test: cover self-approve block and unknown-mergeability fail-closed (#14)

Add two explicit eligibility tests requested in review of PR #24:
- self-author blocked from 'approve' (eligible=false, reason
  "authenticated user is PR author").
- 'merge' fails closed when Gitea reports mergeable=None (eligible=false,
  reason "PR mergeability unknown").

Tests only; no implementation change. Behavior already enforced by
gitea_check_pr_eligibility.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-01 14:02:48 -04:00
parent fbbbd5359e
commit baf4eae30b
+27
View File
@@ -694,6 +694,33 @@ class TestPrEligibility(unittest.TestCase):
self.assertFalse(r["eligible"]) self.assertFalse(r["eligible"])
self.assertIn("authenticated user is PR author", r["reasons"]) self.assertIn("authenticated user is PR author", r["reasons"])
@patch("mcp_server.api_request")
@patch("mcp_server.get_auth_header", return_value=FAKE_AUTH)
def test_self_author_cannot_approve(self, _auth, mock_api):
mock_api.side_effect = [{"login": "jcwalker3"}, self._pr("jcwalker3")]
env = {"GITEA_PROFILE_NAME": "gitea-reviewer",
"GITEA_ALLOWED_OPERATIONS": "read,review,approve"}
with patch.dict(os.environ, env, clear=True):
r = gitea_check_pr_eligibility(pr_number=8, action="approve", remote="prgs")
self.assertFalse(r["eligible"])
self.assertIn("authenticated user is PR author", r["reasons"])
@patch("mcp_server.api_request")
@patch("mcp_server.get_auth_header", return_value=FAKE_AUTH)
def test_merge_fails_closed_when_mergeability_unknown(self, _auth, mock_api):
# Gitea reports mergeable as None/null (not yet computed).
mock_api.side_effect = [
{"login": "merger-bot"},
self._pr("author-bot", mergeable=None),
]
env = {"GITEA_PROFILE_NAME": "gitea-merger",
"GITEA_ALLOWED_OPERATIONS": "read,merge"}
with patch.dict(os.environ, env, clear=True):
r = gitea_check_pr_eligibility(pr_number=8, action="merge", remote="prgs")
self.assertFalse(r["eligible"])
self.assertIsNone(r["mergeable"])
self.assertIn("PR mergeability unknown", r["reasons"])
@patch("mcp_server.api_request") @patch("mcp_server.api_request")
@patch("mcp_server.get_auth_header", return_value=FAKE_AUTH) @patch("mcp_server.get_auth_header", return_value=FAKE_AUTH)
def test_profile_not_allowed_to_merge(self, _auth, mock_api): def test_profile_not_allowed_to_merge(self, _auth, mock_api):