Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-25 13:35:30 +02:00
Code Issues Activity

fix(perm): fix RecalculateUserAccess to not insert empty access records

Browse Source 
Add test for RecalculateUserAccess to verify no access record is created
for users without collaboration/team membership, and collaborator gets correct
access mode.

Co-Authored-By: Ross Golder <ross@golder.org>
This commit is contained in:
Ross Golder 2026-05-17 13:23:57 +07:00
parent 4c2ceb1d46
commit 8f7c155a98
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
models/perm/access/access.go
View File

@ -267,7 +267,7 @@ func RecalculateUserAccess(ctx context.Context, repo *repo_model.Repository, uid
// Delete old user accesses and insert new one for repository.
if _, err = e.Delete(&Access{RepoID: repo.ID, UserID: uid}); err != nil {
return fmt.Errorf("delete old user accesses: %w", err)
} else if accessMode >= minMode {
} else if accessMode > minMode {
if err = db.Insert(ctx, &Access{RepoID: repo.ID, UserID: uid, Mode: accessMode}); err != nil {
return fmt.Errorf("insert new user accesses: %w", err)
}

33
models/perm/access/access_test.go
View File

@ -26,6 +26,7 @@ func TestAccess(t *testing.T) {
t.Run("RecalculateAccesses2", testRecalculateAccesses2)
t.Run("RecalculateAccessesUpdateMode", testRecalculateAccessesUpdateMode)
t.Run("RecalculateAccessesRemoveAccess", testRecalculateAccessesRemoveAccess)
t.Run("RecalculateUserAccess", testRecalculateUserAccess)
}
func testAccessLevel(t *testing.T) {
@ -201,3 +202,35 @@ func testRecalculateAccessesRemoveAccess(t *testing.T) {
assert.NoError(t, err)
assert.False(t, has, "Access should be deleted after removing collaboration")
}
func testRecalculateUserAccess(t *testing.T) {
t.Run("NoAccessForUserWithoutCollaboration", func(t *testing.T) {
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
assert.NoError(t, repo.LoadOwner(t.Context()))
userID := int64(8)
_, _ = db.GetEngine(t.Context()).Where("user_id = ? AND repo_id = ?", userID, repo.ID).Delete(&access_model.Access{})
assert.NoError(t, access_model.RecalculateUserAccess(t.Context(), repo, userID))
access := &access_model.Access{UserID: userID, RepoID: repo.ID}
has, err := db.GetEngine(t.Context()).Get(access)
assert.NoError(t, err)
assert.False(t, has, "User without collaboration/team membership should have no access record")
})
t.Run("CollaboratorGetsAccess", func(t *testing.T) {
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
assert.NoError(t, repo.LoadOwner(t.Context()))
userID := int64(4)
_ = db.Insert(t.Context(), &repo_model.Collaboration{UserID: userID, RepoID: repo.ID, Mode: perm_model.AccessModeWrite})
assert.NoError(t, access_model.RecalculateUserAccess(t.Context(), repo, userID))
access := &access_model.Access{UserID: userID, RepoID: repo.ID}
has, err := db.GetEngine(t.Context()).Get(access)
assert.NoError(t, err)
assert.True(t, has)
assert.Equal(t, perm_model.AccessModeWrite, access.Mode)
})
}