aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Mahn2019-05-09 01:37:49 -0400
committerLunny Xiao2019-05-09 13:37:49 +0800
commitc8fc7fce4a374f59edbd690ad88292c291c0cb4d (patch)
treef7df79a198e4372589d9ea8d21bc5272b1c64b47
parent57b226e2849e6a910b84ccc7a00d234937231550 (diff)
Fixes #6881 - API users search fix (#6882) (#6885)
-rw-r--r--integrations/api_admin_test.go15
-rw-r--r--integrations/api_user_search_test.go52
-rw-r--r--routers/api/v1/admin/user.go2
-rw-r--r--routers/api/v1/user/user.go2
4 files changed, 69 insertions, 2 deletions
diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go
index a7bbde4c5..41add4545 100644
--- a/integrations/api_admin_test.go
+++ b/integrations/api_admin_test.go
@@ -129,3 +129,18 @@ func TestAPIListUsers(t *testing.T) {
numberOfUsers := models.GetCount(t, &models.User{}, "type = 0")
assert.Equal(t, numberOfUsers, len(users))
}
+
+func TestAPIListUsersNotLoggedIn(t *testing.T) {
+ prepareTestEnv(t)
+ req := NewRequest(t, "GET", "/api/v1/admin/users")
+ MakeRequest(t, req, http.StatusUnauthorized)
+}
+
+func TestAPIListUsersNonAdmin(t *testing.T) {
+ prepareTestEnv(t)
+ nonAdminUsername := "user2"
+ session := loginUser(t, nonAdminUsername)
+ token := getTokenForLoggedInUser(t, session)
+ req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token)
+ session.MakeRequest(t, req, http.StatusForbidden)
+}
diff --git a/integrations/api_user_search_test.go b/integrations/api_user_search_test.go
new file mode 100644
index 000000000..8e7c429e7
--- /dev/null
+++ b/integrations/api_user_search_test.go
@@ -0,0 +1,52 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.package models
+
+package integrations
+
+import (
+ "net/http"
+ "testing"
+
+ api "code.gitea.io/sdk/gitea"
+
+ "github.com/stretchr/testify/assert"
+)
+
+type SearchResults struct {
+ OK bool `json:"ok"`
+ Data []*api.User `json:"data"`
+}
+
+func TestAPIUserSearchLoggedIn(t *testing.T) {
+ prepareTestEnv(t)
+ adminUsername := "user1"
+ session := loginUser(t, adminUsername)
+ token := getTokenForLoggedInUser(t, session)
+ query := "user2"
+ req := NewRequestf(t, "GET", "/api/v1/users/search?token=%s&q=%s", token, query)
+ resp := session.MakeRequest(t, req, http.StatusOK)
+
+ var results SearchResults
+ DecodeJSON(t, resp, &results)
+ assert.NotEmpty(t, results.Data)
+ for _, user := range results.Data {
+ assert.Contains(t, user.UserName, query)
+ assert.NotEmpty(t, user.Email)
+ }
+}
+
+func TestAPIUserSearchNotLoggedIn(t *testing.T) {
+ prepareTestEnv(t)
+ query := "user2"
+ req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)
+ resp := MakeRequest(t, req, http.StatusOK)
+
+ var results SearchResults
+ DecodeJSON(t, resp, &results)
+ assert.NotEmpty(t, results.Data)
+ for _, user := range results.Data {
+ assert.Contains(t, user.UserName, query)
+ assert.Empty(t, user.Email)
+ }
+}
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 4c1bbf1c0..57c637eb5 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -326,7 +326,7 @@ func GetAllUsers(ctx *context.APIContext) {
results := make([]*api.User, len(users))
for i := range users {
- results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User.IsAdmin)
+ results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin)
}
ctx.JSON(200, &results)
diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go
index aeb2b60f6..f5e8f2695 100644
--- a/routers/api/v1/user/user.go
+++ b/routers/api/v1/user/user.go
@@ -67,7 +67,7 @@ func Search(ctx *context.APIContext) {
results := make([]*api.User, len(users))
for i := range users {
- results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User.IsAdmin)
+ results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin)
}
ctx.JSON(200, map[string]interface{}{