mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-11-23 02:11:01 +00:00
Fix RepoHandler
This commit is contained in:
parent
c5ce7fa86a
commit
27c770e097
3 changed files with 79 additions and 1 deletions
|
@ -115,10 +115,20 @@ func Setup() {
|
|||
Token: "789",
|
||||
GitlabToken: "789",
|
||||
Admin: false}
|
||||
user4 := User{
|
||||
Password: "$2a$10$b8d63QsTL38vx7lj0HEHfOdbu1PCAg6Gfca74UavkXooIBx9YxopS",
|
||||
Name: "Rick El Toro",
|
||||
Email: "rick@el.to.ro",
|
||||
Gravatar: "c2180a539620d90d68eaeb848364f1c2",
|
||||
Token: "987",
|
||||
GitlabToken: "987",
|
||||
Admin: false}
|
||||
|
||||
|
||||
database.SaveUser(&user1)
|
||||
database.SaveUser(&user2)
|
||||
database.SaveUser(&user3)
|
||||
database.SaveUser(&user4)
|
||||
|
||||
// create dummy team data
|
||||
team1 := Team{
|
||||
|
|
|
@ -102,7 +102,7 @@ func (h RepoHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
// The User must own the repository OR be a member
|
||||
// of the Team that owns the repository OR the repo
|
||||
// must not be private.
|
||||
if repo.Private == false && user.ID != repo.UserID {
|
||||
if repo.Private && user.ID != repo.UserID {
|
||||
if member, _ := database.IsMember(user.ID, repo.TeamID); !member {
|
||||
RenderNotFound(w)
|
||||
return
|
||||
|
|
68
pkg/handler/testing/handler_test.go
Normal file
68
pkg/handler/testing/handler_test.go
Normal file
|
@ -0,0 +1,68 @@
|
|||
package testing
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
. "github.com/drone/drone/pkg/database/testing"
|
||||
"github.com/drone/drone/pkg/handler"
|
||||
. "github.com/drone/drone/pkg/model"
|
||||
|
||||
"github.com/bmizerany/pat"
|
||||
. "github.com/smartystreets/goconvey/convey"
|
||||
)
|
||||
|
||||
func TestRepoHandler(t *testing.T) {
|
||||
Setup()
|
||||
defer Teardown()
|
||||
|
||||
m := pat.New()
|
||||
|
||||
Convey("Repo Handler", t, func() {
|
||||
m.Get("/:host/:owner/:name", handler.RepoHandler(dummyUserRepo))
|
||||
Convey("Public repo can be viewed without login", func() {
|
||||
req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
|
||||
So(err, ShouldBeNil)
|
||||
rec := httptest.NewRecorder()
|
||||
m.ServeHTTP(rec, req)
|
||||
So(rec.Code, ShouldEqual, 200)
|
||||
})
|
||||
Convey("Public repo can be viewed by another user", func() {
|
||||
req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
|
||||
So(err, ShouldBeNil)
|
||||
rec := httptest.NewRecorder()
|
||||
setUserSession(rec, req, "cavepig@gmail.com")
|
||||
m.ServeHTTP(rec, req)
|
||||
So(rec.Code, ShouldEqual, 200)
|
||||
})
|
||||
|
||||
Convey("Private repo can not be viewed without login", func() {
|
||||
req, err := http.NewRequest("GET", "/github.com/drone/drone", nil)
|
||||
So(err, ShouldBeNil)
|
||||
rec := httptest.NewRecorder()
|
||||
m.ServeHTTP(rec, req)
|
||||
So(rec.Code, ShouldEqual, 303)
|
||||
})
|
||||
Convey("Private repo can not be viewed by a non team member", func() {
|
||||
req, err := http.NewRequest("GET", "/github.com/drone/drone", nil)
|
||||
So(err, ShouldBeNil)
|
||||
rec := httptest.NewRecorder()
|
||||
setUserSession(rec, req, "rick@el.to.ro")
|
||||
m.ServeHTTP(rec, req)
|
||||
So(rec.Code, ShouldEqual, 404)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func dummyUserRepo(w http.ResponseWriter, r *http.Request, u *User, repo *Repo) error {
|
||||
return handler.RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
|
||||
}
|
||||
|
||||
func setUserSession(w http.ResponseWriter, r *http.Request, username string) {
|
||||
handler.SetCookie(w, r, "_sess", username)
|
||||
resp := http.Response{Header: w.Header()}
|
||||
for _, v := range resp.Cookies() {
|
||||
r.AddCookie(v)
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue