2019-09-03 15:46:24 +00:00
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
[GITEA] Fix the topic search paging
When searching for repository topics, either via the API, or via
Explore, paging did not work correctly, because it only applied when the
`page` parameter was non-zero. Paging should have applied when the page
size is greater than zero, which is what this patch does.
As a result, both the API, and the Explore endpoint will return paged
results (30 by default). As such, when managing topics on the frontend,
the offered completions will also be limited to a pageful of results,
based on what the user has already typed.
This drastically reduces the amount of traffic, and also the number of
the topics to choose from, and thus, the rendering time too.
The topics will be returned by popularity, with most used topics first.
A single page will contain `[api].DEFAULT_PAGING_NUM` (30 by default)
items that match the query. That's plenty to choose from.
Fixes #132.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 64d4ff41dbab7b3b84571b595158c3b451f53af7)
(cherry picked from commit 06b808fa2c0ddd52ca4569157892a0c7fc154b1f)
(cherry picked from commit 9205c9266a7d2b058100d03f5f3272f670f35866)
(cherry picked from commit 47863d4f724e7d2465acd6fca91e98157c60a29b)
2024-01-14 00:04:14 +00:00
|
|
|
// Copyright 2024 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
|
2022-11-27 18:20:29 +00:00
|
|
|
// SPDX-License-Identifier: MIT
|
2019-09-03 15:46:24 +00:00
|
|
|
|
2022-09-02 19:18:23 +00:00
|
|
|
package integration
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
2021-08-12 12:43:08 +00:00
|
|
|
"net/url"
|
2019-09-03 15:46:24 +00:00
|
|
|
"testing"
|
|
|
|
|
2023-01-17 21:46:03 +00:00
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
2021-12-10 01:27:50 +00:00
|
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
2021-11-16 08:53:21 +00:00
|
|
|
"code.gitea.io/gitea/models/unittest"
|
2021-11-24 09:49:20 +00:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2019-09-03 15:46:24 +00:00
|
|
|
api "code.gitea.io/gitea/modules/structs"
|
2022-09-02 19:18:23 +00:00
|
|
|
"code.gitea.io/gitea/tests"
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
[GITEA] Fix the topic search paging
When searching for repository topics, either via the API, or via
Explore, paging did not work correctly, because it only applied when the
`page` parameter was non-zero. Paging should have applied when the page
size is greater than zero, which is what this patch does.
As a result, both the API, and the Explore endpoint will return paged
results (30 by default). As such, when managing topics on the frontend,
the offered completions will also be limited to a pageful of results,
based on what the user has already typed.
This drastically reduces the amount of traffic, and also the number of
the topics to choose from, and thus, the rendering time too.
The topics will be returned by popularity, with most used topics first.
A single page will contain `[api].DEFAULT_PAGING_NUM` (30 by default)
items that match the query. That's plenty to choose from.
Fixes #132.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 64d4ff41dbab7b3b84571b595158c3b451f53af7)
(cherry picked from commit 06b808fa2c0ddd52ca4569157892a0c7fc154b1f)
(cherry picked from commit 9205c9266a7d2b058100d03f5f3272f670f35866)
(cherry picked from commit 47863d4f724e7d2465acd6fca91e98157c60a29b)
2024-01-14 00:04:14 +00:00
|
|
|
func TestAPITopicSearchPaging(t *testing.T) {
|
|
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
var topics struct {
|
|
|
|
TopicNames []*api.TopicResponse `json:"topics"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// Add 20 unique topics to user2/repo2, and 20 unique ones to user2/repo3
|
|
|
|
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
|
|
|
token2 := getUserToken(t, user2.Name, auth_model.AccessTokenScopeWriteRepository)
|
|
|
|
repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
|
|
|
repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
|
|
|
|
for i := 0; i < 20; i++ {
|
|
|
|
req := NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/paging-topic-%d", user2.Name, repo2.Name, i).
|
|
|
|
AddTokenAuth(token2)
|
|
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/paging-topic-%d", user2.Name, repo3.Name, i+30).
|
|
|
|
AddTokenAuth(token2)
|
|
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
}
|
|
|
|
|
|
|
|
res := MakeRequest(t, NewRequest(t, "GET", "/api/v1/topics/search"), http.StatusOK)
|
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
assert.Len(t, topics.TopicNames, 30)
|
|
|
|
|
|
|
|
res = MakeRequest(t, NewRequest(t, "GET", "/api/v1/topics/search?page=2"), http.StatusOK)
|
|
|
|
DecodeJSON(t, res, &topics)
|
2024-07-30 19:42:06 +00:00
|
|
|
assert.NotEmpty(t, topics.TopicNames)
|
[GITEA] Fix the topic search paging
When searching for repository topics, either via the API, or via
Explore, paging did not work correctly, because it only applied when the
`page` parameter was non-zero. Paging should have applied when the page
size is greater than zero, which is what this patch does.
As a result, both the API, and the Explore endpoint will return paged
results (30 by default). As such, when managing topics on the frontend,
the offered completions will also be limited to a pageful of results,
based on what the user has already typed.
This drastically reduces the amount of traffic, and also the number of
the topics to choose from, and thus, the rendering time too.
The topics will be returned by popularity, with most used topics first.
A single page will contain `[api].DEFAULT_PAGING_NUM` (30 by default)
items that match the query. That's plenty to choose from.
Fixes #132.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 64d4ff41dbab7b3b84571b595158c3b451f53af7)
(cherry picked from commit 06b808fa2c0ddd52ca4569157892a0c7fc154b1f)
(cherry picked from commit 9205c9266a7d2b058100d03f5f3272f670f35866)
(cherry picked from commit 47863d4f724e7d2465acd6fca91e98157c60a29b)
2024-01-14 00:04:14 +00:00
|
|
|
}
|
|
|
|
|
2021-08-12 12:43:08 +00:00
|
|
|
func TestAPITopicSearch(t *testing.T) {
|
2022-09-02 19:18:23 +00:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2021-08-12 12:43:08 +00:00
|
|
|
searchURL, _ := url.Parse("/api/v1/topics/search")
|
|
|
|
var topics struct {
|
|
|
|
TopicNames []*api.TopicResponse `json:"topics"`
|
|
|
|
}
|
|
|
|
|
|
|
|
query := url.Values{"page": []string{"1"}, "limit": []string{"4"}}
|
|
|
|
|
|
|
|
searchURL.RawQuery = query.Encode()
|
|
|
|
res := MakeRequest(t, NewRequest(t, "GET", searchURL.String()), http.StatusOK)
|
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
assert.Len(t, topics.TopicNames, 4)
|
|
|
|
assert.EqualValues(t, "6", res.Header().Get("x-total-count"))
|
|
|
|
|
|
|
|
query.Add("q", "topic")
|
|
|
|
searchURL.RawQuery = query.Encode()
|
|
|
|
res = MakeRequest(t, NewRequest(t, "GET", searchURL.String()), http.StatusOK)
|
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
assert.Len(t, topics.TopicNames, 2)
|
|
|
|
|
|
|
|
query.Set("q", "database")
|
|
|
|
searchURL.RawQuery = query.Encode()
|
|
|
|
res = MakeRequest(t, NewRequest(t, "GET", searchURL.String()), http.StatusOK)
|
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
if assert.Len(t, topics.TopicNames, 1) {
|
|
|
|
assert.EqualValues(t, 2, topics.TopicNames[0].ID)
|
|
|
|
assert.EqualValues(t, "database", topics.TopicNames[0].Name)
|
|
|
|
assert.EqualValues(t, 1, topics.TopicNames[0].RepoCount)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-09-03 15:46:24 +00:00
|
|
|
func TestAPIRepoTopic(t *testing.T) {
|
2022-09-02 19:18:23 +00:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2022-08-16 02:22:25 +00:00
|
|
|
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of repo2
|
2023-09-14 02:59:53 +00:00
|
|
|
org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}) // owner of repo3
|
2022-08-16 02:22:25 +00:00
|
|
|
user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) // write access to repo 3
|
|
|
|
repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
|
|
|
|
repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Get user2's token
|
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
- `activitypub`
- `admin` (hidden if user is not a site admin)
- `misc`
- `notification`
- `organization`
- `package`
- `issue`
- `repository`
- `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
- `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
- `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection
### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">
## tokenRequiresScopes Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error
## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
- _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
- _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
- _This should be addressed in this PR_
- For example:
```go
m.Group("/users/{username}/orgs", func() {
m.Get("", reqToken(), org.ListUserOrgs)
m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
```
## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default
Closes #24501
Closes #24799
Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 18:57:16 +00:00
|
|
|
token2 := getUserToken(t, user2.Name, auth_model.AccessTokenScopeWriteRepository)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test read topics using login
|
2023-12-21 23:59:59 +00:00
|
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/topics", user2.Name, repo2.Name)).
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
res := MakeRequest(t, req, http.StatusOK)
|
2019-09-03 15:46:24 +00:00
|
|
|
var topics *api.TopicName
|
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
assert.ElementsMatch(t, []string{"topicname1", "topicname2"}, topics.TopicNames)
|
|
|
|
|
|
|
|
// Test delete a topic
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/topics/%s", user2.Name, repo2.Name, "Topicname1").
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusNoContent)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test add an existing topic
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s", user2.Name, repo2.Name, "Golang").
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusNoContent)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test add a topic
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s", user2.Name, repo2.Name, "topicName3").
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusNoContent)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
2023-12-21 23:59:59 +00:00
|
|
|
url := fmt.Sprintf("/api/v1/repos/%s/%s/topics", user2.Name, repo2.Name)
|
|
|
|
|
2019-09-03 15:46:24 +00:00
|
|
|
// Test read topics using token
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequest(t, "GET", url).
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
res = MakeRequest(t, req, http.StatusOK)
|
2019-09-03 15:46:24 +00:00
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
assert.ElementsMatch(t, []string{"topicname2", "golang", "topicname3"}, topics.TopicNames)
|
|
|
|
|
|
|
|
// Test replace topics
|
|
|
|
newTopics := []string{" windows ", " ", "MAC "}
|
|
|
|
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
|
|
|
|
Topics: newTopics,
|
2023-12-21 23:59:59 +00:00
|
|
|
}).AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusNoContent)
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequest(t, "GET", url).
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
res = MakeRequest(t, req, http.StatusOK)
|
2019-09-03 15:46:24 +00:00
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
assert.ElementsMatch(t, []string{"windows", "mac"}, topics.TopicNames)
|
|
|
|
|
|
|
|
// Test replace topics with something invalid
|
|
|
|
newTopics = []string{"topicname1", "topicname2", "topicname!"}
|
|
|
|
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
|
|
|
|
Topics: newTopics,
|
2023-12-21 23:59:59 +00:00
|
|
|
}).AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusUnprocessableEntity)
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequest(t, "GET", url).
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
res = MakeRequest(t, req, http.StatusOK)
|
2019-09-03 15:46:24 +00:00
|
|
|
DecodeJSON(t, res, &topics)
|
|
|
|
assert.ElementsMatch(t, []string{"windows", "mac"}, topics.TopicNames)
|
|
|
|
|
|
|
|
// Test with some topics multiple times, less than 25 unique
|
|
|
|
newTopics = []string{"t1", "t2", "t1", "t3", "t4", "t5", "t6", "t7", "t8", "t9", "t10", "t11", "t12", "t13", "t14", "t15", "t16", "17", "t18", "t19", "t20", "t21", "t22", "t23", "t24", "t25"}
|
|
|
|
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
|
|
|
|
Topics: newTopics,
|
2023-12-21 23:59:59 +00:00
|
|
|
}).AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusNoContent)
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequest(t, "GET", url).
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
res = MakeRequest(t, req, http.StatusOK)
|
2019-09-03 15:46:24 +00:00
|
|
|
DecodeJSON(t, res, &topics)
|
2021-06-07 05:27:09 +00:00
|
|
|
assert.Len(t, topics.TopicNames, 25)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test writing more topics than allowed
|
|
|
|
newTopics = append(newTopics, "t26")
|
|
|
|
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
|
|
|
|
Topics: newTopics,
|
2023-12-21 23:59:59 +00:00
|
|
|
}).AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusUnprocessableEntity)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test add a topic when there is already maximum
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s", user2.Name, repo2.Name, "t26").
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusUnprocessableEntity)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test delete a topic that repo doesn't have
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/topics/%s", user2.Name, repo2.Name, "Topicname1").
|
|
|
|
AddTokenAuth(token2)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusNotFound)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Get user4's token
|
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
- `activitypub`
- `admin` (hidden if user is not a site admin)
- `misc`
- `notification`
- `organization`
- `package`
- `issue`
- `repository`
- `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
- `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
- `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection
### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">
## tokenRequiresScopes Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error
## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
- _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
- _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
- _This should be addressed in this PR_
- For example:
```go
m.Group("/users/{username}/orgs", func() {
m.Get("", reqToken(), org.ListUserOrgs)
m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
```
## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default
Closes #24501
Closes #24799
Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 18:57:16 +00:00
|
|
|
token4 := getUserToken(t, user4.Name, auth_model.AccessTokenScopeWriteRepository)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test read topics with write access
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/topics", org3.Name, repo3.Name)).
|
|
|
|
AddTokenAuth(token4)
|
2022-04-08 04:22:10 +00:00
|
|
|
res = MakeRequest(t, req, http.StatusOK)
|
2019-09-03 15:46:24 +00:00
|
|
|
DecodeJSON(t, res, &topics)
|
2021-06-07 05:27:09 +00:00
|
|
|
assert.Empty(t, topics.TopicNames)
|
2019-09-03 15:46:24 +00:00
|
|
|
|
|
|
|
// Test add a topic to repo with write access (requires repo admin access)
|
2023-12-21 23:59:59 +00:00
|
|
|
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s", org3.Name, repo3.Name, "topicName").
|
|
|
|
AddTokenAuth(token4)
|
2022-04-08 04:22:10 +00:00
|
|
|
MakeRequest(t, req, http.StatusForbidden)
|
2019-09-03 15:46:24 +00:00
|
|
|
}
|