From 0bad02a2433f2d6d88b2ed9dcc5fedda95daf799 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 1 Jan 2025 11:28:44 +0800
Subject: [PATCH 1/5] fix

---
 modules/setting/security.go | 5 +++--
 tests/mssql.ini.tmpl        | 1 -
 tests/mysql.ini.tmpl        | 1 -
 tests/pgsql.ini.tmpl        | 1 -
 tests/sqlite.ini.tmpl       | 1 -
 5 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/modules/setting/security.go b/modules/setting/security.go
index 3d12fcf8d9fdd..2f798b75c7e73 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -13,8 +13,9 @@ import (
 	"code.gitea.io/gitea/modules/log"
 )
 
+// Security settings
+
 var (
-	// Security settings
 	InstallLock                        bool
 	SecretKey                          string
 	InternalToken                      string // internal access token
@@ -27,7 +28,7 @@ var (
 	ReverseProxyTrustedProxies         []string
 	MinPasswordLength                  int
 	ImportLocalPaths                   bool
-	DisableGitHooks                    bool
+	DisableGitHooks                    = true
 	DisableWebhooks                    bool
 	OnlyAllowPushIfGiteaEnvironmentSet bool
 	PasswordComplexity                 []string
diff --git a/tests/mssql.ini.tmpl b/tests/mssql.ini.tmpl
index 77c969e813611..b50816b2cdec8 100644
--- a/tests/mssql.ini.tmpl
+++ b/tests/mssql.ini.tmpl
@@ -93,7 +93,6 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
-DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb
 INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ
diff --git a/tests/mysql.ini.tmpl b/tests/mysql.ini.tmpl
index 0fddde46de69e..ec8307acc3632 100644
--- a/tests/mysql.ini.tmpl
+++ b/tests/mysql.ini.tmpl
@@ -94,7 +94,6 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
-DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb
 INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ
diff --git a/tests/pgsql.ini.tmpl b/tests/pgsql.ini.tmpl
index 695662c2e9d2e..139ea9c2b7ab7 100644
--- a/tests/pgsql.ini.tmpl
+++ b/tests/pgsql.ini.tmpl
@@ -94,7 +94,6 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
-DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb
 INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ
diff --git a/tests/sqlite.ini.tmpl b/tests/sqlite.ini.tmpl
index 1cbcd8b2e591a..2f7a3e8182eef 100644
--- a/tests/sqlite.ini.tmpl
+++ b/tests/sqlite.ini.tmpl
@@ -93,7 +93,6 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
-DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb
 INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI3OTU5ODN9.OQkH5UmzID2XBdwQ9TAI6Jj2t1X-wElVTjbE7aoN4I8

From 9d6c0297b6a3c44737f61acf1103cd11a2ce14ac Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 1 Jan 2025 11:34:29 +0800
Subject: [PATCH 2/5] fix

---
 modules/templates/helper.go    | 3 ---
 routers/web/admin/users.go     | 1 +
 templates/admin/user/edit.tmpl | 4 ++--
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 7529cadca4d51..70d26d443dc53 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -131,9 +131,6 @@ func NewFuncMap() template.FuncMap {
 		"EnableTimetracking": func() bool {
 			return setting.Service.EnableTimetracking
 		},
-		"DisableGitHooks": func() bool {
-			return setting.DisableGitHooks
-		},
 		"DisableWebhooks": func() bool {
 			return setting.DisableWebhooks
 		},
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index be2ba4424cdc6..732097414e422 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -313,6 +313,7 @@ func editUserCommon(ctx *context.Context) {
 	ctx.Data["PageIsAdminUsers"] = true
 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation
 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
+	ctx.Data["DisableGitHooks"] = setting.DisableGitHooks
 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()
 	ctx.Data["DisableGravatar"] = setting.Config().Picture.DisableGravatar.Value(ctx)
 }
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index 41b00defb4549..5deb41fb896bc 100644
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -128,10 +128,10 @@
 						<input name="restricted" type="checkbox" {{if .User.IsRestricted}}checked{{end}}>
 					</div>
 				</div>
-				<div class="inline field {{if DisableGitHooks}}tw-hidden{{end}}">
+				<div class="inline field {{if .DisableGitHooks}}tw-hidden{{end}}">
 					<div class="ui checkbox" data-tooltip-content="{{ctx.Locale.Tr "admin.users.allow_git_hook_tooltip"}}">
 						<label><strong>{{ctx.Locale.Tr "admin.users.allow_git_hook"}}</strong></label>
-						<input name="allow_git_hook" type="checkbox" {{if .User.CanEditGitHook}}checked{{end}} {{if DisableGitHooks}}disabled{{end}}>
+						<input name="allow_git_hook" type="checkbox" {{if .User.CanEditGitHook}}checked{{end}} {{if .DisableGitHooks}}disabled{{end}}>
 					</div>
 				</div>
 				<div class="inline field {{if or (DisableImportLocal) (.DisableMigrations)}}tw-hidden{{end}}">

From 607f6b4162bc2ae01d36d384c3873a274dfe54a8 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 1 Jan 2025 11:42:30 +0800
Subject: [PATCH 3/5] remove DisableImportLocal

---
 modules/templates/helper.go    | 3 ---
 routers/web/admin/users.go     | 1 +
 templates/admin/user/edit.tmpl | 4 ++--
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 70d26d443dc53..48d3a8ff89aed 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -134,9 +134,6 @@ func NewFuncMap() template.FuncMap {
 		"DisableWebhooks": func() bool {
 			return setting.DisableWebhooks
 		},
-		"DisableImportLocal": func() bool {
-			return !setting.ImportLocalPaths
-		},
 		"UserThemeName": userThemeName,
 		"NotificationSettings": func() map[string]any {
 			return map[string]any{
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 732097414e422..f6a3af1c866d4 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -314,6 +314,7 @@ func editUserCommon(ctx *context.Context) {
 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation
 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
 	ctx.Data["DisableGitHooks"] = setting.DisableGitHooks
+	ctx.Data["DisableImportLocal"] = !setting.ImportLocalPaths
 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()
 	ctx.Data["DisableGravatar"] = setting.Config().Picture.DisableGravatar.Value(ctx)
 }
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index 5deb41fb896bc..d591a645d8983 100644
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -134,10 +134,10 @@
 						<input name="allow_git_hook" type="checkbox" {{if .User.CanEditGitHook}}checked{{end}} {{if .DisableGitHooks}}disabled{{end}}>
 					</div>
 				</div>
-				<div class="inline field {{if or (DisableImportLocal) (.DisableMigrations)}}tw-hidden{{end}}">
+				<div class="inline field {{if or (.DisableImportLocal) (.DisableMigrations)}}tw-hidden{{end}}">
 					<div class="ui checkbox">
 						<label><strong>{{ctx.Locale.Tr "admin.users.allow_import_local"}}</strong></label>
-						<input name="allow_import_local" type="checkbox" {{if .User.CanImportLocal}}checked{{end}} {{if DisableImportLocal}}disabled{{end}}>
+						<input name="allow_import_local" type="checkbox" {{if .User.CanImportLocal}}checked{{end}} {{if .DisableImportLocal}}disabled{{end}}>
 					</div>
 				</div>
 				{{if not .DisableRegularOrgCreation}}

From 073179a9ed1b96423d238084c247c6f7546601c1 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 1 Jan 2025 15:58:32 +0800
Subject: [PATCH 4/5] fix tests

---
 .../hooks/pre-receive.d/pre-receive           |   3 +-
 tests/integration/api_repo_git_hook_test.go   | 343 +++++++++---------
 2 files changed, 175 insertions(+), 171 deletions(-)

diff --git a/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive b/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive
index b26a3b9b6876f..68d501e0c85f8 100755
--- a/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive
+++ b/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive
@@ -1,3 +1,2 @@
 #!/bin/bash
-
-echo Hello, World!
+echo "Hello, World!"
diff --git a/tests/integration/api_repo_git_hook_test.go b/tests/integration/api_repo_git_hook_test.go
index 9917b41790d12..b6f1a42a6b0a6 100644
--- a/tests/integration/api_repo_git_hook_test.go
+++ b/tests/integration/api_repo_git_hook_test.go
@@ -12,185 +12,190 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
 )
 
-const testHookContent = `#!/bin/bash
+func TestAPIGitHooks(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	defer test.MockVariableValue(&setting.DisableGitHooks, false)()
 
-echo Hello, World!
+	const testHookContent = `#!/bin/bash
+echo "Hello, World!"
 `
 
-func TestAPIListGitHooks(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 37})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	// user1 is an admin user
-	session := loginUser(t, "user1")
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var apiGitHooks []*api.GitHook
-	DecodeJSON(t, resp, &apiGitHooks)
-	assert.Len(t, apiGitHooks, 3)
-	for _, apiGitHook := range apiGitHooks {
-		if apiGitHook.Name == "pre-receive" {
-			assert.True(t, apiGitHook.IsActive)
-			assert.Equal(t, testHookContent, apiGitHook.Content)
-		} else {
+	t.Run("ListGitHooks", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 37})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		// user1 is an admin user
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var apiGitHooks []*api.GitHook
+		DecodeJSON(t, resp, &apiGitHooks)
+		assert.Len(t, apiGitHooks, 3)
+		for _, apiGitHook := range apiGitHooks {
+			if apiGitHook.Name == "pre-receive" {
+				assert.True(t, apiGitHook.IsActive)
+				assert.Equal(t, testHookContent, apiGitHook.Content)
+			} else {
+				assert.False(t, apiGitHook.IsActive)
+				assert.Empty(t, apiGitHook.Content)
+			}
+		}
+	})
+
+	t.Run("NoGitHooks", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		// user1 is an admin user
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var apiGitHooks []*api.GitHook
+		DecodeJSON(t, resp, &apiGitHooks)
+		assert.Len(t, apiGitHooks, 3)
+		for _, apiGitHook := range apiGitHooks {
 			assert.False(t, apiGitHook.IsActive)
 			assert.Empty(t, apiGitHook.Content)
 		}
-	}
-}
-
-func TestAPIListGitHooksNoHooks(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	// user1 is an admin user
-	session := loginUser(t, "user1")
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var apiGitHooks []*api.GitHook
-	DecodeJSON(t, resp, &apiGitHooks)
-	assert.Len(t, apiGitHooks, 3)
-	for _, apiGitHook := range apiGitHooks {
-		assert.False(t, apiGitHook.IsActive)
-		assert.Empty(t, apiGitHook.Content)
-	}
-}
-
-func TestAPIListGitHooksNoAccess(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	session := loginUser(t, owner.Name)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusForbidden)
-}
-
-func TestAPIGetGitHook(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 37})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	// user1 is an admin user
-	session := loginUser(t, "user1")
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var apiGitHook *api.GitHook
-	DecodeJSON(t, resp, &apiGitHook)
-	assert.True(t, apiGitHook.IsActive)
-	assert.Equal(t, testHookContent, apiGitHook.Content)
-}
-
-func TestAPIGetGitHookNoAccess(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	session := loginUser(t, owner.Name)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusForbidden)
-}
-
-func TestAPIEditGitHook(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	// user1 is an admin user
-	session := loginUser(t, "user1")
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive",
-		owner.Name, repo.Name)
-	req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
-		Content: testHookContent,
-	}).AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var apiGitHook *api.GitHook
-	DecodeJSON(t, resp, &apiGitHook)
-	assert.True(t, apiGitHook.IsActive)
-	assert.Equal(t, testHookContent, apiGitHook.Content)
-
-	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	resp = MakeRequest(t, req, http.StatusOK)
-	var apiGitHook2 *api.GitHook
-	DecodeJSON(t, resp, &apiGitHook2)
-	assert.True(t, apiGitHook2.IsActive)
-	assert.Equal(t, testHookContent, apiGitHook2.Content)
-}
-
-func TestAPIEditGitHookNoAccess(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	session := loginUser(t, owner.Name)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name)
-	req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
-		Content: testHookContent,
-	}).AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusForbidden)
-}
-
-func TestAPIDeleteGitHook(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 37})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	// user1 is an admin user
-	session := loginUser(t, "user1")
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-
-	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusNoContent)
-
-	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var apiGitHook2 *api.GitHook
-	DecodeJSON(t, resp, &apiGitHook2)
-	assert.False(t, apiGitHook2.IsActive)
-	assert.Empty(t, apiGitHook2.Content)
-}
-
-func TestAPIDeleteGitHookNoAccess(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	session := loginUser(t, owner.Name)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
-		AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusForbidden)
+	})
+
+	t.Run("ListGitHooksNoAccess", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		session := loginUser(t, owner.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+
+	t.Run("GetGitHook", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 37})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		// user1 is an admin user
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var apiGitHook *api.GitHook
+		DecodeJSON(t, resp, &apiGitHook)
+		assert.True(t, apiGitHook.IsActive)
+		assert.Equal(t, testHookContent, apiGitHook.Content)
+	})
+	t.Run("GetGitHookNoAccess", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		session := loginUser(t, owner.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+
+	t.Run("EditGitHook", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		// user1 is an admin user
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive",
+			owner.Name, repo.Name)
+		req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
+			Content: testHookContent,
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var apiGitHook *api.GitHook
+		DecodeJSON(t, resp, &apiGitHook)
+		assert.True(t, apiGitHook.IsActive)
+		assert.Equal(t, testHookContent, apiGitHook.Content)
+
+		req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusOK)
+		var apiGitHook2 *api.GitHook
+		DecodeJSON(t, resp, &apiGitHook2)
+		assert.True(t, apiGitHook2.IsActive)
+		assert.Equal(t, testHookContent, apiGitHook2.Content)
+	})
+
+	t.Run("EditGitHookNoAccess", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		session := loginUser(t, owner.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name)
+		req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
+			Content: testHookContent,
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+
+	t.Run("DeleteGitHook", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 37})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		// user1 is an admin user
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var apiGitHook2 *api.GitHook
+		DecodeJSON(t, resp, &apiGitHook2)
+		assert.False(t, apiGitHook2.IsActive)
+		assert.Empty(t, apiGitHook2.Content)
+	})
+
+	t.Run("DeleteGitHookNoAccess", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		session := loginUser(t, owner.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive", owner.Name, repo.Name).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
 }

From 1ca8ba129790d61c83ecd2c401984c753e7070fe Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 1 Jan 2025 16:00:13 +0800
Subject: [PATCH 5/5] fine tune test

---
 .../user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive    | 2 +-
 tests/integration/api_repo_git_hook_test.go                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive b/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive
index 68d501e0c85f8..205086810d4c6 100755
--- a/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive
+++ b/tests/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-receive.d/pre-receive
@@ -1,2 +1,2 @@
 #!/bin/bash
-echo "Hello, World!"
+echo "TestGitHookScript"
diff --git a/tests/integration/api_repo_git_hook_test.go b/tests/integration/api_repo_git_hook_test.go
index b6f1a42a6b0a6..c28c4336e2d78 100644
--- a/tests/integration/api_repo_git_hook_test.go
+++ b/tests/integration/api_repo_git_hook_test.go
@@ -25,7 +25,7 @@ func TestAPIGitHooks(t *testing.T) {
 	defer test.MockVariableValue(&setting.DisableGitHooks, false)()
 
 	const testHookContent = `#!/bin/bash
-echo "Hello, World!"
+echo "TestGitHookScript"
 `
 
 	t.Run("ListGitHooks", func(t *testing.T) {