inactive accounts cannot activate a repository
This commit is contained in:
parent
c78f55cc2f
commit
27bc816a01
5 changed files with 65 additions and 8 deletions
4
go.mod
4
go.mod
|
@ -17,9 +17,9 @@ require (
|
|||
github.com/docker/go-connections v0.3.0
|
||||
github.com/docker/go-units v0.3.3
|
||||
github.com/drone/drone-go v1.0.5
|
||||
github.com/drone/drone-runtime v1.0.6
|
||||
github.com/drone/drone-runtime v1.0.7
|
||||
github.com/drone/drone-ui v0.0.0-20190530175131-92ba3df1e0a9
|
||||
github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee
|
||||
github.com/drone/drone-yaml v1.2.2
|
||||
github.com/drone/envsubst v1.0.1
|
||||
github.com/drone/go-license v1.0.2
|
||||
github.com/drone/go-login v1.0.4-0.20190311170324-2a4df4f242a2
|
||||
|
|
5
go.sum
5
go.sum
|
@ -52,6 +52,9 @@ github.com/drone/drone-runtime v1.0.5 h1:fEdUvKd5+l8BQaPXntjUtSIVLvGWo3Blgb/zrXL
|
|||
github.com/drone/drone-runtime v1.0.5/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
|
||||
github.com/drone/drone-runtime v1.0.6 h1:7aPvPCZI2uqt3IEmx/BZg+ml10+I5lE74lZ17Y7xy40=
|
||||
github.com/drone/drone-runtime v1.0.6/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
|
||||
github.com/drone/drone-runtime v1.0.7-0.20190729202838-87c84080f4a1/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
|
||||
github.com/drone/drone-runtime v1.0.7 h1:qviHrNmEdT3aYfQW3NYOuClHw2IU6CECSOfrXe8QLvY=
|
||||
github.com/drone/drone-runtime v1.0.7/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
|
||||
github.com/drone/drone-ui v0.0.0-20190318170755-1ca48466a158 h1:u80WYtaGkKWVmxj1BMX9SukAqTxILzGFIKvY5as9zAc=
|
||||
github.com/drone/drone-ui v0.0.0-20190318170755-1ca48466a158/go.mod h1:NBtVWW7NNJpD9+huMD/5TAE1db2nrEh0i35/9Rf1MPI=
|
||||
github.com/drone/drone-ui v0.0.0-20190318215801-d6c3d11a1c3f h1:yMdZ/2BZFKrfMbWlc0cNH2TCXdC8MsSR0pnu3Dq4UH4=
|
||||
|
@ -93,6 +96,8 @@ github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda h1:vPXJLgkyScZ0
|
|||
github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4=
|
||||
github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee h1:/zyEkv56+T6JxLkYgYYwZAMLKBgEnHA3fwZXiVI9nuE=
|
||||
github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4=
|
||||
github.com/drone/drone-yaml v1.2.2 h1:Srf8OlAHhR7SXX5Ax01dP5tpZENsrEKyg35E2nNkIew=
|
||||
github.com/drone/drone-yaml v1.2.2/go.mod h1:QsqliFK8nG04AHFN9tTn9XJomRBQHD4wcejWW1uz/10=
|
||||
github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE=
|
||||
github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0=
|
||||
github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok=
|
||||
|
|
|
@ -10,8 +10,8 @@ import (
|
|||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"github.com/drone/drone/handler/api/request"
|
||||
"github.com/drone/drone/core"
|
||||
"github.com/drone/drone/handler/api/request"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
@ -25,6 +25,14 @@ var (
|
|||
ID: 1,
|
||||
Login: "octocat",
|
||||
Admin: false,
|
||||
Active: true,
|
||||
}
|
||||
|
||||
mockUserInactive = &core.User{
|
||||
ID: 1,
|
||||
Login: "octocat",
|
||||
Admin: false,
|
||||
Active: false,
|
||||
}
|
||||
|
||||
mockRepo = &core.Repository{
|
||||
|
|
|
@ -123,6 +123,9 @@ func CheckAccess(read, write, admin bool) func(http.Handler) http.Handler {
|
|||
)
|
||||
|
||||
switch {
|
||||
case user.Active == false:
|
||||
render.Forbidden(w, errors.ErrForbidden)
|
||||
log.Debugln("api: active account required")
|
||||
case read == true && perm.Read == false:
|
||||
render.NotFound(w, errors.ErrNotFound)
|
||||
log.Debugln("api: read access required")
|
||||
|
|
|
@ -12,9 +12,9 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/drone/drone/core"
|
||||
"github.com/drone/drone/handler/api/errors"
|
||||
"github.com/drone/drone/handler/api/request"
|
||||
"github.com/drone/drone/core"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
|
@ -380,6 +380,47 @@ func TestCheckWriteAccess(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// this test verifies the the next handler in the middleware
|
||||
// chain is not processed if the user has write access BUT
|
||||
// has been inactivated (e.g. blocked).
|
||||
func TestCheckWriteAccess_InactiveUser(t *testing.T) {
|
||||
controller := gomock.NewController(t)
|
||||
defer controller.Finish()
|
||||
|
||||
writeAccess := &core.Perm{
|
||||
Synced: time.Now().Unix(),
|
||||
Read: true,
|
||||
Write: true,
|
||||
Admin: false,
|
||||
}
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
r := httptest.NewRequest("GET", "/api/repos/octocat/hello-world", nil)
|
||||
r = r.WithContext(
|
||||
request.WithPerm(
|
||||
request.WithUser(
|
||||
request.WithRepo(noContext, mockRepo),
|
||||
mockUserInactive,
|
||||
),
|
||||
writeAccess,
|
||||
),
|
||||
)
|
||||
|
||||
router := chi.NewRouter()
|
||||
router.Route("/api/repos/{owner}/{name}", func(router chi.Router) {
|
||||
router.Use(CheckWriteAccess())
|
||||
router.Get("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
t.Error("should not invoke hanlder")
|
||||
})
|
||||
})
|
||||
|
||||
router.ServeHTTP(w, r)
|
||||
|
||||
if got, want := w.Code, http.StatusForbidden; got != want {
|
||||
t.Errorf("Want status code %d, got %d", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
// this test verifies that a 404 not found error is written to
|
||||
// the response if the user lacks write access to the repository.
|
||||
//
|
||||
|
@ -526,7 +567,7 @@ func TestCheckAdminAccess_SystemAdmin(t *testing.T) {
|
|||
controller := gomock.NewController(t)
|
||||
defer controller.Finish()
|
||||
|
||||
user := &core.User{ID: 1, Admin: true}
|
||||
user := &core.User{ID: 1, Admin: true, Active: true}
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
r := httptest.NewRequest("GET", "/api/repos/octocat/hello-world", nil)
|
||||
|
|
Loading…
Reference in a new issue