0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-22 05:54:24 +01:00

[API] teamSearch show teams with no members if user is admin (#21204)

close #21176
This commit is contained in:
6543 2022-09-19 14:02:29 +02:00 committed by GitHub
parent c87e6a89da
commit c5e88fb03d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 48 additions and 24 deletions

View file

@ -64,8 +64,8 @@ func main() {
}
entries = append(entries, LicenseEntry{
Name: name,
Path: path,
Name: name,
Path: path,
LicenseText: string(licenseText),
})
}

View file

@ -129,29 +129,11 @@ func SearchTeam(opts *SearchTeamOptions) ([]*Team, int64, error) {
if opts.UserID > 0 {
sess = sess.Join("INNER", "team_user", "team_user.team_id = team.id")
}
count, err := sess.
Where(cond).
Count(new(Team))
if err != nil {
return nil, 0, err
}
if opts.UserID > 0 {
sess = sess.Join("INNER", "team_user", "team_user.team_id = team.id")
}
if opts.PageSize == -1 {
opts.PageSize = int(count)
} else {
sess = sess.Limit(opts.PageSize, (opts.Page-1)*opts.PageSize)
}
sess = db.SetSessionPagination(sess, opts)
teams := make([]*Team, 0, opts.PageSize)
if err = sess.
Where(cond).
OrderBy("lower_name").
Find(&teams); err != nil {
count, err := sess.Where(cond).OrderBy("lower_name").FindAndCount(&teams)
if err != nil {
return nil, 0, err
}

View file

@ -11,6 +11,7 @@ import (
"unicode/utf8"
"code.gitea.io/gitea/modules/log"
"gopkg.in/yaml.v3"
)

View file

@ -8,6 +8,7 @@ import (
"strings"
"code.gitea.io/gitea/modules/log"
"github.com/yuin/goldmark/ast"
"gopkg.in/yaml.v3"
)

View file

@ -759,13 +759,17 @@ func SearchTeam(ctx *context.APIContext) {
listOptions := utils.GetListOptions(ctx)
opts := &organization.SearchTeamOptions{
UserID: ctx.Doer.ID,
Keyword: ctx.FormTrim("q"),
OrgID: ctx.Org.Organization.ID,
IncludeDesc: ctx.FormString("include_desc") == "" || ctx.FormBool("include_desc"),
ListOptions: listOptions,
}
// Only admin is allowd to search for all teams
if !ctx.Doer.IsAdmin {
opts.UserID = ctx.Doer.ID
}
teams, maxResults, err := organization.SearchTeam(opts)
if err != nil {
log.Error("SearchTeam failed: %v", err)

View file

@ -5,6 +5,7 @@
package integration
import (
"fmt"
"net/http"
"net/url"
"strings"
@ -151,3 +152,38 @@ func TestAPIGetAll(t *testing.T) {
assert.Equal(t, "org25", apiOrgList[0].FullName)
assert.Equal(t, "public", apiOrgList[0].Visibility)
}
func TestAPIOrgSearchEmptyTeam(t *testing.T) {
onGiteaRun(t, func(*testing.T, *url.URL) {
token := getUserToken(t, "user1")
orgName := "org_with_empty_team"
// create org
req := NewRequestWithJSON(t, "POST", "/api/v1/orgs?token="+token, &api.CreateOrgOption{
UserName: orgName,
})
MakeRequest(t, req, http.StatusCreated)
// create team with no member
req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, token), &api.CreateTeamOption{
Name: "Empty",
IncludesAllRepositories: true,
Permission: "read",
Units: []string{"repo.code", "repo.issues", "repo.ext_issues", "repo.wiki", "repo.pulls"},
})
MakeRequest(t, req, http.StatusCreated)
// case-insensitive search for teams that have no members
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/teams/search?q=%s&token=%s", orgName, "empty", token))
resp := MakeRequest(t, req, http.StatusOK)
data := struct {
Ok bool
Data []*api.Team
}{}
DecodeJSON(t, resp, &data)
assert.True(t, data.Ok)
if assert.Len(t, data.Data, 1) {
assert.EqualValues(t, "Empty", data.Data[0].Name)
}
})
}