gapodo/forgejo
gapodo/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add scope to teams APIs

Browse source
This commit is contained in:
harryzcy 2022-11-01 23:33:48 -04:00
parent b6f6ad4cf0
commit 2451accb56
No known key found for this signature in database
GPG key ID: CC2953E050C19686
3 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
routers/api/v1/api.go
View file

@ -1148,24 +1148,24 @@ func Routes(ctx gocontext.Context) *web.Route {
}, reqToken(auth_model.AccessTokenScopeAdminOrgHook), reqOrgOwnership(), reqWebhooksEnabled())
}, orgAssignment(true))
m.Group("/teams/{teamid}", func() {
m.Combo("").Get(org.GetTeam).
Patch(reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam).
Delete(reqOrgOwnership(), org.DeleteTeam)
m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.GetTeam).
Patch(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam).
Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.DeleteTeam)
m.Group("/members", func() {
m.Get("", org.GetTeamMembers)
m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetTeamMembers)
m.Combo("/{username}").
Get(org.GetTeamMember).
Put(reqOrgOwnership(), org.AddTeamMember).
Delete(reqOrgOwnership(), org.RemoveTeamMember)
Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.GetTeamMember).
Put(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.AddTeamMember).
Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.RemoveTeamMember)
})
m.Group("/repos", func() {
m.Get("", org.GetTeamRepos)
m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetTeamRepos)
m.Combo("/{org}/{reponame}").
Put(org.AddTeamRepository).
Delete(org.RemoveTeamRepository).
Get(org.GetTeamRepo)
Put(reqToken(auth_model.AccessTokenScopeWriteOrg), org.AddTeamRepository).
Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), org.RemoveTeamRepository).
Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.GetTeamRepo)
})
}, orgAssignment(false, true), reqToken(""), reqTeamMembership())
}, orgAssignment(false, true), reqTeamMembership())
m.Group("/admin", func() {
m.Group("/cron", func() {

2
tests/integration/api_team_test.go
View file

@ -44,7 +44,7 @@ func TestAPITeam(t *testing.T) {
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: teamUser2.UID})
session = loginUser(t, user2.Name)
token = getTokenForLoggedInUser(t, session)
token = getTokenForLoggedInUser(t, session, "read_org")
req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
_ = session.MakeRequest(t, req, http.StatusForbidden)

2
tests/integration/api_team_user_test.go
View file

@ -23,7 +23,7 @@ func TestAPITeamUser(t *testing.T) {
normalUsername := "user2"
session := loginUser(t, normalUsername)
token := getTokenForLoggedInUser(t, session)
token := getTokenForLoggedInUser(t, session, "read_org")
req := NewRequest(t, "GET", "/api/v1/teams/1/members/user1?token="+token)
session.MakeRequest(t, req, http.StatusNotFound)