Merge pull request #303 from fudanchii/fix-handler

Fix RepoHandler
This commit is contained in:
Brad Rydzewski 2014-05-07 14:44:26 -07:00
commit 4d22c5f6e4
4 changed files with 81 additions and 3 deletions

View file

@ -115,10 +115,20 @@ func Setup() {
Token: "789", Token: "789",
GitlabToken: "789", GitlabToken: "789",
Admin: false} Admin: false}
user4 := User{
Password: "$2a$10$b8d63QsTL38vx7lj0HEHfOdbu1PCAg6Gfca74UavkXooIBx9YxopS",
Name: "Rick El Toro",
Email: "rick@el.to.ro",
Gravatar: "c2180a539620d90d68eaeb848364f1c2",
Token: "987",
GitlabToken: "987",
Admin: false}
database.SaveUser(&user1) database.SaveUser(&user1)
database.SaveUser(&user2) database.SaveUser(&user2)
database.SaveUser(&user3) database.SaveUser(&user3)
database.SaveUser(&user4)
// create dummy team data // create dummy team data
team1 := Team{ team1 := Team{

View file

@ -146,8 +146,8 @@ func TestListUsers(t *testing.T) {
} }
// verify user count // verify user count
if len(users) != 3 { if len(users) != 4 {
t.Errorf("Exepected %d users in database, got %d", 3, len(users)) t.Errorf("Exepected %d users in database, got %d", 4, len(users))
return return
} }

View file

@ -102,7 +102,7 @@ func (h RepoHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// The User must own the repository OR be a member // The User must own the repository OR be a member
// of the Team that owns the repository OR the repo // of the Team that owns the repository OR the repo
// must not be private. // must not be private.
if repo.Private == false && user.ID != repo.UserID { if repo.Private && user.ID != repo.UserID {
if member, _ := database.IsMember(user.ID, repo.TeamID); !member { if member, _ := database.IsMember(user.ID, repo.TeamID); !member {
RenderNotFound(w) RenderNotFound(w)
return return

View file

@ -0,0 +1,68 @@
package testing
import (
"net/http"
"net/http/httptest"
"testing"
. "github.com/drone/drone/pkg/database/testing"
"github.com/drone/drone/pkg/handler"
. "github.com/drone/drone/pkg/model"
"github.com/bmizerany/pat"
. "github.com/smartystreets/goconvey/convey"
)
func TestRepoHandler(t *testing.T) {
Setup()
defer Teardown()
m := pat.New()
Convey("Repo Handler", t, func() {
m.Get("/:host/:owner/:name", handler.RepoHandler(dummyUserRepo))
Convey("Public repo can be viewed without login", func() {
req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
So(err, ShouldBeNil)
rec := httptest.NewRecorder()
m.ServeHTTP(rec, req)
So(rec.Code, ShouldEqual, 200)
})
Convey("Public repo can be viewed by another user", func() {
req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
So(err, ShouldBeNil)
rec := httptest.NewRecorder()
setUserSession(rec, req, "cavepig@gmail.com")
m.ServeHTTP(rec, req)
So(rec.Code, ShouldEqual, 200)
})
Convey("Private repo can not be viewed without login", func() {
req, err := http.NewRequest("GET", "/github.com/drone/drone", nil)
So(err, ShouldBeNil)
rec := httptest.NewRecorder()
m.ServeHTTP(rec, req)
So(rec.Code, ShouldEqual, 303)
})
Convey("Private repo can not be viewed by a non team member", func() {
req, err := http.NewRequest("GET", "/github.com/drone/drone", nil)
So(err, ShouldBeNil)
rec := httptest.NewRecorder()
setUserSession(rec, req, "rick@el.to.ro")
m.ServeHTTP(rec, req)
So(rec.Code, ShouldEqual, 404)
})
})
}
func dummyUserRepo(w http.ResponseWriter, r *http.Request, u *User, repo *Repo) error {
return handler.RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
}
func setUserSession(w http.ResponseWriter, r *http.Request, username string) {
handler.SetCookie(w, r, "_sess", username)
resp := http.Response{Header: w.Header()}
for _, v := range resp.Cookies() {
r.AddCookie(v)
}
}