Add owner team permission check test (#24096)

Add test for #23675

Should be merged after #24117

---------

Co-authored-by: silverwind <me@silverwind.io>

models/organization/org.go

@@ -342,11 +342,15 @@ func CreateOrganization(org *Organization, owner *user_model.User) (err error) {
 	// insert units for team
 	units := make([]TeamUnit, 0, len(unit.AllRepoUnitTypes))
 	for _, tp := range unit.AllRepoUnitTypes {
+		up := perm.AccessModeOwner
+		if tp == unit.TypeExternalTracker || tp == unit.TypeExternalWiki {
+			up = perm.AccessModeRead
+		}
 		units = append(units, TeamUnit{
 			OrgID:      org.ID,
 			TeamID:     t.ID,
 			Type:       tp,
-			AccessMode: perm.AccessModeOwner,
+			AccessMode: up,
 		})
 	}
 

tests/integration/api_org_test.go

@@ -11,6 +11,10 @@ import (
 	"testing"
 
 	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	org_model "code.gitea.io/gitea/models/organization"
+	"code.gitea.io/gitea/models/perm"
+	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
@@ -51,6 +55,22 @@ func TestAPIOrgCreate(t *testing.T) {
 			FullName:  org.FullName,
 		})
 
+		// Check owner team permission
+		ownerTeam, _ := org_model.GetOwnerTeam(db.DefaultContext, apiOrg.ID)
+
+		for _, ut := range unit_model.AllRepoUnitTypes {
+			up := perm.AccessModeOwner
+			if ut == unit_model.TypeExternalTracker || ut == unit_model.TypeExternalWiki {
+				up = perm.AccessModeRead
+			}
+			unittest.AssertExistsAndLoadBean(t, &org_model.TeamUnit{
+				OrgID:      apiOrg.ID,
+				TeamID:     ownerTeam.ID,
+				Type:       ut,
+				AccessMode: up,
+			})
+		}
+
 		req = NewRequestf(t, "GET", "/api/v1/orgs/%s?token=%s", org.UserName, token)
 		resp = MakeRequest(t, req, http.StatusOK)
 		DecodeJSON(t, resp, &apiOrg)