summaryrefslogtreecommitdiff
path: root/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'server/src')
-rw-r--r--server/src/main.rs16
-rw-r--r--server/src/tests.rs194
2 files changed, 198 insertions, 12 deletions
diff --git a/server/src/main.rs b/server/src/main.rs
index 53cdb89..6f66866 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -272,9 +272,7 @@ async fn project_update(
projectid: u64,
data: Json<api_model::ProjectData<'_>>,
) -> Result<&'static str, Custom<&'static str>> {
- project_check_maintainer(&mut db, session, projectid)
- .await
- .unwrap();
+ project_check_maintainer(&mut db, session, projectid).await?;
if data.title.is_none() && data.description.is_none() {
// Nothing to update. Treat as "success".
@@ -319,9 +317,7 @@ async fn project_user_add(
userid: u64,
data: Json<api_model::ProjectUserEntryData>,
) -> Result<&'static str, Custom<&'static str>> {
- project_check_maintainer(&mut db, session, projectid)
- .await
- .unwrap();
+ project_check_maintainer(&mut db, session, projectid).await?;
sqlx::query!(
"INSERT INTO project_users (project, user, default_role, maintainer) VALUES (?, ?, ?, ?)",
@@ -361,9 +357,7 @@ async fn project_user_update(
let need_maintainer = data.maintainer.is_some() || userid != session.user_id;
if need_maintainer {
- project_check_maintainer(&mut db, session, projectid)
- .await
- .unwrap();
+ project_check_maintainer(&mut db, session, projectid).await?;
}
if data.default_role.is_none() && data.maintainer.is_none() {
@@ -412,9 +406,7 @@ async fn project_user_del(
let need_maintainer = userid != session.user_id;
if need_maintainer {
- project_check_maintainer(&mut db, session, projectid)
- .await
- .unwrap();
+ project_check_maintainer(&mut db, session, projectid).await?;
}
sqlx::query!(
diff --git a/server/src/tests.rs b/server/src/tests.rs
index b6476a0..a658c33 100644
--- a/server/src/tests.rs
+++ b/server/src/tests.rs
@@ -365,3 +365,197 @@ async fn test_project_new_user() {
assert_eq!(other_entry.default_role, api_model::UserReviewRole::Watcher);
assert_eq!(other_entry.maintainer, true);
}
+
+#[rocket::async_test]
+async fn test_project_change_user() {
+ let client = async_client_with_private_database(function_name!().to_string()).await;
+
+ login(&client).await;
+
+ let project = new_project(&client).await;
+ let project_url = format!("/api/v1/project/{}", project.id);
+
+ let users = get_users(&client).await;
+ let user = users.users.iter().find(|u| u.username == "user").unwrap();
+ let other = users.users.iter().find(|u| u.username == "other").unwrap();
+
+ let new = client
+ .post(format!("{project_url}/user/new?userid={}", other.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: Some(api_model::UserReviewRole::Watcher),
+ maintainer: Some(true),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(new.status(), Status::Ok);
+
+ let update = client
+ .post(format!("{project_url}/user/{}", user.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: None,
+ maintainer: Some(false),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(update.status(), Status::Ok);
+
+ let updated_project = get_project_from(client.get(project_url)).await;
+ assert_eq!(updated_project.users.len(), 2);
+ let user_entry = updated_project
+ .users
+ .iter()
+ .find(|ue| ue.user.id == user.id)
+ .unwrap();
+ assert_eq!(user_entry.user, *user);
+ assert_eq!(user_entry.default_role, api_model::UserReviewRole::Reviewer);
+ assert_eq!(user_entry.maintainer, false);
+}
+
+#[rocket::async_test]
+async fn test_project_check_maintainer() {
+ let client = async_client_with_private_database(function_name!().to_string()).await;
+
+ login(&client).await;
+
+ let project = new_project(&client).await;
+ let project_url = format!("/api/v1/project/{}", project.id);
+
+ let users = get_users(&client).await;
+ let user = users.users.iter().find(|u| u.username == "user").unwrap();
+ let other = users.users.iter().find(|u| u.username == "other").unwrap();
+
+ let new = client
+ .post(format!("{project_url}/user/new?userid={}", other.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: Some(api_model::UserReviewRole::Watcher),
+ maintainer: Some(true),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(new.status(), Status::Ok);
+
+ let update = client
+ .post(format!("{project_url}/user/{}", user.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: None,
+ maintainer: Some(false),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(update.status(), Status::Ok);
+
+ let try_update_project = client
+ .post(project_url.clone())
+ .json(&api_model::ProjectData {
+ title: None,
+ description: Some("fool"),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(try_update_project.status(), Status::Unauthorized);
+
+ let not_updated_project = get_project_from(client.get(project_url)).await;
+ assert_eq!(not_updated_project.description, "bar");
+}
+
+#[rocket::async_test]
+async fn test_project_dont_check_maintainer() {
+ let client = async_client_with_private_database(function_name!().to_string()).await;
+
+ login(&client).await;
+
+ let project = new_project(&client).await;
+ let project_url = format!("/api/v1/project/{}", project.id);
+
+ let users = get_users(&client).await;
+ let user = users.users.iter().find(|u| u.username == "user").unwrap();
+ let other = users.users.iter().find(|u| u.username == "other").unwrap();
+
+ let new = client
+ .post(format!("{project_url}/user/new?userid={}", other.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: Some(api_model::UserReviewRole::Watcher),
+ maintainer: Some(true),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(new.status(), Status::Ok);
+
+ let update_maintainer = client
+ .post(format!("{project_url}/user/{}", user.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: None,
+ maintainer: Some(false),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(update_maintainer.status(), Status::Ok);
+
+ // Can still update default role for user ("me")
+ let update_default_role = client
+ .post(format!("{project_url}/user/{}", user.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: Some(api_model::UserReviewRole::Watcher),
+ maintainer: None,
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(update_default_role.status(), Status::Ok);
+
+ // But updating default role for other is no longer allowed.
+ let update_other_default_role = client
+ .post(format!("{project_url}/user/{}", other.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: Some(api_model::UserReviewRole::Reviewer),
+ maintainer: None,
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(update_other_default_role.status(), Status::Unauthorized);
+}
+
+#[rocket::async_test]
+async fn test_project_delete_user() {
+ let client = async_client_with_private_database(function_name!().to_string()).await;
+
+ login(&client).await;
+
+ let project = new_project(&client).await;
+ let project_url = format!("/api/v1/project/{}", project.id);
+
+ let users = get_users(&client).await;
+ let user = users.users.iter().find(|u| u.username == "user").unwrap();
+ let other = users.users.iter().find(|u| u.username == "other").unwrap();
+
+ let new = client
+ .post(format!("{project_url}/user/new?userid={}", other.id))
+ .json(&api_model::ProjectUserEntryData {
+ default_role: Some(api_model::UserReviewRole::Watcher),
+ maintainer: Some(true),
+ })
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(new.status(), Status::Ok);
+
+ let delete = client
+ .delete(format!("{project_url}/user/{}", user.id))
+ .header(&FAKE_IP)
+ .dispatch()
+ .await;
+ assert_eq!(delete.status(), Status::Ok);
+
+ let updated_project = get_project_from(client.get(project_url)).await;
+ assert_eq!(updated_project.users.len(), 1);
+ let other_entry = updated_project.users.get(0).unwrap();
+ assert_eq!(other_entry.user, *other);
+}
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-07 17:54:45 +0000