mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-10 18:41:17 +00:00
fix: correct permission loading for limited organisation
- If a organisation is set to be limited visible, then it will still be visible for signed-in users. However `UnitPermission` didn't take this into account, it does now. - Add unit test. - Resolves #6141
This commit is contained in:
parent
790f3c4861
commit
bc9f1e2533
2 changed files with 35 additions and 1 deletions
|
@ -264,7 +264,7 @@ func (org *Organization) UnitPermission(ctx context.Context, doer *user_model.Us
|
|||
}
|
||||
}
|
||||
|
||||
if org.Visibility.IsPublic() {
|
||||
if org.Visibility.IsPublic() || (org.Visibility.IsLimited() && doer != nil) {
|
||||
return perm.AccessModeRead
|
||||
}
|
||||
|
||||
|
|
|
@ -9,7 +9,9 @@ import (
|
|||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/organization"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/structs"
|
||||
|
@ -482,3 +484,35 @@ func TestCreateOrganization4(t *testing.T) {
|
|||
assert.True(t, db.IsErrNameReserved(err))
|
||||
unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
|
||||
}
|
||||
|
||||
func TestUnitPermission(t *testing.T) {
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
publicOrg := &organization.Organization{ID: 1001, Visibility: structs.VisibleTypePublic}
|
||||
limitedOrg := &organization.Organization{ID: 1001, Visibility: structs.VisibleTypeLimited}
|
||||
privateOrg := &organization.Organization{ID: 1001, Visibility: structs.VisibleTypePrivate}
|
||||
user := &user_model.User{ID: 1001}
|
||||
t.Run("Anonymous", func(t *testing.T) {
|
||||
t.Run("Public", func(t *testing.T) {
|
||||
assert.EqualValues(t, perm.AccessModeRead, publicOrg.UnitPermission(db.DefaultContext, nil, unit.TypeCode))
|
||||
})
|
||||
t.Run("Limited", func(t *testing.T) {
|
||||
assert.EqualValues(t, perm.AccessModeNone, limitedOrg.UnitPermission(db.DefaultContext, nil, unit.TypeCode))
|
||||
})
|
||||
t.Run("Private", func(t *testing.T) {
|
||||
assert.EqualValues(t, perm.AccessModeNone, privateOrg.UnitPermission(db.DefaultContext, nil, unit.TypeCode))
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("Logged in", func(t *testing.T) {
|
||||
t.Run("Public", func(t *testing.T) {
|
||||
assert.EqualValues(t, perm.AccessModeRead, publicOrg.UnitPermission(db.DefaultContext, user, unit.TypeCode))
|
||||
})
|
||||
t.Run("Limited", func(t *testing.T) {
|
||||
assert.EqualValues(t, perm.AccessModeRead, limitedOrg.UnitPermission(db.DefaultContext, user, unit.TypeCode))
|
||||
})
|
||||
t.Run("Private", func(t *testing.T) {
|
||||
assert.EqualValues(t, perm.AccessModeNone, privateOrg.UnitPermission(db.DefaultContext, user, unit.TypeCode))
|
||||
})
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue