Browse Source

Ensure DeleteUser is not allowed to Delete Orgs and visa versa (#10134)

* add check to DeleteUser

* add check to DeleteOrganization

* add Test

* remove redundancy (deleteOrg is only used in DeleteOrganization)

* Update models/org.go

Co-authored-by: zeripath <art27@cantab.net>
mj
6543 3 years ago
committed by GitHub
parent
commit
d4096ab6a2
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 8
      models/org.go
  2. 4
      models/org_test.go
  3. 4
      models/user.go
  4. 3
      models/user_test.go

8
models/org.go

@ -256,6 +256,10 @@ func CountOrganizations() int64 {
// DeleteOrganization completely and permanently deletes everything of organization.
func DeleteOrganization(org *User) (err error) {
if !org.IsOrganization() {
return fmt.Errorf("%s is a user not an organization", org.Name)
}
sess := x.NewSession()
defer sess.Close()
@ -275,10 +279,6 @@ func DeleteOrganization(org *User) (err error) {
}
func deleteOrg(e *xorm.Session, u *User) error {
if !u.IsOrganization() {
return fmt.Errorf("You can't delete none organization user: %s", u.Name)
}
// Check ownership of repository.
count, err := getRepositoryCount(e, u)
if err != nil {

4
models/org_test.go

@ -272,8 +272,8 @@ func TestDeleteOrganization(t *testing.T) {
assert.Error(t, err)
assert.True(t, IsErrUserOwnRepos(err))
nonOrg := AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)
assert.Error(t, DeleteOrganization(nonOrg))
user := AssertExistsAndLoadBean(t, &User{ID: 5}).(*User)
assert.Error(t, DeleteOrganization(user))
CheckConsistencyFor(t, &User{}, &Team{})
}

4
models/user.go

@ -1244,6 +1244,10 @@ func deleteUser(e *xorm.Session, u *User) error {
// DeleteUser completely and permanently deletes everything of a user,
// but issues/comments/pulls will be kept and shown as someone has been deleted.
func DeleteUser(u *User) (err error) {
if u.IsOrganization() {
return fmt.Errorf("%s is an organization not a user", u.Name)
}
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {

3
models/user_test.go

@ -199,6 +199,9 @@ func TestDeleteUser(t *testing.T) {
test(4)
test(8)
test(11)
org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User)
assert.Error(t, DeleteUser(org))
}
func TestEmailNotificationPreferences(t *testing.T) {

Loading…
Cancel
Save