Merge pull request 'fix: correct permission loading for limited organisation' (#6144) from gusted/forgejo-org-limited into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6144
Reviewed-by: Otto <otto@codeberg.org>
This commit is contained in:
Gusted 2024-12-04 17:57:07 +00:00
commit 5a7a87846b
2 changed files with 35 additions and 1 deletions

View file

@ -264,7 +264,7 @@ func (org *Organization) UnitPermission(ctx context.Context, doer *user_model.Us
} }
} }
if org.Visibility.IsPublic() { if org.Visibility.IsPublic() || (org.Visibility.IsLimited() && doer != nil) {
return perm.AccessModeRead return perm.AccessModeRead
} }

View file

@ -9,7 +9,9 @@ import (
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization" "code.gitea.io/gitea/models/organization"
"code.gitea.io/gitea/models/perm"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/models/unittest" "code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/structs"
@ -482,3 +484,35 @@ func TestCreateOrganization4(t *testing.T) {
assert.True(t, db.IsErrNameReserved(err)) assert.True(t, db.IsErrNameReserved(err))
unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{}) unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
} }
func TestUnitPermission(t *testing.T) {
require.NoError(t, unittest.PrepareTestDatabase())
publicOrg := &organization.Organization{ID: 1001, Visibility: structs.VisibleTypePublic}
limitedOrg := &organization.Organization{ID: 1001, Visibility: structs.VisibleTypeLimited}
privateOrg := &organization.Organization{ID: 1001, Visibility: structs.VisibleTypePrivate}
user := &user_model.User{ID: 1001}
t.Run("Anonymous", func(t *testing.T) {
t.Run("Public", func(t *testing.T) {
assert.EqualValues(t, perm.AccessModeRead, publicOrg.UnitPermission(db.DefaultContext, nil, unit.TypeCode))
})
t.Run("Limited", func(t *testing.T) {
assert.EqualValues(t, perm.AccessModeNone, limitedOrg.UnitPermission(db.DefaultContext, nil, unit.TypeCode))
})
t.Run("Private", func(t *testing.T) {
assert.EqualValues(t, perm.AccessModeNone, privateOrg.UnitPermission(db.DefaultContext, nil, unit.TypeCode))
})
})
t.Run("Logged in", func(t *testing.T) {
t.Run("Public", func(t *testing.T) {
assert.EqualValues(t, perm.AccessModeRead, publicOrg.UnitPermission(db.DefaultContext, user, unit.TypeCode))
})
t.Run("Limited", func(t *testing.T) {
assert.EqualValues(t, perm.AccessModeRead, limitedOrg.UnitPermission(db.DefaultContext, user, unit.TypeCode))
})
t.Run("Private", func(t *testing.T) {
assert.EqualValues(t, perm.AccessModeNone, privateOrg.UnitPermission(db.DefaultContext, user, unit.TypeCode))
})
})
}