mirror of
https://github.com/go-gitea/gitea.git
synced 2025-10-24 16:30:06 +02:00
Fix #31707. Also related to #31715. Some Actions resources could has different types of ownership. It could be: - global: all repos and orgs/users can use it. - org/user level: only the org/user can use it. - repo level: only the repo can use it. There are two ways to distinguish org/user level from repo level: 1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1, repo_id: 0}` for org level. 2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1, repo_id: 0}` for org level. The first way seems more reasonable, but it may not be true. The point is that although a resource, like a runner, belongs to a repo (it can be used by the repo), the runner doesn't belong to the repo's org (other repos in the same org cannot use the runner). So, the second method makes more sense. And the first way is not user-friendly to query, we must set the repo id to zero to avoid wrong results. So, #31715 should be right. And the most simple way to fix #31707 is just: ```diff - shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID) + shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID) ``` However, it is quite intuitive to set both owner id and repo id since the repo belongs to the owner. So I prefer to be compatible with it. If we get both owner id and repo id not zero when creating or finding, it's very clear that the caller want one with repo level, but set owner id accidentally. So it's OK to accept it but fix the owner id to zero.
145 lines
3.5 KiB
Go
145 lines
3.5 KiB
Go
// Copyright 2024 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
|
api "code.gitea.io/gitea/modules/structs"
|
|
"code.gitea.io/gitea/tests"
|
|
)
|
|
|
|
func TestAPIUserVariables(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
session := loginUser(t, "user1")
|
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
|
|
|
|
t.Run("CreateUserVariable", func(t *testing.T) {
|
|
cases := []struct {
|
|
Name string
|
|
ExpectedStatus int
|
|
}{
|
|
{
|
|
Name: "-",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: "_",
|
|
ExpectedStatus: http.StatusNoContent,
|
|
},
|
|
{
|
|
Name: "TEST_VAR",
|
|
ExpectedStatus: http.StatusNoContent,
|
|
},
|
|
{
|
|
Name: "test_var",
|
|
ExpectedStatus: http.StatusConflict,
|
|
},
|
|
{
|
|
Name: "ci",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: "123var",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: "var@test",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: "github_var",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: "gitea_var",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
}
|
|
|
|
for _, c := range cases {
|
|
req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name), api.CreateVariableOption{
|
|
Value: "value",
|
|
}).AddTokenAuth(token)
|
|
MakeRequest(t, req, c.ExpectedStatus)
|
|
}
|
|
})
|
|
|
|
t.Run("UpdateUserVariable", func(t *testing.T) {
|
|
variableName := "test_update_var"
|
|
url := fmt.Sprintf("/api/v1/user/actions/variables/%s", variableName)
|
|
req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{
|
|
Value: "initial_val",
|
|
}).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
cases := []struct {
|
|
Name string
|
|
UpdateName string
|
|
ExpectedStatus int
|
|
}{
|
|
{
|
|
Name: "not_found_var",
|
|
ExpectedStatus: http.StatusNotFound,
|
|
},
|
|
{
|
|
Name: variableName,
|
|
UpdateName: "1invalid",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: variableName,
|
|
UpdateName: "invalid@name",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: variableName,
|
|
UpdateName: "ci",
|
|
ExpectedStatus: http.StatusBadRequest,
|
|
},
|
|
{
|
|
Name: variableName,
|
|
UpdateName: "updated_var_name",
|
|
ExpectedStatus: http.StatusNoContent,
|
|
},
|
|
{
|
|
Name: variableName,
|
|
ExpectedStatus: http.StatusNotFound,
|
|
},
|
|
{
|
|
Name: "updated_var_name",
|
|
ExpectedStatus: http.StatusNoContent,
|
|
},
|
|
}
|
|
|
|
for _, c := range cases {
|
|
req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name), api.UpdateVariableOption{
|
|
Name: c.UpdateName,
|
|
Value: "updated_val",
|
|
}).AddTokenAuth(token)
|
|
MakeRequest(t, req, c.ExpectedStatus)
|
|
}
|
|
})
|
|
|
|
t.Run("DeleteRepoVariable", func(t *testing.T) {
|
|
variableName := "test_delete_var"
|
|
url := fmt.Sprintf("/api/v1/user/actions/variables/%s", variableName)
|
|
|
|
req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{
|
|
Value: "initial_val",
|
|
}).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
}
|