tdsds.com/gitea
tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-02-24 22:04:18 +00:00
Code Releases Activity

Fix some user name usages (#33689)

Browse Source 
1. GetUserOrgsList should "order by" lower_name
2. GetIssuePostersWithSearch should search in-case-sensitive-ly
3. LoginName should not be used as username

By the way, remove unnecessary "onGiteaRun"
This commit is contained in:
wxiaoguang 2025-02-23 20:33:43 +08:00 committed by GitHub
parent f991807f7e
commit 8ae46d9684
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 131 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
models/organization/org_list.go
View File

@ -124,6 +124,7 @@ func GetUserOrgsList(ctx context.Context, user *user_model.User) ([]*MinimalOrg,
if err := db.GetEngine(ctx).Select(columnsStr). if err := db.GetEngine(ctx).Select(columnsStr).
Table("user"). Table("user").
Where(builder.In("`user`.`id`", queryUserOrgIDs(user.ID, true))). Where(builder.In("`user`.`id`", queryUserOrgIDs(user.ID, true))).
OrderBy("`user`.lower_name ASC").
Find(&orgs); err != nil { Find(&orgs); err != nil {
return nil, err return nil, err
} }

5
models/repo/user_repo.go
View File

@ -5,6 +5,7 @@ package repo
import ( import (
"context" "context"
"strings"
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
@ -149,9 +150,9 @@ func GetRepoAssignees(ctx context.Context, repo *Repository) (_ []*user_model.Us
// If isShowFullName is set to true, also include full name prefix search // If isShowFullName is set to true, also include full name prefix search
func GetIssuePostersWithSearch(ctx context.Context, repo *Repository, isPull bool, search string, isShowFullName bool) ([]*user_model.User, error) { func GetIssuePostersWithSearch(ctx context.Context, repo *Repository, isPull bool, search string, isShowFullName bool) ([]*user_model.User, error) {
users := make([]*user_model.User, 0, 30) users := make([]*user_model.User, 0, 30)
var prefixCond builder.Cond = builder.Like{"name", search + "%"} var prefixCond builder.Cond = builder.Like{"lower_name", strings.ToLower(search) + "%"}
if isShowFullName { if isShowFullName {
prefixCond = prefixCond.Or(builder.Like{"full_name", "%" + search + "%"}) prefixCond = prefixCond.Or(db.BuildCaseInsensitiveLike("full_name", "%"+search+"%"))
} }
cond := builder.In("`user`.id", cond := builder.In("`user`.id",

17
models/repo/user_repo_test.go
View File

@ -12,6 +12,7 @@ import (
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestRepoAssignees(t *testing.T) { func TestRepoAssignees(t *testing.T) {
@ -38,3 +39,19 @@ func TestRepoAssignees(t *testing.T) {
assert.NotContains(t, []int64{users[0].ID, users[1].ID, users[2].ID}, 15) assert.NotContains(t, []int64{users[0].ID, users[1].ID, users[2].ID}, 15)
} }
} }
func TestGetIssuePostersWithSearch(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
users, err := repo_model.GetIssuePostersWithSearch(db.DefaultContext, repo2, false, "USER", false /* full name */)
require.NoError(t, err)
require.Len(t, users, 1)
assert.Equal(t, "user2", users[0].Name)
users, err = repo_model.GetIssuePostersWithSearch(db.DefaultContext, repo2, false, "TW%O", true /* full name */)
require.NoError(t, err)
require.Len(t, users, 1)
assert.Equal(t, "user2", users[0].Name)
}

6
routers/api/v1/repo/collaborators.go
View File

@ -7,6 +7,7 @@ package repo
import ( import (
"errors" "errors"
"net/http" "net/http"
"strings"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access" access_model "code.gitea.io/gitea/models/perm/access"
@ -274,12 +275,13 @@ func GetRepoPermissions(ctx *context.APIContext) {
// "403": // "403":
// "$ref": "#/responses/forbidden" // "$ref": "#/responses/forbidden"
if !ctx.Doer.IsAdmin && ctx.Doer.LoginName != ctx.PathParam("collaborator") && !ctx.IsUserRepoAdmin() { collaboratorUsername := ctx.PathParam("collaborator")
if !ctx.Doer.IsAdmin && ctx.Doer.LowerName != strings.ToLower(collaboratorUsername) && !ctx.IsUserRepoAdmin() {
ctx.APIError(http.StatusForbidden, "Only admins can query all permissions, repo admins can query all repo permissions, collaborators can query only their own") ctx.APIError(http.StatusForbidden, "Only admins can query all permissions, repo admins can query all repo permissions, collaborators can query only their own")
return return
} }
collaborator, err := user_model.GetUserByName(ctx, ctx.PathParam("collaborator")) collaborator, err := user_model.GetUserByName(ctx, collaboratorUsername)
if err != nil { if err != nil {
if user_model.IsErrUserNotExist(err) { if user_model.IsErrUserNotExist(err) {
ctx.APIError(http.StatusNotFound, err) ctx.APIError(http.StatusNotFound, err)

18
tests/integration/api_repo_collaborator_test.go
View File

@ -5,7 +5,6 @@ package integration
import ( import (
"net/http" "net/http"
"net/url"
"testing" "testing"
auth_model "code.gitea.io/gitea/models/auth" auth_model "code.gitea.io/gitea/models/auth"
@ -14,12 +13,13 @@ import (
"code.gitea.io/gitea/models/unittest" "code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
func TestAPIRepoCollaboratorPermission(t *testing.T) { func TestAPIRepoCollaboratorPermission(t *testing.T) {
onGiteaRun(t, func(t *testing.T, u *url.URL) { defer tests.PrepareTestEnv(t)()
repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}) repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
repo2Owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo2.OwnerID}) repo2Owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo2.OwnerID})
@ -107,6 +107,19 @@ func TestAPIRepoCollaboratorPermission(t *testing.T) {
DecodeJSON(t, resp, &repoPermission) DecodeJSON(t, resp, &repoPermission)
assert.Equal(t, "read", repoPermission.Permission) assert.Equal(t, "read", repoPermission.Permission)
t.Run("CollaboratorCanReadOwnPermission", func(t *testing.T) {
session := loginUser(t, user5.Name)
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission", repo2Owner.Name, repo2.Name, user5.Name).AddTokenAuth(token)
resp = MakeRequest(t, req, http.StatusOK)
repoCollPerm := api.RepoCollaboratorPermission{}
DecodeJSON(t, resp, &repoCollPerm)
assert.Equal(t, "read", repoCollPerm.Permission)
})
}) })
t.Run("CollaboratorCanQueryItsPermissions", func(t *testing.T) { t.Run("CollaboratorCanQueryItsPermissions", func(t *testing.T) {
@ -141,5 +154,4 @@ func TestAPIRepoCollaboratorPermission(t *testing.T) {
assert.Equal(t, "read", repoPermission.Permission) assert.Equal(t, "read", repoPermission.Permission)
}) })
})
} }