Fix bug when a token is given public only (#32204) (#32218)

Backport #32204
2025-10-26 08:58:24 +00:00 · 2024-10-09 10:16:37 +08:00
parent 4815c4aeae
commit 56051d9b3b
11 changed files with 178 additions and 57 deletions
--- a/tests/integration/api_user_search_test.go
+++ b/tests/integration/api_user_search_test.go
@@ -38,6 +38,19 @@ func TestAPIUserSearchLoggedIn(t *testing.T) {
 		assert.Contains(t, user.UserName, query)
 		assert.NotEmpty(t, user.Email)
 	}
+
+	publicToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopePublicOnly)
+	req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).
+		AddTokenAuth(publicToken)
+	resp = MakeRequest(t, req, http.StatusOK)
+	results = SearchResults{}
+	DecodeJSON(t, resp, &results)
+	assert.NotEmpty(t, results.Data)
+	for _, user := range results.Data {
+		assert.Contains(t, user.UserName, query)
+		assert.NotEmpty(t, user.Email)
+		assert.True(t, user.Visibility == "public")
+	}
 }

 func TestAPIUserSearchNotLoggedIn(t *testing.T) {