Files
gitea/routers/web/user/notification_test.go
bircni aab3242f7b fix(security): harden access checks and migration validation (#38324)
Harden access checks for issue dependencies, team repository membership,
notifications, stars, tracked times and repository migrations.
2026-07-10 19:30:43 +02:00

38 lines
1.1 KiB
Go

// Copyright 2026 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package user
import (
"testing"
activities_model "gitea.dev/models/activities"
repo_model "gitea.dev/models/repo"
"gitea.dev/models/unittest"
user_model "gitea.dev/models/user"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestFilterNotificationsByRepoAccess(t *testing.T) {
require.NoError(t, unittest.LoadFixtures())
doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 40})
inaccessibleRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
require.True(t, inaccessibleRepo.IsPrivate)
accessibleRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
notifications := activities_model.NotificationList{
{ID: 1, Repository: inaccessibleRepo},
{ID: 2, Repository: accessibleRepo},
}
filtered, failures, err := filterNotificationsByRepoAccess(t.Context(), doer, notifications)
require.NoError(t, err)
assert.Equal(t, []int{0}, failures)
require.Len(t, filtered, 1)
assert.EqualValues(t, 2, filtered[0].ID)
}