API: '/orgs/:org/repos': return private repos with read access

integrations/api_repo_test.go

@@ -212,21 +212,46 @@ func TestAPIViewRepo(t *testing.T) {
 func TestAPIOrgRepos(t *testing.T) {
  prepareTestEnv(t)
  user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+ user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+ user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
  // User3 is an Org. Check their repos.
  sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
- // Login as User2.
- session := loginUser(t, user.Name)
- token := getTokenForLoggedInUser(t, session)
- req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)
- resp := session.MakeRequest(t, req, http.StatusOK)
 
- var apiRepos []*api.Repository
- DecodeJSON(t, resp, &apiRepos)
- expectedLen := models.GetCount(t, models.Repository{OwnerID: sourceOrg.ID},
- models.Cond("is_private = ?", false))
- assert.Len(t, apiRepos, expectedLen)
- for _, repo := range apiRepos {
- assert.False(t, repo.Private)
+ expectedResults := map[*models.User]struct {
+ count int
+ includesPrivate bool
+ }{
+ nil: {count: 1},
+ user: {count: 2, includesPrivate: true},
+ user2: {count: 3, includesPrivate: true},
+ user3: {count: 1},
+ }
+
+ for userToLogin, expected := range expectedResults {
+ var session *TestSession
+ var testName string
+ var token string
+ if userToLogin != nil && userToLogin.ID > 0 {
+ testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
+ session = loginUser(t, userToLogin.Name)
+ token = getTokenForLoggedInUser(t, session)
+ } else {
+ testName = "AnonymousUser"
+ session = emptyTestSession(t)
+ }
+ t.Run(testName, func(t *testing.T) {
+ req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)
+ resp := session.MakeRequest(t, req, http.StatusOK)
+
+ var apiRepos []*api.Repository
+ DecodeJSON(t, resp, &apiRepos)
+ assert.Len(t, apiRepos, expected.count)
+ for _, repo := range apiRepos {
+ if !expected.includesPrivate {
+ assert.False(t, repo.Private)
+ }
+ }
+ })
  }
 }
 

routers/api/v1/user/repo.go

@@ -11,14 +11,13 @@ import (
 )
 
 // listUserRepos - List the repositories owned by the given user.
-func listUserRepos(ctx *context.APIContext, u *models.User) {
- showPrivateRepos := ctx.IsSigned && (ctx.User.ID == u.ID || ctx.User.IsAdmin)
- repos, err := models.GetUserRepositories(u.ID, showPrivateRepos, 1, u.NumRepos, "")
+func listUserRepos(ctx *context.APIContext, u *models.User, private bool) {
+ repos, err := models.GetUserRepositories(u.ID, private, 1, u.NumRepos, "")
  if err != nil {
  ctx.Error(500, "GetUserRepositories", err)
  return
  }
- apiRepos := make([]*api.Repository, len(repos))
+ apiRepos := make([]*api.Repository, 0, len(repos))
  var ctxUserID int64
  if ctx.User != nil {
  ctxUserID = ctx.User.ID
@@ -29,7 +28,9 @@ func listUserRepos(ctx *context.APIContext, u *models.User) {
  ctx.Error(500, "AccessLevel", err)
  return
  }
- apiRepos[i] = repos[i].APIFormat(access)
+ if ctx.IsSigned && ctx.User.IsAdmin || access >= models.AccessModeRead {
+ apiRepos = append(apiRepos, repos[i].APIFormat(access))
+ }
  }
  ctx.JSON(200, &apiRepos)
 }
@@ -54,7 +55,8 @@ func ListUserRepos(ctx *context.APIContext) {
  if ctx.Written() {
  return
  }
- listUserRepos(ctx, user)
+ private := ctx.IsSigned && (ctx.User.ID == user.ID || ctx.User.IsAdmin)
+ listUserRepos(ctx, user, private)
 }
 
 // ListMyRepos - list the repositories you own or have access to.
@@ -106,5 +108,5 @@ func ListOrgRepos(ctx *context.APIContext) {
  // responses:
  // "200":
  // "$ref": "#/responses/RepositoryList"
- listUserRepos(ctx, ctx.Org.Organization)
+ listUserRepos(ctx, ctx.Org.Organization, ctx.IsSigned)
 }