From baf4eae30ba6c0092867f6dd546874e2423f03ef Mon Sep 17 00:00:00 2001 From: Jason Walker <913443@dadeschools.net> Date: Wed, 1 Jul 2026 14:02:48 -0400 Subject: [PATCH] test: cover self-approve block and unknown-mergeability fail-closed (#14) Add two explicit eligibility tests requested in review of PR #24: - self-author blocked from 'approve' (eligible=false, reason "authenticated user is PR author"). - 'merge' fails closed when Gitea reports mergeable=None (eligible=false, reason "PR mergeability unknown"). Tests only; no implementation change. Behavior already enforced by gitea_check_pr_eligibility. Co-Authored-By: Claude Opus 4.8 (1M context) --- tests/test_mcp_server.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/test_mcp_server.py b/tests/test_mcp_server.py index ee44c0f..90b4142 100644 --- a/tests/test_mcp_server.py +++ b/tests/test_mcp_server.py @@ -694,6 +694,33 @@ class TestPrEligibility(unittest.TestCase): self.assertFalse(r["eligible"]) self.assertIn("authenticated user is PR author", r["reasons"]) + @patch("mcp_server.api_request") + @patch("mcp_server.get_auth_header", return_value=FAKE_AUTH) + def test_self_author_cannot_approve(self, _auth, mock_api): + mock_api.side_effect = [{"login": "jcwalker3"}, self._pr("jcwalker3")] + env = {"GITEA_PROFILE_NAME": "gitea-reviewer", + "GITEA_ALLOWED_OPERATIONS": "read,review,approve"} + with patch.dict(os.environ, env, clear=True): + r = gitea_check_pr_eligibility(pr_number=8, action="approve", remote="prgs") + self.assertFalse(r["eligible"]) + self.assertIn("authenticated user is PR author", r["reasons"]) + + @patch("mcp_server.api_request") + @patch("mcp_server.get_auth_header", return_value=FAKE_AUTH) + def test_merge_fails_closed_when_mergeability_unknown(self, _auth, mock_api): + # Gitea reports mergeable as None/null (not yet computed). + mock_api.side_effect = [ + {"login": "merger-bot"}, + self._pr("author-bot", mergeable=None), + ] + env = {"GITEA_PROFILE_NAME": "gitea-merger", + "GITEA_ALLOWED_OPERATIONS": "read,merge"} + with patch.dict(os.environ, env, clear=True): + r = gitea_check_pr_eligibility(pr_number=8, action="merge", remote="prgs") + self.assertFalse(r["eligible"]) + self.assertIsNone(r["mergeable"]) + self.assertIn("PR mergeability unknown", r["reasons"]) + @patch("mcp_server.api_request") @patch("mcp_server.get_auth_header", return_value=FAKE_AUTH) def test_profile_not_allowed_to_merge(self, _auth, mock_api):