mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-09-22 02:35:55 +00:00
fix: quota evaluation rules not working properly (#9033)
This patch is mainly intended to fix forgejo/forgejo#7721, and to fix forgejo/forgejo#9019. It also changes the evaluation of 0 limits to prevent all writes, instead of allowing one write and then failing on subsequent writes after the limit has been exceeded. This matches the expectation of the existing tests, and I believe it will better match the expectations of users. Tests have been updated accordingly where necessary, and some additional test coverage added. The fixes in this PR depend on each other in order for the quota system to function correctly, so I'm submitting them as a single PR instead of individually. ## Test Cases ### Quota subjects not covered by their parent subjects Before enabling quotas, create a test user and test repository for that user. Enable quotas, and set a default total to some large value. (Do not use unit suffixes forgejo/forgejo#8996) ```ini [quota] ENABLED = true [quota.default] TOTAL = 1073741824 ``` With the test user, navigate to "Storage overview" and verify that the quota group "Global quota" is the only group listed, containing the rule "Default", and displays the configured limit, and that the limit has not been exceeded (eg. `42 MiB / 1 GiB`). The default quota rule has the subject `size:all`, so any write action should be allowed. #### Attempt to create a new repository. Expected result: Repository is created. Actual result: Error 413, You have exhausted your quota. #### Attempt to create a new file in the existing repository. Expected result: File is created. Actual result: Error 413, You have exhausted your quota. #### Create an issue on the test repository, and attempt to upload an image to the issue. Expected result: Image is uploaded. Actual Result: Quota exceeded. Displays error message: `JavaScript promise rejection: can't access property "submitted", oi[ji.uuid] is undefined. Open browser console to see more details.` ### Unlimited quota rules incorrectly allow all writes With quotas enabled, [Use the API](https://forgejo.org/docs/latest/admin/advanced/quota/#advanced-usage-via-api) to create a quota group containing a single rule with a subject of `sizelfs`, and a limit of `-1` (Unlimited). Add the test user to this group. ```json { "name": "git-lfs-unlimited", "rules": [ { "name": "git-lfs-unlimited", "limit": -1, "subjects": ["size
This commit is contained in:
Brook Miles
Gusted
parent
bafdd4a56e
commit
9354efceb1
11 changed files with 249 additions and 257 deletions
|
|
@ -20,6 +20,7 @@ import (
|
|||
"forgejo.org/modules/graceful"
|
||||
"forgejo.org/modules/log"
|
||||
"forgejo.org/modules/setting"
|
||||
"forgejo.org/modules/test"
|
||||
"forgejo.org/modules/testlogger"
|
||||
"forgejo.org/modules/util"
|
||||
"forgejo.org/modules/web"
|
||||
|
|
@ -37,7 +38,6 @@ func TestMain(m *testing.M) {
|
|||
defer cancel()
|
||||
|
||||
tests.InitTest(true)
|
||||
setting.Quota.Enabled = true
|
||||
initChangedFiles()
|
||||
testE2eWebRoutes = routers.NormalRoutes()
|
||||
|
||||
|
|
@ -103,6 +103,11 @@ func TestE2e(t *testing.T) {
|
|||
}
|
||||
|
||||
t.Run(testname, func(t *testing.T) {
|
||||
if testname == "user-settings.test.e2e" {
|
||||
defer test.MockVariableValue(&setting.Quota.Enabled, true)()
|
||||
defer test.MockVariableValue(&testE2eWebRoutes, routers.NormalRoutes())()
|
||||
}
|
||||
|
||||
// Default 2 minute timeout
|
||||
onForgejoRun(t, func(*testing.T, *url.URL) {
|
||||
defer DeclareGitRepos(t)()
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
-
|
||||
id: 1002
|
||||
group_name: trusted-user
|
||||
rule_name: "all:assets"
|
||||
rule_name: "repos:all"
|
||||
|
||||
-
|
||||
id: 1003
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
subjects: [6]
|
||||
|
||||
-
|
||||
name: "all:assets"
|
||||
name: "repos:all"
|
||||
limit: -1
|
||||
subjects: [7]
|
||||
subjects: [2]
|
||||
|
||||
- name: "Multi subjects"
|
||||
limit: 5000000000
|
||||
|
|
|
|||
|
|
@ -187,16 +187,6 @@ func (e *quotaEnv) SetupWithMultipleQuotaRules(t *testing.T) {
|
|||
cleaner = createQuotaGroup(t, "default")
|
||||
e.cleanups = append(e.cleanups, cleaner)
|
||||
|
||||
// Create three rules: all, repo-size, and asset-size
|
||||
zero := int64(0)
|
||||
ruleAll := api.CreateQuotaRuleOptions{
|
||||
Name: "all",
|
||||
Limit: &zero,
|
||||
Subjects: []string{"size:all"},
|
||||
}
|
||||
cleaner = createQuotaRule(t, ruleAll)
|
||||
e.cleanups = append(e.cleanups, cleaner)
|
||||
|
||||
fifteenMb := int64(1024 * 1024 * 15)
|
||||
ruleRepoSize := api.CreateQuotaRuleOptions{
|
||||
Name: "repo-size",
|
||||
|
|
@ -215,8 +205,6 @@ func (e *quotaEnv) SetupWithMultipleQuotaRules(t *testing.T) {
|
|||
e.cleanups = append(e.cleanups, cleaner)
|
||||
|
||||
// Add these rules to the group
|
||||
cleaner = e.AddRuleToGroup(t, "default", "all")
|
||||
e.cleanups = append(e.cleanups, cleaner)
|
||||
cleaner = e.AddRuleToGroup(t, "default", "repo-size")
|
||||
e.cleanups = append(e.cleanups, cleaner)
|
||||
cleaner = e.AddRuleToGroup(t, "default", "asset-size")
|
||||
|
|
@ -1414,7 +1402,6 @@ func TestAPIQuotaUserBasics(t *testing.T) {
|
|||
|
||||
// Temporarily disable quota checking
|
||||
defer env.SetRuleLimit(t, "repo-size", -1)()
|
||||
defer env.SetRuleLimit(t, "all", -1)()
|
||||
|
||||
// Create a branch
|
||||
req := NewRequestWithJSON(t, "POST", env.APIPathForRepo("/branches"), api.CreateBranchRepoOption{
|
||||
|
|
@ -1424,7 +1411,6 @@ func TestAPIQuotaUserBasics(t *testing.T) {
|
|||
|
||||
// Set the limit back. No need to defer, the first one will set it
|
||||
// back to the correct value.
|
||||
env.SetRuleLimit(t, "all", 0)
|
||||
env.SetRuleLimit(t, "repo-size", 0)
|
||||
|
||||
// Deleting a branch does not incur quota enforcement
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue