diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 774eb948ac1..48311b3eee9 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -1200,12 +1200,12 @@ func Routes(ctx gocontext.Context) *web.Route { m.Get("/{org}/permissions", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetUserOrgsPermissions) }, context_service.UserAssignmentAPI()) m.Post("/orgs", reqToken(auth_model.AccessTokenScopeWriteOrg), bind(api.CreateOrgOption{}), org.Create) - m.Get("/orgs", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetAll) + m.Get("/orgs", org.GetAll) m.Group("/orgs/{org}", func() { - m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.Get). + m.Combo("").Get(org.Get). Patch(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit). Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.Delete) - m.Combo("/repos").Get(reqToken(auth_model.AccessTokenScopeReadOrg), user.ListOrgRepos). + m.Combo("/repos").Get(user.ListOrgRepos). Post(reqToken(auth_model.AccessTokenScopeWriteOrg), bind(api.CreateRepoOption{}), repo.CreateOrgRepo) m.Group("/members", func() { m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListMembers) @@ -1213,8 +1213,8 @@ func Routes(ctx gocontext.Context) *web.Route { Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.DeleteMember) }) m.Group("/public_members", func() { - m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListPublicMembers) - m.Combo("/{username}").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.IsPublicMember). + m.Get("", org.ListPublicMembers) + m.Combo("/{username}").Get(org.IsPublicMember). Put(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgMembership(), org.PublicizeMember). Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgMembership(), org.ConcealMember) }) @@ -1224,7 +1224,7 @@ func Routes(ctx gocontext.Context) *web.Route { m.Get("/search", reqToken(auth_model.AccessTokenScopeReadOrg), org.SearchTeam) }, reqOrgMembership()) m.Group("/labels", func() { - m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListLabels) + m.Get("", org.ListLabels) m.Post("", reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.CreateLabelOption{}), org.CreateLabel) m.Combo("/{id}").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.GetLabel). Patch(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.EditLabelOption{}), org.EditLabel). diff --git a/tests/integration/api_org_test.go b/tests/integration/api_org_test.go index 3d1c3b2494c..4b79b32c594 100644 --- a/tests/integration/api_org_test.go +++ b/tests/integration/api_org_test.go @@ -147,16 +147,14 @@ func TestAPIOrgDeny(t *testing.T) { setting.Service.RequireSignInView = false }() - token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadOrg) - orgName := "user1_org" - req := NewRequestf(t, "GET", "/api/v1/orgs/%s?token=%s", orgName, token) + req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName) MakeRequest(t, req, http.StatusNotFound) - req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token=%s", orgName, token) + req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", orgName) MakeRequest(t, req, http.StatusNotFound) - req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members?token=%s", orgName, token) + req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", orgName) MakeRequest(t, req, http.StatusNotFound) }) } @@ -166,16 +164,24 @@ func TestAPIGetAll(t *testing.T) { token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadOrg) + // accessing with a token will return all orgs req := NewRequestf(t, "GET", "/api/v1/orgs?token=%s", token) resp := MakeRequest(t, req, http.StatusOK) - var apiOrgList []*api.Organization - DecodeJSON(t, resp, &apiOrgList) - // accessing with a token will return all orgs + DecodeJSON(t, resp, &apiOrgList) assert.Len(t, apiOrgList, 9) assert.Equal(t, "org25", apiOrgList[1].FullName) assert.Equal(t, "public", apiOrgList[1].Visibility) + + // accessing without a token will return only public orgs + req = NewRequestf(t, "GET", "/api/v1/orgs") + resp = MakeRequest(t, req, http.StatusOK) + + DecodeJSON(t, resp, &apiOrgList) + assert.Len(t, apiOrgList, 7) + assert.Equal(t, "org25", apiOrgList[0].FullName) + assert.Equal(t, "public", apiOrgList[0].Visibility) } func TestAPIOrgSearchEmptyTeam(t *testing.T) {