mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Move access and repo permission to models/perm/access (#19350)
* Move access and repo permission to models/perm/access * Remove unnecessary code
This commit is contained in:
Lunny Xiao
GitHub
@@ -10,6 +10,7 @@ import (
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/organization"
|
||||
perm_model "code.gitea.io/gitea/models/perm"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
@@ -27,7 +28,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
|
||||
|
||||
// plain user
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
|
||||
perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -36,7 +37,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
|
||||
|
||||
// change to collaborator
|
||||
assert.NoError(t, AddCollaborator(repo, user))
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -45,7 +46,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
|
||||
|
||||
// collaborator
|
||||
collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, collaborator)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -54,7 +55,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
|
||||
|
||||
// owner
|
||||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -63,7 +64,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
|
||||
|
||||
// admin
|
||||
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -80,7 +81,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
|
||||
|
||||
// plain user
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
|
||||
perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.False(t, perm.CanRead(unit.Type))
|
||||
@@ -89,15 +90,15 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
|
||||
|
||||
// change to collaborator to default write access
|
||||
assert.NoError(t, AddCollaborator(repo, user))
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
assert.True(t, perm.CanWrite(unit.Type))
|
||||
}
|
||||
|
||||
assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -106,7 +107,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
|
||||
|
||||
// owner
|
||||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -115,7 +116,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
|
||||
|
||||
// admin
|
||||
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -132,7 +133,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {
|
||||
|
||||
// plain user
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
|
||||
perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -141,15 +142,15 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {
|
||||
|
||||
// change to collaborator to default write access
|
||||
assert.NoError(t, AddCollaborator(repo, user))
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
assert.True(t, perm.CanWrite(unit.Type))
|
||||
}
|
||||
|
||||
assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -158,7 +159,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {
|
||||
|
||||
// org member team owner
|
||||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -167,7 +168,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {
|
||||
|
||||
// org member team tester
|
||||
member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, member)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -177,7 +178,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {
|
||||
|
||||
// admin
|
||||
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -194,7 +195,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
|
||||
// plain user
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
|
||||
perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.False(t, perm.CanRead(unit.Type))
|
||||
@@ -203,15 +204,15 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
|
||||
// change to collaborator to default write access
|
||||
assert.NoError(t, AddCollaborator(repo, user))
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
assert.True(t, perm.CanWrite(unit.Type))
|
||||
}
|
||||
|
||||
assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -220,7 +221,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
|
||||
// org member team owner
|
||||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -231,7 +232,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)
|
||||
err = organization.UpdateTeamUnits(team, nil)
|
||||
assert.NoError(t, err)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
@@ -240,7 +241,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
|
||||
// org member team tester
|
||||
tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, tester)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, perm.CanWrite(unit.TypeIssues))
|
||||
assert.False(t, perm.CanWrite(unit.TypeCode))
|
||||
@@ -248,7 +249,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
|
||||
// org member team reviewer
|
||||
reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, reviewer)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer)
|
||||
assert.NoError(t, err)
|
||||
assert.False(t, perm.CanRead(unit.TypeIssues))
|
||||
assert.False(t, perm.CanWrite(unit.TypeCode))
|
||||
@@ -256,7 +257,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
|
||||
// admin
|
||||
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
|
||||
perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
assert.True(t, perm.CanRead(unit.Type))
|
||||
|
||||
Reference in New Issue
Block a user