Make sure to filter starred repos to those visible to the user

Fixes #1793
2016-08-31 14:07:05 -04:00 · 2016-08-31 14:07:05 -04:00 · 1b7b3ea41d
commit 1b7b3ea41d
parent b4939a3cd0
2 changed files with 31 additions and 7 deletions
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -1565,12 +1565,33 @@ class TestListRepos(ApiTestCase):
    self.assertEquals(name, json['repositories'][0]['name'])

  def assertRepositoryNotVisible(self, namespace, name):
-    json = self.getJsonResponse(RepositoryList,
-                                params=dict(namespace=namespace,
-                                            public=False))
+    json = self.getJsonResponse(RepositoryList, params=dict(namespace=namespace, public=False))
    for repo in json['repositories']:
      self.assertNotEquals(name, repo['name'])

+    json = self.getJsonResponse(RepositoryList, params=dict(starred=True))
+    for repo in json['repositories']:
+      self.assertNotEquals(name, repo['name'])
+
+  def test_listrepos_starred_filtered(self):
+    admin_user = model.user.get_user(ADMIN_ACCESS_USER)
+    reader_user = model.user.get_user(READ_ACCESS_USER)
+
+    # Create a new organization.
+    new_org = model.organization.create_organization('neworg', 'neworg@devtable.com', admin_user)
+    admin_team = model.team.create_team('admin', new_org, 'admin')
+
+    # Add a repository to the organization.
+    repo = model.repository.create_repository('neworg', 'somerepo', admin_user)
+
+    with self.add_to_team_temporarily(reader_user, admin_team):
+      # Star the repository for the user.
+      model.repository.star_repository(reader_user, repo)
+
+    # Verify that the user cannot see the repo, since they are no longer allowed to do so.
+    self.login(READ_ACCESS_USER)
+    self.assertRepositoryNotVisible('neworg', 'somerepo')
+
  @contextmanager
  def add_to_team_temporarily(self, user, team):
    model.team.add_user_to_team(user, team)
@ -1579,7 +1600,6 @@ class TestListRepos(ApiTestCase):
                                     ADMIN_ACCESS_USER)

  def test_listrepos_org_filtered(self):
-    # Admin user
    admin_user = model.user.get_user(ADMIN_ACCESS_USER)
    reader_user = model.user.get_user(READ_ACCESS_USER)