gitea/integrations/org_test.go

// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package integrations

import (
	"fmt"
	"net/http"
	"strings"
	"testing"

	"code.gitea.io/gitea/models/unittest"
	user_model "code.gitea.io/gitea/models/user"
	api "code.gitea.io/gitea/modules/structs"

	"github.com/stretchr/testify/assert"
)

func TestOrgRepos(t *testing.T) {
	defer prepareTestEnv(t)()

	var (
		users = []string{"user1", "user2"}
		cases = map[string][]string{
			"alphabetically":        {"repo21", "repo3", "repo5"},
			"reversealphabetically": {"repo5", "repo3", "repo21"},
		}
	)

	for _, user := range users {
		t.Run(user, func(t *testing.T) {
			session := loginUser(t, user)
			for sortBy, repos := range cases {
				req := NewRequest(t, "GET", "/user3?sort="+sortBy)
				resp := session.MakeRequest(t, req, http.StatusOK)

				htmlDoc := NewHTMLParser(t, resp.Body)

				sel := htmlDoc.doc.Find("a.name")
				assert.Len(t, repos, len(sel.Nodes))
				for i := 0; i < len(repos); i++ {
					assert.EqualValues(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))
				}
			}
		})
	}
}

func TestLimitedOrg(t *testing.T) {
	defer prepareTestEnv(t)()

	// not logged in user
	req := NewRequest(t, "GET", "/limited_org")
	MakeRequest(t, req, http.StatusNotFound)
	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
	MakeRequest(t, req, http.StatusNotFound)
	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
	MakeRequest(t, req, http.StatusNotFound)

	// login non-org member user
	session := loginUser(t, "user2")
	req = NewRequest(t, "GET", "/limited_org")
	session.MakeRequest(t, req, http.StatusOK)
	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
	session.MakeRequest(t, req, http.StatusOK)
	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
	session.MakeRequest(t, req, http.StatusNotFound)

	// site admin
	session = loginUser(t, "user1")
	req = NewRequest(t, "GET", "/limited_org")
	session.MakeRequest(t, req, http.StatusOK)
	req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")
	session.MakeRequest(t, req, http.StatusOK)
	req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")
	session.MakeRequest(t, req, http.StatusOK)
}

func TestPrivateOrg(t *testing.T) {
	defer prepareTestEnv(t)()

	// not logged in user
	req := NewRequest(t, "GET", "/privated_org")
	MakeRequest(t, req, http.StatusNotFound)
	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
	MakeRequest(t, req, http.StatusNotFound)
	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
	MakeRequest(t, req, http.StatusNotFound)

	// login non-org member user
	session := loginUser(t, "user2")
	req = NewRequest(t, "GET", "/privated_org")
	session.MakeRequest(t, req, http.StatusNotFound)
	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
	session.MakeRequest(t, req, http.StatusNotFound)
	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
	session.MakeRequest(t, req, http.StatusNotFound)

	// non-org member who is collaborator on repo in private org
	session = loginUser(t, "user4")
	req = NewRequest(t, "GET", "/privated_org")
	session.MakeRequest(t, req, http.StatusNotFound)
	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo
	session.MakeRequest(t, req, http.StatusOK)
	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
	session.MakeRequest(t, req, http.StatusNotFound)

	// site admin
	session = loginUser(t, "user1")
	req = NewRequest(t, "GET", "/privated_org")
	session.MakeRequest(t, req, http.StatusOK)
	req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")
	session.MakeRequest(t, req, http.StatusOK)
	req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
	session.MakeRequest(t, req, http.StatusOK)
}

func TestOrgRestrictedUser(t *testing.T) {
	defer prepareTestEnv(t)()

	// privated_org is a private org who has id 23
	orgName := "privated_org"

	// public_repo_on_private_org is a public repo on privated_org
	repoName := "public_repo_on_private_org"

	// user29 is a restricted user who is not a member of the organization
	restrictedUser := "user29"

	// #17003 reports a bug whereby adding a restricted user to a read-only team doesn't work

	// assert restrictedUser cannot see the org or the public repo
	restrictedSession := loginUser(t, restrictedUser)
	req := NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))
	restrictedSession.MakeRequest(t, req, http.StatusNotFound)

	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))
	restrictedSession.MakeRequest(t, req, http.StatusNotFound)

	// Therefore create a read-only team
	adminSession := loginUser(t, "user1")
	token := getTokenForLoggedInUser(t, adminSession)

	teamToCreate := &api.CreateTeamOption{
		Name:                    "codereader",
		Description:             "Code Reader",
		IncludesAllRepositories: true,
		Permission:              "read",
		Units:                   []string{"repo.code"},
	}

	req = NewRequestWithJSON(t, "POST",
		fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, token), teamToCreate)

	var apiTeam api.Team

	resp := adminSession.MakeRequest(t, req, http.StatusCreated)
	DecodeJSON(t, resp, &apiTeam)
	checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
		teamToCreate.Permission, teamToCreate.Units, nil)
	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,
		teamToCreate.Permission, teamToCreate.Units, nil)
	// teamID := apiTeam.ID

	// Now we need to add the restricted user to the team
	req = NewRequest(t, "PUT",
		fmt.Sprintf("/api/v1/teams/%d/members/%s?token=%s", apiTeam.ID, restrictedUser, token))
	_ = adminSession.MakeRequest(t, req, http.StatusNoContent)

	// Now we need to check if the restrictedUser can access the repo
	req = NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))
	restrictedSession.MakeRequest(t, req, http.StatusOK)

	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))
	restrictedSession.MakeRequest(t, req, http.StatusOK)
}

func TestTeamSearch(t *testing.T) {
	defer prepareTestEnv(t)()

	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)

	var results TeamSearchResults

	session := loginUser(t, user.Name)
	csrf := GetCSRF(t, session, "/"+org.Name)
	req := NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "_team")
	req.Header.Add("X-Csrf-Token", csrf)
	resp := session.MakeRequest(t, req, http.StatusOK)
	DecodeJSON(t, resp, &results)
	assert.NotEmpty(t, results.Data)
	assert.Len(t, results.Data, 1)
	assert.Equal(t, "test_team", results.Data[0].Name)

	// no access if not organization member
	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
	session = loginUser(t, user5.Name)
	csrf = GetCSRF(t, session, "/"+org.Name)
	req = NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "team")
	req.Header.Add("X-Csrf-Token", csrf)
	session.MakeRequest(t, req, http.StatusNotFound)
}
Fix: Sort repos on org home page with non-admin login (#6741) 2019-04-24 14:20:22 -04:00			`// Copyright 2019 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package integrations`

			`import (`
Ensure that restricted users can access repos for which they are members (#17460) There is a small bug in the way that repo access is checked in repoAssignment: Accessibility is checked by checking if the user has a marked access to the repository instead of checking if the user has any team granted access. This PR changes this permissions check to use HasAccess() which does the correct test. There is also a fix in the release api ListReleases where it should return draft releases if the user is a member of a team with write access to the releases. The PR also adds a testcase. Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-10-27 22:54:40 -04:00			`"fmt"`
Fix: Sort repos on org home page with non-admin login (#6741) 2019-04-24 14:20:22 -04:00			`"net/http"`
			`"strings"`
			`"testing"`

Never use /api/v1 from Gitea UI Pages (#19318) Reusing `/api/v1` from Gitea UI Pages have pros and cons. Pros: 1) Less code copy Cons: 1) API/v1 have to support shared session with page requests. 2) You need to consider for each other when you want to change something about api/v1 or page. This PR moves all dependencies to API/v1 from UI Pages. Partially replace #16052 2022-04-07 14:59:56 -04:00			`"code.gitea.io/gitea/models/unittest"`
			`user_model "code.gitea.io/gitea/models/user"`
Ensure that restricted users can access repos for which they are members (#17460) There is a small bug in the way that repo access is checked in repoAssignment: Accessibility is checked by checking if the user has a marked access to the repository instead of checking if the user has any team granted access. This PR changes this permissions check to use HasAccess() which does the correct test. There is also a fix in the release api ListReleases where it should return draft releases if the user is a member of a team with write access to the releases. The PR also adds a testcase. Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-10-27 22:54:40 -04:00			`api "code.gitea.io/gitea/modules/structs"`
A better go code formatter, and now `make fmt` can run in Windows (#17684) * go build / format tools * re-format imports 2021-11-17 07:34:35 -05:00
Fix: Sort repos on org home page with non-admin login (#6741) 2019-04-24 14:20:22 -04:00			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestOrgRepos(t *testing.T) {`
Fix "data race" in testlogger (#9159) * Fix data race in testlogger * Update git_helper_for_declarative_test.go 2019-11-25 18:21:37 -05:00			`defer prepareTestEnv(t)()`
Fix: Sort repos on org home page with non-admin login (#6741) 2019-04-24 14:20:22 -04:00
			`var (`
			`users = []string{"user1", "user2"}`
			`cases = map[string][]string{`
			`"alphabetically": {"repo21", "repo3", "repo5"},`
			`"reversealphabetically": {"repo5", "repo3", "repo21"},`
			`}`
			`)`

			`for _, user := range users {`
			`t.Run(user, func(t *testing.T) {`
			`session := loginUser(t, user)`
			`for sortBy, repos := range cases {`
			`req := NewRequest(t, "GET", "/user3?sort="+sortBy)`
			`resp := session.MakeRequest(t, req, http.StatusOK)`

			`htmlDoc := NewHTMLParser(t, resp.Body)`

			`sel := htmlDoc.doc.Find("a.name")`
Fixed assert statements. (#16089) 2021-06-07 01:27:09 -04:00			`assert.Len(t, repos, len(sel.Nodes))`
Fix: Sort repos on org home page with non-admin login (#6741) 2019-04-24 14:20:22 -04:00			`for i := 0; i < len(repos); i++ {`
			`assert.EqualValues(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))`
			`}`
			`}`
			`})`
			`}`
			`}`
Fix org visibility bug when git cloning (#6743) * fix org visibility bug * fix permission check * add integration tests * fix tests * change test user name for easier maintainance and fix test * fix test git repo name 2019-04-25 14:59:10 -04:00
			`func TestLimitedOrg(t *testing.T) {`
Fix "data race" in testlogger (#9159) * Fix data race in testlogger * Update git_helper_for_declarative_test.go 2019-11-25 18:21:37 -05:00			`defer prepareTestEnv(t)()`
Fix org visibility bug when git cloning (#6743) * fix org visibility bug * fix permission check * add integration tests * fix tests * change test user name for easier maintainance and fix test * fix test git repo name 2019-04-25 14:59:10 -04:00
			`// not logged in user`
			`req := NewRequest(t, "GET", "/limited_org")`
			`MakeRequest(t, req, http.StatusNotFound)`
			`req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")`
			`MakeRequest(t, req, http.StatusNotFound)`
			`req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")`
			`MakeRequest(t, req, http.StatusNotFound)`

			`// login non-org member user`
			`session := loginUser(t, "user2")`
			`req = NewRequest(t, "GET", "/limited_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")`
			`session.MakeRequest(t, req, http.StatusNotFound)`

			`// site admin`
			`session = loginUser(t, "user1")`
			`req = NewRequest(t, "GET", "/limited_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`req = NewRequest(t, "GET", "/limited_org/public_repo_on_limited_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`req = NewRequest(t, "GET", "/limited_org/private_repo_on_limited_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`}`

			`func TestPrivateOrg(t *testing.T) {`
Fix "data race" in testlogger (#9159) * Fix data race in testlogger * Update git_helper_for_declarative_test.go 2019-11-25 18:21:37 -05:00			`defer prepareTestEnv(t)()`
Fix org visibility bug when git cloning (#6743) * fix org visibility bug * fix permission check * add integration tests * fix tests * change test user name for easier maintainance and fix test * fix test git repo name 2019-04-25 14:59:10 -04:00
			`// not logged in user`
			`req := NewRequest(t, "GET", "/privated_org")`
			`MakeRequest(t, req, http.StatusNotFound)`
			`req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")`
			`MakeRequest(t, req, http.StatusNotFound)`
			`req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")`
			`MakeRequest(t, req, http.StatusNotFound)`

			`// login non-org member user`
			`session := loginUser(t, "user2")`
			`req = NewRequest(t, "GET", "/privated_org")`
			`session.MakeRequest(t, req, http.StatusNotFound)`
			`req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")`
			`session.MakeRequest(t, req, http.StatusNotFound)`
			`req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")`
			`session.MakeRequest(t, req, http.StatusNotFound)`

Allow collaborators to view repo owned private org (#6965) Handle case where an orginization is private but a user who is not a member of the orgninization has been added as a collaborator of a repo within that org Fixes #6962 2019-05-16 11:48:40 -04:00			`// non-org member who is collaborator on repo in private org`
			`session = loginUser(t, "user4")`
			`req = NewRequest(t, "GET", "/privated_org")`
			`session.MakeRequest(t, req, http.StatusNotFound)`
			`req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo`
			`session.MakeRequest(t, req, http.StatusOK)`
			`req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")`
			`session.MakeRequest(t, req, http.StatusNotFound)`

Fix org visibility bug when git cloning (#6743) * fix org visibility bug * fix permission check * add integration tests * fix tests * change test user name for easier maintainance and fix test * fix test git repo name 2019-04-25 14:59:10 -04:00			`// site admin`
			`session = loginUser(t, "user1")`
			`req = NewRequest(t, "GET", "/privated_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")`
			`session.MakeRequest(t, req, http.StatusOK)`
			`}`
Ensure that restricted users can access repos for which they are members (#17460) There is a small bug in the way that repo access is checked in repoAssignment: Accessibility is checked by checking if the user has a marked access to the repository instead of checking if the user has any team granted access. This PR changes this permissions check to use HasAccess() which does the correct test. There is also a fix in the release api ListReleases where it should return draft releases if the user is a member of a team with write access to the releases. The PR also adds a testcase. Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-10-27 22:54:40 -04:00
			`func TestOrgRestrictedUser(t *testing.T) {`
			`defer prepareTestEnv(t)()`

			`// privated_org is a private org who has id 23`
			`orgName := "privated_org"`

			`// public_repo_on_private_org is a public repo on privated_org`
			`repoName := "public_repo_on_private_org"`

			`// user29 is a restricted user who is not a member of the organization`
			`restrictedUser := "user29"`

			`// #17003 reports a bug whereby adding a restricted user to a read-only team doesn't work`

			`// assert restrictedUser cannot see the org or the public repo`
			`restrictedSession := loginUser(t, restrictedUser)`
			`req := NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))`
			`restrictedSession.MakeRequest(t, req, http.StatusNotFound)`

			`req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))`
			`restrictedSession.MakeRequest(t, req, http.StatusNotFound)`

			`// Therefore create a read-only team`
			`adminSession := loginUser(t, "user1")`
			`token := getTokenForLoggedInUser(t, adminSession)`

			`teamToCreate := &api.CreateTeamOption{`
			`Name: "codereader",`
			`Description: "Code Reader",`
			`IncludesAllRepositories: true,`
			`Permission: "read",`
			`Units: []string{"repo.code"},`
			`}`

			`req = NewRequestWithJSON(t, "POST",`
			`fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, token), teamToCreate)`

			`var apiTeam api.Team`

			`resp := adminSession.MakeRequest(t, req, http.StatusCreated)`
			`DecodeJSON(t, resp, &apiTeam)`
			`checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,`
Team permission allow different unit has different permission (#17811) * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * fix * gofumpt * Integration test for migration (#18124) integrations: basic test for Gitea {dump,restore}-repo This is a first step for integration testing of DumpRepository and RestoreRepository. It: runs a Gitea server, dumps a repo via DumpRepository to the filesystem, restores the repo via RestoreRepository from the filesystem, dumps the restored repository to the filesystem, compares the first and second dump and expects them to be identical The verification is trivial and the goal is to add more tests for each topic of the dump. Signed-off-by: Loïc Dachary <loic@dachary.org> * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * Fix bug Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net> 2022-01-04 22:37:00 -05:00			`teamToCreate.Permission, teamToCreate.Units, nil)`
Ensure that restricted users can access repos for which they are members (#17460) There is a small bug in the way that repo access is checked in repoAssignment: Accessibility is checked by checking if the user has a marked access to the repository instead of checking if the user has any team granted access. This PR changes this permissions check to use HasAccess() which does the correct test. There is also a fix in the release api ListReleases where it should return draft releases if the user is a member of a team with write access to the releases. The PR also adds a testcase. Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-10-27 22:54:40 -04:00			`checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IncludesAllRepositories,`
Team permission allow different unit has different permission (#17811) * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * fix * gofumpt * Integration test for migration (#18124) integrations: basic test for Gitea {dump,restore}-repo This is a first step for integration testing of DumpRepository and RestoreRepository. It: runs a Gitea server, dumps a repo via DumpRepository to the filesystem, restores the repo via RestoreRepository from the filesystem, dumps the restored repository to the filesystem, compares the first and second dump and expects them to be identical The verification is trivial and the goal is to add more tests for each topic of the dump. Signed-off-by: Loïc Dachary <loic@dachary.org> * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * Fix bug Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net> 2022-01-04 22:37:00 -05:00			`teamToCreate.Permission, teamToCreate.Units, nil)`
			`// teamID := apiTeam.ID`
Ensure that restricted users can access repos for which they are members (#17460) There is a small bug in the way that repo access is checked in repoAssignment: Accessibility is checked by checking if the user has a marked access to the repository instead of checking if the user has any team granted access. This PR changes this permissions check to use HasAccess() which does the correct test. There is also a fix in the release api ListReleases where it should return draft releases if the user is a member of a team with write access to the releases. The PR also adds a testcase. Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-10-27 22:54:40 -04:00
			`// Now we need to add the restricted user to the team`
			`req = NewRequest(t, "PUT",`
			`fmt.Sprintf("/api/v1/teams/%d/members/%s?token=%s", apiTeam.ID, restrictedUser, token))`
			`_ = adminSession.MakeRequest(t, req, http.StatusNoContent)`

			`// Now we need to check if the restrictedUser can access the repo`
			`req = NewRequest(t, "GET", fmt.Sprintf("/%s", orgName))`
			`restrictedSession.MakeRequest(t, req, http.StatusOK)`

			`req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s", orgName, repoName))`
			`restrictedSession.MakeRequest(t, req, http.StatusOK)`
			`}`
Never use /api/v1 from Gitea UI Pages (#19318) Reusing `/api/v1` from Gitea UI Pages have pros and cons. Pros: 1) Less code copy Cons: 1) API/v1 have to support shared session with page requests. 2) You need to consider for each other when you want to change something about api/v1 or page. This PR moves all dependencies to API/v1 from UI Pages. Partially replace #16052 2022-04-07 14:59:56 -04:00
			`func TestTeamSearch(t *testing.T) {`
			`defer prepareTestEnv(t)()`

			`user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)`
			`org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)`

			`var results TeamSearchResults`

			`session := loginUser(t, user.Name)`
			`csrf := GetCSRF(t, session, "/"+org.Name)`
			`req := NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "_team")`
			`req.Header.Add("X-Csrf-Token", csrf)`
			`resp := session.MakeRequest(t, req, http.StatusOK)`
			`DecodeJSON(t, resp, &results)`
			`assert.NotEmpty(t, results.Data)`
			`assert.Len(t, results.Data, 1)`
			`assert.Equal(t, "test_team", results.Data[0].Name)`

			`// no access if not organization member`
			`user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)`
			`session = loginUser(t, user5.Name)`
			`csrf = GetCSRF(t, session, "/"+org.Name)`
			`req = NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "team")`
			`req.Header.Add("X-Csrf-Token", csrf)`
			`session.MakeRequest(t, req, http.StatusNotFound)`
			`}`