctx *context.APIContext) {
// responses: // responses:
// "200": // "200":
// "$ref": "#/responses/RepositoryList" // "$ref": "#/responses/RepositoryList"
listUserRepos(ctx, ctx.Org.Organization) listUserRepos(ctx, ctx.Org.Organization, ctx.IsSigned)
} }