初始提交: Gitea 项目代码

2026-05-30 22:47:36 +08:00
commit f288f76350
6116 changed files with 776822 additions and 0 deletions
@@ -0,0 +1,219 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"testing"
+
+	actions_model "gitea.dev/models/actions"
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unittest"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/base"
+	"gitea.dev/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionsRunnerModify(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	ctx := t.Context()
+
+	require.NoError(t, db.DeleteAllRecords("action_runner"))
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	_ = actions_model.CreateRunner(ctx, &actions_model.ActionRunner{OwnerID: user2.ID, Name: "user2-runner", TokenHash: "a", UUID: "a"})
+	user2Runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{OwnerID: user2.ID, Name: "user2-runner"})
+	userWebURL := "/user/settings/actions/runners"
+
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+	require.NoError(t, actions_model.CreateRunner(ctx, &actions_model.ActionRunner{OwnerID: org3.ID, Name: "org3-runner", TokenHash: "b", UUID: "b"}))
+	org3Runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{OwnerID: org3.ID, Name: "org3-runner"})
+	orgWebURL := "/org/org3/settings/actions/runners"
+
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	_ = actions_model.CreateRunner(ctx, &actions_model.ActionRunner{RepoID: repo1.ID, Name: "repo1-runner", TokenHash: "c", UUID: "c"})
+	repo1Runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{RepoID: repo1.ID, Name: "repo1-runner"})
+	repoWebURL := "/user2/repo1/settings/actions/runners"
+
+	_ = actions_model.CreateRunner(ctx, &actions_model.ActionRunner{Name: "global-runner", TokenHash: "d", UUID: "d"})
+	globalRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{Name: "global-runner"})
+	adminWebURL := "/-/admin/actions/runners"
+
+	sessionAdmin := loginUser(t, "user1")
+	sessionUser2 := loginUser(t, user2.Name)
+
+	doUpdate := func(t *testing.T, sess *TestSession, baseURL string, id int64, description string, expectedStatus int) {
+		req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/%d", baseURL, id), map[string]string{
+			"description": description,
+		})
+		sess.MakeRequest(t, req, expectedStatus)
+	}
+
+	doDelete := func(t *testing.T, sess *TestSession, baseURL string, id int64, expectedStatus int) {
+		req := NewRequest(t, "POST", fmt.Sprintf("%s/%d/delete", baseURL, id))
+		sess.MakeRequest(t, req, expectedStatus)
+	}
+
+	doDisable := func(t *testing.T, sess *TestSession, baseURL string, id int64, expectedStatus int) {
+		req := NewRequest(t, "POST", fmt.Sprintf("%s/%d/update-runner?disabled=true", baseURL, id))
+		sess.MakeRequest(t, req, expectedStatus)
+	}
+
+	doEnable := func(t *testing.T, sess *TestSession, baseURL string, id int64, expectedStatus int) {
+		req := NewRequest(t, "POST", fmt.Sprintf("%s/%d/update-runner?disabled=false", baseURL, id))
+		sess.MakeRequest(t, req, expectedStatus)
+	}
+
+	assertDenied := func(t *testing.T, sess *TestSession, baseURL string, id int64) {
+		doUpdate(t, sess, baseURL, id, "ChangedDescription", http.StatusNotFound)
+		doDisable(t, sess, baseURL, id, http.StatusNotFound)
+		doEnable(t, sess, baseURL, id, http.StatusNotFound)
+		doDelete(t, sess, baseURL, id, http.StatusNotFound)
+		v := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+		assert.Empty(t, v.Description)
+		assert.False(t, v.IsDisabled)
+	}
+
+	assertSuccess := func(t *testing.T, sess *TestSession, baseURL string, id int64) {
+		doUpdate(t, sess, baseURL, id, "ChangedDescription", http.StatusSeeOther)
+		v := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+		assert.Equal(t, "ChangedDescription", v.Description)
+		doDisable(t, sess, baseURL, id, http.StatusOK)
+		v = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+		assert.True(t, v.IsDisabled)
+		doEnable(t, sess, baseURL, id, http.StatusOK)
+		v = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+		assert.False(t, v.IsDisabled)
+		doDelete(t, sess, baseURL, id, http.StatusOK)
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: id})
+	}
+
+	t.Run("UpdateUserRunner", func(t *testing.T) {
+		theRunner := user2Runner
+		t.Run("FromOrg", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, orgWebURL, theRunner.ID)
+		})
+		t.Run("FromRepo", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, repoWebURL, theRunner.ID)
+		})
+		t.Run("FromAdmin", func(t *testing.T) {
+			t.Skip("Admin can update any runner (not right but not too bad)")
+			assertDenied(t, sessionAdmin, adminWebURL, theRunner.ID)
+		})
+	})
+
+	t.Run("UpdateOrgRunner", func(t *testing.T) {
+		theRunner := org3Runner
+		t.Run("FromRepo", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, repoWebURL, theRunner.ID)
+		})
+		t.Run("FromUser", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, userWebURL, theRunner.ID)
+		})
+		t.Run("FromAdmin", func(t *testing.T) {
+			t.Skip("Admin can update any runner (not right but not too bad)")
+			assertDenied(t, sessionAdmin, adminWebURL, theRunner.ID)
+		})
+	})
+
+	t.Run("UpdateRepoRunner", func(t *testing.T) {
+		theRunner := repo1Runner
+		t.Run("FromOrg", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, orgWebURL, theRunner.ID)
+		})
+		t.Run("FromUser", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, userWebURL, theRunner.ID)
+		})
+		t.Run("FromAdmin", func(t *testing.T) {
+			t.Skip("Admin can update any runner (not right but not too bad)")
+			assertDenied(t, sessionAdmin, adminWebURL, theRunner.ID)
+		})
+	})
+
+	t.Run("UpdateGlobalRunner", func(t *testing.T) {
+		theRunner := globalRunner
+		t.Run("FromOrg", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, orgWebURL, theRunner.ID)
+		})
+		t.Run("FromUser", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, userWebURL, theRunner.ID)
+		})
+		t.Run("FromRepo", func(t *testing.T) {
+			assertDenied(t, sessionAdmin, repoWebURL, theRunner.ID)
+		})
+	})
+
+	t.Run("UpdateSuccess", func(t *testing.T) {
+		t.Run("User", func(t *testing.T) {
+			assertSuccess(t, sessionUser2, userWebURL, user2Runner.ID)
+		})
+		t.Run("Org", func(t *testing.T) {
+			assertSuccess(t, sessionAdmin, orgWebURL, org3Runner.ID)
+		})
+		t.Run("Repo", func(t *testing.T) {
+			assertSuccess(t, sessionUser2, repoWebURL, repo1Runner.ID)
+		})
+		t.Run("Admin", func(t *testing.T) {
+			assertSuccess(t, sessionAdmin, adminWebURL, globalRunner.ID)
+		})
+	})
+
+	t.Run("BulkAction", func(t *testing.T) {
+		// Previous subtests deleted all runners; create a fresh set scoped to this subtest.
+		require.NoError(t, actions_model.CreateRunner(ctx, &actions_model.ActionRunner{Name: "bulk-runner-1", TokenHash: "e", UUID: "e"}))
+		require.NoError(t, actions_model.CreateRunner(ctx, &actions_model.ActionRunner{Name: "bulk-runner-2", TokenHash: "f", UUID: "f"}))
+		require.NoError(t, actions_model.CreateRunner(ctx, &actions_model.ActionRunner{Name: "bulk-runner-3", TokenHash: "g", UUID: "g"}))
+		r1 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{Name: "bulk-runner-1"})
+		r2 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{Name: "bulk-runner-2"})
+		r3 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{Name: "bulk-runner-3"})
+		allIDs := []int64{r1.ID, r2.ID, r3.ID}
+		bulkURL := adminWebURL + "/bulk"
+		doBulk := func(t *testing.T, sess *TestSession, action string, ids []int64, expectedStatus int) {
+			req := NewRequestWithValues(t, "POST", bulkURL, map[string]string{
+				"action": action,
+				"ids":    strings.Join(base.Int64sToStrings(ids), ","),
+			})
+			sess.MakeRequest(t, req, expectedStatus)
+		}
+
+		t.Run("NonAdminForbidden", func(t *testing.T) {
+			doBulk(t, sessionUser2, "disable", allIDs, http.StatusForbidden)
+			for _, id := range allIDs {
+				v := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+				assert.False(t, v.IsDisabled, "runner %d should not have been disabled", id)
+			}
+		})
+
+		t.Run("InvalidAction", func(t *testing.T) {
+			doBulk(t, sessionAdmin, "evict", allIDs, http.StatusBadRequest)
+		})
+
+		t.Run("DisableEnable", func(t *testing.T) {
+			doBulk(t, sessionAdmin, "disable", allIDs, http.StatusOK)
+			for _, id := range allIDs {
+				v := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+				assert.True(t, v.IsDisabled, "runner %d should be disabled", id)
+			}
+			doBulk(t, sessionAdmin, "enable", allIDs, http.StatusOK)
+			for _, id := range allIDs {
+				v := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+				assert.False(t, v.IsDisabled, "runner %d should be enabled", id)
+			}
+		})
+
+		t.Run("Delete", func(t *testing.T) {
+			doBulk(t, sessionAdmin, "delete", allIDs, http.StatusOK)
+			for _, id := range allIDs {
+				unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: id})
+			}
+		})
+	})
+}