1
0
Fork 0

[API] teamSearch show teams with no members if user is admin (#21204)

close #21176
This commit is contained in:
6543 2022-09-19 14:02:29 +02:00 committed by GitHub
parent c87e6a89da
commit c5e88fb03d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 48 additions and 24 deletions

View file

@ -129,29 +129,11 @@ func SearchTeam(opts *SearchTeamOptions) ([]*Team, int64, error) {
if opts.UserID > 0 { if opts.UserID > 0 {
sess = sess.Join("INNER", "team_user", "team_user.team_id = team.id") sess = sess.Join("INNER", "team_user", "team_user.team_id = team.id")
} }
sess = db.SetSessionPagination(sess, opts)
count, err := sess.
Where(cond).
Count(new(Team))
if err != nil {
return nil, 0, err
}
if opts.UserID > 0 {
sess = sess.Join("INNER", "team_user", "team_user.team_id = team.id")
}
if opts.PageSize == -1 {
opts.PageSize = int(count)
} else {
sess = sess.Limit(opts.PageSize, (opts.Page-1)*opts.PageSize)
}
teams := make([]*Team, 0, opts.PageSize) teams := make([]*Team, 0, opts.PageSize)
if err = sess. count, err := sess.Where(cond).OrderBy("lower_name").FindAndCount(&teams)
Where(cond). if err != nil {
OrderBy("lower_name").
Find(&teams); err != nil {
return nil, 0, err return nil, 0, err
} }

View file

@ -11,6 +11,7 @@ import (
"unicode/utf8" "unicode/utf8"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
) )

View file

@ -8,6 +8,7 @@ import (
"strings" "strings"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"github.com/yuin/goldmark/ast" "github.com/yuin/goldmark/ast"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
) )

View file

@ -759,13 +759,17 @@ func SearchTeam(ctx *context.APIContext) {
listOptions := utils.GetListOptions(ctx) listOptions := utils.GetListOptions(ctx)
opts := &organization.SearchTeamOptions{ opts := &organization.SearchTeamOptions{
UserID: ctx.Doer.ID,
Keyword: ctx.FormTrim("q"), Keyword: ctx.FormTrim("q"),
OrgID: ctx.Org.Organization.ID, OrgID: ctx.Org.Organization.ID,
IncludeDesc: ctx.FormString("include_desc") == "" || ctx.FormBool("include_desc"), IncludeDesc: ctx.FormString("include_desc") == "" || ctx.FormBool("include_desc"),
ListOptions: listOptions, ListOptions: listOptions,
} }
// Only admin is allowd to search for all teams
if !ctx.Doer.IsAdmin {
opts.UserID = ctx.Doer.ID
}
teams, maxResults, err := organization.SearchTeam(opts) teams, maxResults, err := organization.SearchTeam(opts)
if err != nil { if err != nil {
log.Error("SearchTeam failed: %v", err) log.Error("SearchTeam failed: %v", err)

View file

@ -5,6 +5,7 @@
package integration package integration
import ( import (
"fmt"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
@ -151,3 +152,38 @@ func TestAPIGetAll(t *testing.T) {
assert.Equal(t, "org25", apiOrgList[0].FullName) assert.Equal(t, "org25", apiOrgList[0].FullName)
assert.Equal(t, "public", apiOrgList[0].Visibility) assert.Equal(t, "public", apiOrgList[0].Visibility)
} }
func TestAPIOrgSearchEmptyTeam(t *testing.T) {
onGiteaRun(t, func(*testing.T, *url.URL) {
token := getUserToken(t, "user1")
orgName := "org_with_empty_team"
// create org
req := NewRequestWithJSON(t, "POST", "/api/v1/orgs?token="+token, &api.CreateOrgOption{
UserName: orgName,
})
MakeRequest(t, req, http.StatusCreated)
// create team with no member
req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, token), &api.CreateTeamOption{
Name: "Empty",
IncludesAllRepositories: true,
Permission: "read",
Units: []string{"repo.code", "repo.issues", "repo.ext_issues", "repo.wiki", "repo.pulls"},
})
MakeRequest(t, req, http.StatusCreated)
// case-insensitive search for teams that have no members
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/teams/search?q=%s&token=%s", orgName, "empty", token))
resp := MakeRequest(t, req, http.StatusOK)
data := struct {
Ok bool
Data []*api.Team
}{}
DecodeJSON(t, resp, &data)
assert.True(t, data.Ok)
if assert.Len(t, data.Data, 1) {
assert.EqualValues(t, "Empty", data.Data[0].Name)
}
})
}