mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Fix bug when a token is given public only (#32204)
This commit is contained in:
		| @@ -28,9 +28,13 @@ func TestAPIRepoBranchesPlain(t *testing.T) { | ||||
| 		repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}) | ||||
| 		user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) | ||||
| 		session := loginUser(t, user1.LowerName) | ||||
| 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) | ||||
|  | ||||
| 		// public only token should be forbidden | ||||
| 		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteRepository) | ||||
| 		link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo3.Name)) // a plain repo | ||||
| 		MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) | ||||
|  | ||||
| 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) | ||||
| 		resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) | ||||
| 		bs, err := io.ReadAll(resp.Body) | ||||
| 		assert.NoError(t, err) | ||||
| @@ -42,6 +46,8 @@ func TestAPIRepoBranchesPlain(t *testing.T) { | ||||
| 		assert.EqualValues(t, "master", branches[1].Name) | ||||
|  | ||||
| 		link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo3.Name)) | ||||
| 		MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) | ||||
|  | ||||
| 		resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK) | ||||
| 		bs, err = io.ReadAll(resp.Body) | ||||
| 		assert.NoError(t, err) | ||||
| @@ -49,6 +55,8 @@ func TestAPIRepoBranchesPlain(t *testing.T) { | ||||
| 		assert.NoError(t, json.Unmarshal(bs, &branch)) | ||||
| 		assert.EqualValues(t, "test_branch", branch.Name) | ||||
|  | ||||
| 		MakeRequest(t, NewRequest(t, "POST", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) | ||||
|  | ||||
| 		req := NewRequest(t, "POST", link.String()).AddTokenAuth(token) | ||||
| 		req.Header.Add("Content-Type", "application/json") | ||||
| 		req.Body = io.NopCloser(bytes.NewBufferString(`{"new_branch_name":"test_branch2", "old_branch_name": "test_branch", "old_ref_name":"refs/heads/test_branch"}`)) | ||||
| @@ -73,6 +81,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) { | ||||
|  | ||||
| 		link3, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch2", repo3.Name)) | ||||
| 		MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNotFound) | ||||
| 		MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) | ||||
|  | ||||
| 		MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(token), http.StatusNoContent) | ||||
| 		assert.NoError(t, err) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user