From da6e9f63df7411ecbe630178fd4bb694e537c453 Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Thu, 20 Apr 2023 08:19:13 +0900
Subject: [PATCH] Add owner team permission check test (#24096)

Add test for https://github.com/go-gitea/gitea/pull/23675

Should be merged after #24117

---------

Co-authored-by: silverwind <me@silverwind.io>
---
 models/organization/org.go        |  6 +++++-
 tests/integration/api_org_test.go | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/models/organization/org.go b/models/organization/org.go
index 53b020d704..30b76fb1a0 100644
--- a/models/organization/org.go
+++ b/models/organization/org.go
@@ -342,11 +342,15 @@ func CreateOrganization(org *Organization, owner *user_model.User) (err error) {
 	// insert units for team
 	units := make([]TeamUnit, 0, len(unit.AllRepoUnitTypes))
 	for _, tp := range unit.AllRepoUnitTypes {
+		up := perm.AccessModeOwner
+		if tp == unit.TypeExternalTracker || tp == unit.TypeExternalWiki {
+			up = perm.AccessModeRead
+		}
 		units = append(units, TeamUnit{
 			OrgID:      org.ID,
 			TeamID:     t.ID,
 			Type:       tp,
-			AccessMode: perm.AccessModeOwner,
+			AccessMode: up,
 		})
 	}
 
diff --git a/tests/integration/api_org_test.go b/tests/integration/api_org_test.go
index 84166861a7..3d1c3b2494 100644
--- a/tests/integration/api_org_test.go
+++ b/tests/integration/api_org_test.go
@@ -11,6 +11,10 @@ import (
 	"testing"
 
 	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	org_model "code.gitea.io/gitea/models/organization"
+	"code.gitea.io/gitea/models/perm"
+	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
@@ -51,6 +55,22 @@ func TestAPIOrgCreate(t *testing.T) {
 			FullName:  org.FullName,
 		})
 
+		// Check owner team permission
+		ownerTeam, _ := org_model.GetOwnerTeam(db.DefaultContext, apiOrg.ID)
+
+		for _, ut := range unit_model.AllRepoUnitTypes {
+			up := perm.AccessModeOwner
+			if ut == unit_model.TypeExternalTracker || ut == unit_model.TypeExternalWiki {
+				up = perm.AccessModeRead
+			}
+			unittest.AssertExistsAndLoadBean(t, &org_model.TeamUnit{
+				OrgID:      apiOrg.ID,
+				TeamID:     ownerTeam.ID,
+				Type:       ut,
+				AccessMode: up,
+			})
+		}
+
 		req = NewRequestf(t, "GET", "/api/v1/orgs/%s?token=%s", org.UserName, token)
 		resp = MakeRequest(t, req, http.StatusOK)
 		DecodeJSON(t, resp, &apiOrg)