From 4aafe26007b51e806bd9529870def18223bc18f5 Mon Sep 17 00:00:00 2001 From: Norwin Date: Thu, 15 Sep 2022 18:18:05 +0200 Subject: [PATCH 1/3] dont require team membership for team search results another regression from #18518 --- routers/api/v1/org/team.go | 1 - tests/integration/api_team_test.go | 9 ++++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go index c891d0e122ccb..176335c8c4279 100644 --- a/routers/api/v1/org/team.go +++ b/routers/api/v1/org/team.go @@ -759,7 +759,6 @@ func SearchTeam(ctx *context.APIContext) { listOptions := utils.GetListOptions(ctx) opts := &organization.SearchTeamOptions{ - UserID: ctx.Doer.ID, Keyword: ctx.FormTrim("q"), OrgID: ctx.Org.Organization.ID, IncludeDesc: ctx.FormString("include_desc") == "" || ctx.FormBool("include_desc"), diff --git a/tests/integration/api_team_test.go b/tests/integration/api_team_test.go index a667949c096f9..a185aefd586fc 100644 --- a/tests/integration/api_team_test.go +++ b/tests/integration/api_team_test.go @@ -236,10 +236,17 @@ func TestAPITeamSearch(t *testing.T) { assert.Len(t, results.Data, 1) assert.Equal(t, "test_team", results.Data[0].Name) + // access if org member but not team member + user29 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 29}) + token29 := getUserToken(t, user29.Name) + req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "team", token29) + assert.NotEmpty(t, results.Data) + assert.Len(t, results.Data, 1) + assert.Equal(t, "test_team", results.Data[0].Name) + // no access if not organization member user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) token5 := getUserToken(t, user5.Name) - req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "team", token5) MakeRequest(t, req, http.StatusForbidden) } From 39d7c0ab53035768efe425e824d5c125a0240a20 Mon Sep 17 00:00:00 2001 From: Norwin Date: Thu, 15 Sep 2022 18:38:48 +0200 Subject: [PATCH 2/3] fix test --- tests/integration/api_team_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/api_team_test.go b/tests/integration/api_team_test.go index a185aefd586fc..f65ac8680d34e 100644 --- a/tests/integration/api_team_test.go +++ b/tests/integration/api_team_test.go @@ -240,6 +240,8 @@ func TestAPITeamSearch(t *testing.T) { user29 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 29}) token29 := getUserToken(t, user29.Name) req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "team", token29) + resp = MakeRequest(t, req, http.StatusOK) + DecodeJSON(t, resp, &results) assert.NotEmpty(t, results.Data) assert.Len(t, results.Data, 1) assert.Equal(t, "test_team", results.Data[0].Name) From 384451463496a018735962ce3f86f808691696fe Mon Sep 17 00:00:00 2001 From: Norwin Date: Fri, 16 Sep 2022 11:37:52 +0200 Subject: [PATCH 3/3] fix tests --- tests/integration/api_team_test.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/integration/api_team_test.go b/tests/integration/api_team_test.go index f65ac8680d34e..3bf49f64e390b 100644 --- a/tests/integration/api_team_test.go +++ b/tests/integration/api_team_test.go @@ -233,8 +233,9 @@ func TestAPITeamSearch(t *testing.T) { resp := MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &results) assert.NotEmpty(t, results.Data) - assert.Len(t, results.Data, 1) - assert.Equal(t, "test_team", results.Data[0].Name) + assert.Len(t, results.Data, 2) + assert.Equal(t, "review_team", results.Data[0].Name) + assert.Equal(t, "test_team", results.Data[1].Name) // access if org member but not team member user29 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 29}) @@ -242,9 +243,9 @@ func TestAPITeamSearch(t *testing.T) { req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "team", token29) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &results) - assert.NotEmpty(t, results.Data) - assert.Len(t, results.Data, 1) - assert.Equal(t, "test_team", results.Data[0].Name) + assert.Len(t, results.Data, 2) + assert.Equal(t, "review_team", results.Data[0].Name) + assert.Equal(t, "test_team", results.Data[1].Name) // no access if not organization member user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})