diff options
author | Richard Mahn | 2019-05-09 01:37:49 -0400 |
---|---|---|
committer | Lunny Xiao | 2019-05-09 13:37:49 +0800 |
commit | c8fc7fce4a374f59edbd690ad88292c291c0cb4d (patch) | |
tree | f7df79a198e4372589d9ea8d21bc5272b1c64b47 | |
parent | 57b226e2849e6a910b84ccc7a00d234937231550 (diff) |
Fixes #6881 - API users search fix (#6882) (#6885)
-rw-r--r-- | integrations/api_admin_test.go | 15 | ||||
-rw-r--r-- | integrations/api_user_search_test.go | 52 | ||||
-rw-r--r-- | routers/api/v1/admin/user.go | 2 | ||||
-rw-r--r-- | routers/api/v1/user/user.go | 2 |
4 files changed, 69 insertions, 2 deletions
diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go index a7bbde4c5..41add4545 100644 --- a/integrations/api_admin_test.go +++ b/integrations/api_admin_test.go @@ -129,3 +129,18 @@ func TestAPIListUsers(t *testing.T) { numberOfUsers := models.GetCount(t, &models.User{}, "type = 0") assert.Equal(t, numberOfUsers, len(users)) } + +func TestAPIListUsersNotLoggedIn(t *testing.T) { + prepareTestEnv(t) + req := NewRequest(t, "GET", "/api/v1/admin/users") + MakeRequest(t, req, http.StatusUnauthorized) +} + +func TestAPIListUsersNonAdmin(t *testing.T) { + prepareTestEnv(t) + nonAdminUsername := "user2" + session := loginUser(t, nonAdminUsername) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token) + session.MakeRequest(t, req, http.StatusForbidden) +} diff --git a/integrations/api_user_search_test.go b/integrations/api_user_search_test.go new file mode 100644 index 000000000..8e7c429e7 --- /dev/null +++ b/integrations/api_user_search_test.go @@ -0,0 +1,52 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file.package models + +package integrations + +import ( + "net/http" + "testing" + + api "code.gitea.io/sdk/gitea" + + "github.com/stretchr/testify/assert" +) + +type SearchResults struct { + OK bool `json:"ok"` + Data []*api.User `json:"data"` +} + +func TestAPIUserSearchLoggedIn(t *testing.T) { + prepareTestEnv(t) + adminUsername := "user1" + session := loginUser(t, adminUsername) + token := getTokenForLoggedInUser(t, session) + query := "user2" + req := NewRequestf(t, "GET", "/api/v1/users/search?token=%s&q=%s", token, query) + resp := session.MakeRequest(t, req, http.StatusOK) + + var results SearchResults + DecodeJSON(t, resp, &results) + assert.NotEmpty(t, results.Data) + for _, user := range results.Data { + assert.Contains(t, user.UserName, query) + assert.NotEmpty(t, user.Email) + } +} + +func TestAPIUserSearchNotLoggedIn(t *testing.T) { + prepareTestEnv(t) + query := "user2" + req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query) + resp := MakeRequest(t, req, http.StatusOK) + + var results SearchResults + DecodeJSON(t, resp, &results) + assert.NotEmpty(t, results.Data) + for _, user := range results.Data { + assert.Contains(t, user.UserName, query) + assert.Empty(t, user.Email) + } +} diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 4c1bbf1c0..57c637eb5 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -326,7 +326,7 @@ func GetAllUsers(ctx *context.APIContext) { results := make([]*api.User, len(users)) for i := range users { - results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User.IsAdmin) + results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin) } ctx.JSON(200, &results) diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go index aeb2b60f6..f5e8f2695 100644 --- a/routers/api/v1/user/user.go +++ b/routers/api/v1/user/user.go @@ -67,7 +67,7 @@ func Search(ctx *context.APIContext) { results := make([]*api.User, len(users)) for i := range users { - results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User.IsAdmin) + results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin) } ctx.JSON(200, map[string]interface{}{ |