fix names

Author: wxiaoguang

models/actions/variable.go

@@ -95,7 +95,8 @@ func FindVariables(ctx context.Context, opts FindVariablesOpts) ([]*ActionVariab
 	return db.Find[ActionVariable](ctx, opts)
 }
 
-func UpdateVariable(ctx context.Context, variable *ActionVariable, cols ...string) (bool, error) {
+func UpdateVariableCols(ctx context.Context, variable *ActionVariable, cols ...string) (bool, error) {
+	variable.Name = strings.ToUpper(variable.Name)
 	count, err := db.GetEngine(ctx).
 		ID(variable.ID).
 		Cols(cols...).

routers/api/v1/org/action.go

@@ -454,7 +454,7 @@ func (Action) UpdateVariable(ctx *context.APIContext) {
 	v.Name = opt.Name
 	v.Data = opt.Value
 
-	if _, err := actions_service.UpdateVariable(ctx, v); err != nil {
+	if _, err := actions_service.UpdateVariableNameData(ctx, v); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "UpdateVariable", err)
 		} else {

routers/api/v1/repo/action.go

@@ -418,7 +418,7 @@ func (Action) UpdateVariable(ctx *context.APIContext) {
 	v.Name = opt.Name
 	v.Data = opt.Value
 
-	if _, err := actions_service.UpdateVariable(ctx, v); err != nil {
+	if _, err := actions_service.UpdateVariableNameData(ctx, v); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "UpdateVariable", err)
 		} else {

routers/api/v1/user/action.go

@@ -216,7 +216,7 @@ func UpdateVariable(ctx *context.APIContext) {
 	v.Name = opt.Name
 	v.Data = opt.Value
 
-	if _, err := actions_service.UpdateVariable(ctx, v); err != nil {
+	if _, err := actions_service.UpdateVariableNameData(ctx, v); err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "UpdateVariable", err)
 		} else {

routers/web/shared/actions/variables.go

@@ -149,16 +149,16 @@ func VariableUpdate(ctx *context.Context) {
 
 	id := ctx.PathParamInt64("variable_id")
 
-	variable, ok := findVariable(ctx, id, vCtx)
-	if !ok {
+	variable := findActionsVariable(ctx, id, vCtx)
+	if ctx.Written() {
 		return
 	}
 
 	form := web.GetForm(ctx).(*forms.EditVariableForm)
 	variable.Name = form.Name
 	variable.Data = form.Data
 
-	if ok, err := actions_service.UpdateVariable(ctx, variable); err != nil || !ok {
+	if ok, err := actions_service.UpdateVariableNameData(ctx, variable); err != nil || !ok {
 		log.Error("UpdateVariable: %v", err)
 		ctx.JSONError(ctx.Tr("actions.variables.update.failed"))
 		return
@@ -167,31 +167,36 @@ func VariableUpdate(ctx *context.Context) {
 	ctx.JSONRedirect(vCtx.RedirectLink)
 }
 
-func findVariable(ctx *context.Context, id int64, vCtx *variablesCtx) (*actions_model.ActionVariable, bool) {
+func findActionsVariable(ctx *context.Context, id int64, vCtx *variablesCtx) *actions_model.ActionVariable {
 	opts := actions_model.FindVariablesOpts{
 		IDs: []int64{id},
 	}
 	switch {
 	case vCtx.IsRepo:
 		opts.RepoID = vCtx.RepoID
+		if opts.RepoID == 0 {
+			panic("RepoID is 0")
+		}
 	case vCtx.IsOrg, vCtx.IsUser:
 		opts.OwnerID = vCtx.OwnerID
+		if opts.OwnerID == 0 {
+			panic("OwnerID is 0")
+		}
 	case vCtx.IsGlobal:
 		// do nothing
 	default:
-		ctx.ServerError("findVariable", errors.New("unable to determine"))
-		return nil, false
+		panic("invalid actions variable")
 	}
 
 	got, err := actions_model.FindVariables(ctx, opts)
 	if err != nil {
 		ctx.ServerError("FindVariables", err)
-		return nil, false
+		return nil
 	} else if len(got) == 0 {
 		ctx.NotFound("FindVariables", nil)
-		return nil, false
+		return nil
 	}
-	return got[0], true
+	return got[0]
 }
 
 func VariableDelete(ctx *context.Context) {
@@ -203,8 +208,8 @@ func VariableDelete(ctx *context.Context) {
 
 	id := ctx.PathParamInt64("variable_id")
 
-	variable, ok := findVariable(ctx, id, vCtx)
-	if !ok {
+	variable := findActionsVariable(ctx, id, vCtx)
+	if ctx.Written() {
 		return
 	}
 

services/actions/variables.go

@@ -30,7 +30,7 @@ func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data strin
 	return v, nil
 }
 
-func UpdateVariable(ctx context.Context, variable *actions_model.ActionVariable) (bool, error) {
+func UpdateVariableNameData(ctx context.Context, variable *actions_model.ActionVariable) (bool, error) {
 	if err := secret_service.ValidateName(variable.Name); err != nil {
 		return false, err
 	}
@@ -41,7 +41,7 @@ func UpdateVariable(ctx context.Context, variable *actions_model.ActionVariable)
 
 	variable.Data = util.ReserveLineBreakForTextarea(variable.Data)
 
-	return actions_model.UpdateVariable(ctx, variable, "name", "data")
+	return actions_model.UpdateVariableCols(ctx, variable, "name", "data")
 }
 
 func DeleteVariableByID(ctx context.Context, variableID int64) error {

tests/integration/actions_variables_test.go

@@ -0,0 +1,149 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionsVariables(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	ctx := context.Background()
+
+	require.NoError(t, db.DeleteAllRecords("action_variable"))
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	_, _ = actions_model.InsertVariable(ctx, user2.ID, 0, "VAR", "user2-var")
+	user2Var := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{OwnerID: user2.ID, Name: "VAR"})
+	userWebURL := "/user/settings/actions/variables"
+
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+	_, _ = actions_model.InsertVariable(ctx, org3.ID, 0, "VAR", "org3-var")
+	org3Var := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{OwnerID: org3.ID, Name: "VAR"})
+	orgWebURL := "/org/org3/settings/actions/variables"
+
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	_, _ = actions_model.InsertVariable(ctx, 0, repo1.ID, "VAR", "repo1-var")
+	repo1Var := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{RepoID: repo1.ID, Name: "VAR"})
+	repoWebURL := "/user2/repo1/settings/actions/variables"
+
+	_, _ = actions_model.InsertVariable(ctx, 0, 0, "VAR", "global-var")
+	globalVar := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{Name: "VAR", Data: "global-var"})
+	adminWebURL := "/-/admin/actions/variables"
+
+	sessionAdmin := loginUser(t, "user1")
+	sessionUser2 := loginUser(t, user2.Name)
+
+	doUpdate := func(t *testing.T, sess *TestSession, baseURL string, id int64, data string, expectedStatus int) {
+		req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/%d/edit", baseURL, id), map[string]string{
+			"_csrf": GetUserCSRFToken(t, sess),
+			"name":  "VAR",
+			"data":  data,
+		})
+		sess.MakeRequest(t, req, expectedStatus)
+	}
+
+	doDelete := func(t *testing.T, sess *TestSession, baseURL string, id int64, expectedStatus int) {
+		req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/%d/delete", baseURL, id), map[string]string{
+			"_csrf": GetUserCSRFToken(t, sess),
+		})
+		sess.MakeRequest(t, req, expectedStatus)
+	}
+
+	assertDenied := func(t *testing.T, sess *TestSession, baseURL string, id int64) {
+		doUpdate(t, sess, baseURL, id, "ChangedData", http.StatusNotFound)
+		doDelete(t, sess, baseURL, id, http.StatusNotFound)
+		v := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{ID: id})
+		assert.Contains(t, v.Data, "-var")
+	}
+
+	assertSuccess := func(t *testing.T, sess *TestSession, baseURL string, id int64) {
+		doUpdate(t, sess, baseURL, id, "ChangedData", http.StatusOK)
+		v := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{ID: id})
+		assert.Equal(t, "ChangedData", v.Data)
+		doDelete(t, sess, baseURL, id, http.StatusOK)
+		unittest.AssertNotExistsBean(t, &actions_model.ActionVariable{ID: id})
+	}
+
+	t.Run("UpdateUserVar", func(t *testing.T) {
+		theVar := user2Var
+		t.Run("FromOrg", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, orgWebURL, theVar.ID)
+		})
+		t.Run("FromRepo", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, repoWebURL, theVar.ID)
+		})
+		t.Run("FromAdmin", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, adminWebURL, theVar.ID)
+		})
+	})
+
+	t.Run("UpdateOrgVar", func(t *testing.T) {
+		theVar := org3Var
+		t.Run("FromRepo", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, repoWebURL, theVar.ID)
+		})
+		t.Run("FromUser", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, userWebURL, theVar.ID)
+		})
+		t.Run("FromAdmin", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, adminWebURL, theVar.ID)
+		})
+	})
+
+	t.Run("UpdateRepoVar", func(t *testing.T) {
+		theVar := repo1Var
+		t.Run("FromOrg", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, orgWebURL, theVar.ID)
+		})
+		t.Run("FromUser", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, userWebURL, theVar.ID)
+		})
+		t.Run("FromAdmin", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, adminWebURL, theVar.ID)
+		})
+	})
+
+	t.Run("UpdateGlobalVar", func(t *testing.T) {
+		theVar := globalVar
+		t.Run("FromOrg", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, orgWebURL, theVar.ID)
+		})
+		t.Run("FromUser", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, userWebURL, theVar.ID)
+		})
+		t.Run("FromRepo", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, repoWebURL, theVar.ID)
+		})
+	})
+
+	t.Run("UpdateSuccess", func(t *testing.T) {
+		t.Run("User", func(t *testing.T) {
+			assertSuccess(t, sessionUser2, userWebURL, user2Var.ID)
+		})
+		t.Run("Org", func(t *testing.T) {
+			assertSuccess(t, sessionAdmin, orgWebURL, org3Var.ID)
+		})
+		t.Run("Repo", func(t *testing.T) {
+			assertSuccess(t, sessionUser2, repoWebURL, repo1Var.ID)
+		})
+		t.Run("Admin", func(t *testing.T) {
+			assertSuccess(t, sessionAdmin, adminWebURL, globalVar.ID)
+		})
+	})
+}