Add package scope for package APIs
This commit is contained in:
harryzcy
parent
0f25b04505
commit
f76259b22d
3 changed files with 23 additions and 17 deletions
|
|
@ -1095,11 +1095,11 @@ func Routes(ctx gocontext.Context) *web.Route {
|
|||
|
||||
m.Group("/packages/{username}", func() {
|
||||
m.Group("/{type}/{name}/{version}", func() {
|
||||
m.Get("", packages.GetPackage)
|
||||
m.Delete("", reqPackageAccess(perm.AccessModeWrite), packages.DeletePackage)
|
||||
m.Get("/files", packages.ListPackageFiles)
|
||||
m.Get("", reqToken(auth_model.AccessTokenScopeReadPackage), packages.GetPackage)
|
||||
m.Delete("", reqToken(auth_model.AccessTokenScopeDeletePackage), reqPackageAccess(perm.AccessModeWrite), packages.DeletePackage)
|
||||
m.Get("/files", reqToken(auth_model.AccessTokenScopeReadPackage), packages.ListPackageFiles)
|
||||
})
|
||||
m.Get("/", packages.ListPackages)
|
||||
m.Get("/", reqToken(auth_model.AccessTokenScopeReadPackage), packages.ListPackages)
|
||||
}, context_service.UserAssignmentAPI(), context.PackageAssignmentAPI(), reqPackageAccess(perm.AccessModeRead))
|
||||
|
||||
// Organizations
|
||||
|
|
|
|||
|
|
@ -30,6 +30,8 @@ func TestPackageContainer(t *testing.T) {
|
|||
defer tests.PrepareTestEnv(t)()
|
||||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session, "read_package")
|
||||
|
||||
has := func(l packages_model.PackagePropertyList, name string) bool {
|
||||
for _, pp := range l {
|
||||
|
|
@ -546,7 +548,7 @@ func TestPackageContainer(t *testing.T) {
|
|||
assert.Equal(t, c.ExpectedLink, resp.Header().Get("Link"))
|
||||
}
|
||||
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s?type=container&q=%s", user.Name, image))
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s?type=container&q=%s&token=%s", user.Name, image, token))
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var apiPackages []*api.Package
|
||||
|
|
|
|||
|
|
@ -28,7 +28,8 @@ func TestPackageAPI(t *testing.T) {
|
|||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
tokenReadPackage := getTokenForLoggedInUser(t, session, "read_package")
|
||||
tokenWritePackage := getTokenForLoggedInUser(t, session, "write_package")
|
||||
|
||||
packageName := "test-package"
|
||||
packageVersion := "1.0.3"
|
||||
|
|
@ -42,7 +43,7 @@ func TestPackageAPI(t *testing.T) {
|
|||
t.Run("ListPackages", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s?token=%s", user.Name, token))
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s?token=%s", user.Name, tokenReadPackage))
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var apiPackages []*api.Package
|
||||
|
|
@ -59,10 +60,10 @@ func TestPackageAPI(t *testing.T) {
|
|||
t.Run("GetPackage", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/dummy/%s/%s?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/dummy/%s/%s?token=%s", user.Name, packageName, packageVersion, tokenReadPackage))
|
||||
MakeRequest(t, req, http.StatusNotFound)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, tokenReadPackage))
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var p *api.Package
|
||||
|
|
@ -81,7 +82,7 @@ func TestPackageAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
// no repository link
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, tokenReadPackage))
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var ap1 *api.Package
|
||||
|
|
@ -91,7 +92,7 @@ func TestPackageAPI(t *testing.T) {
|
|||
// link to public repository
|
||||
assert.NoError(t, packages_model.SetRepositoryLink(db.DefaultContext, p.ID, 1))
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, tokenReadPackage))
|
||||
resp = MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var ap2 *api.Package
|
||||
|
|
@ -102,7 +103,7 @@ func TestPackageAPI(t *testing.T) {
|
|||
// link to private repository
|
||||
assert.NoError(t, packages_model.SetRepositoryLink(db.DefaultContext, p.ID, 2))
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, tokenReadPackage))
|
||||
resp = MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var ap3 *api.Package
|
||||
|
|
@ -116,10 +117,10 @@ func TestPackageAPI(t *testing.T) {
|
|||
t.Run("ListPackageFiles", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/dummy/%s/%s/files?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/dummy/%s/%s/files?token=%s", user.Name, packageName, packageVersion, tokenReadPackage))
|
||||
MakeRequest(t, req, http.StatusNotFound)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s/files?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s/files?token=%s", user.Name, packageName, packageVersion, tokenReadPackage))
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var files []*api.PackageFile
|
||||
|
|
@ -137,10 +138,10 @@ func TestPackageAPI(t *testing.T) {
|
|||
t.Run("DeletePackage", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
||||
req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/packages/%s/dummy/%s/%s?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/packages/%s/dummy/%s/%s?token=%s", user.Name, packageName, packageVersion, tokenWritePackage))
|
||||
MakeRequest(t, req, http.StatusNotFound)
|
||||
|
||||
req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, token))
|
||||
req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/packages/%s/generic/%s/%s?token=%s", user.Name, packageName, packageVersion, tokenWritePackage))
|
||||
MakeRequest(t, req, http.StatusNoContent)
|
||||
})
|
||||
}
|
||||
|
|
@ -152,8 +153,11 @@ func TestPackageAccess(t *testing.T) {
|
|||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
|
||||
inactive := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 9})
|
||||
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session, "write_package")
|
||||
|
||||
uploadPackage := func(doer, owner *user_model.User, expectedStatus int) {
|
||||
url := fmt.Sprintf("/api/packages/%s/generic/test-package/1.0/file.bin", owner.Name)
|
||||
url := fmt.Sprintf("/api/packages/%s/generic/test-package/1.0/file.bin?token=%s", owner.Name, token)
|
||||
req := NewRequestWithBody(t, "PUT", url, bytes.NewReader([]byte{1}))
|
||||
AddBasicAuthHeader(req, doer.Name)
|
||||
MakeRequest(t, req, expectedStatus)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue