Merge pull request #35968 from owncloud/api-test-modify-group-permiss…

…ions acceptance test for attempt to modify group share permissions when group sharing is off
owncloud · Aug 2, 2019 · 03a8bad · 03a8bad
2 parents d39cc18 + a9d0a52
commit 03a8bad
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 10 deletions.
diff --git a/tests/acceptance/features/apiShareUpdate/updateShare.feature b/tests/acceptance/features/apiShareUpdate/updateShare.feature
@@ -530,3 +530,59 @@ Feature: sharing
       | ocs_api_version | ocs_status_code |
       | 1               | 100             |
       | 2               | 200             |
+
+  Scenario Outline: Forbid sharing with groups
+    Given using OCS API version "<ocs_api_version>"
+    And group "grp1" has been created
+    And parameter "shareapi_allow_group_sharing" of app "core" has been set to "no"
+    When user "user0" shares file "/welcome.txt" with group "grp1" using the sharing API
+    Then the OCS status code should be "404"
+    And the HTTP status code should be "<http_status_code>"
+    When user "user0" gets the info of the last share using the sharing API
+    Then the last response should be empty
+    Examples:
+      | ocs_api_version | http_status_code |
+      | 1               | 200              |
+      | 2               | 404              |
+
+  Scenario Outline: Editing share permission of existing share is forbidden when sharing with groups is forbidden
+    Given using OCS API version "<ocs_api_version>"
+    And group "grp1" has been created
+    # Note: in the user_ldap test environment user1 is in grp1
+    And user "user0" has shared file "textfile0.txt" with group "grp1"
+    And parameter "shareapi_allow_group_sharing" of app "core" has been set to "no"
+    When user "user0" updates the last share using the sharing API with
+      | permissions | read, create |
+    Then the OCS status code should be "400"
+    And the HTTP status code should be "<http_status_code>"
+    When user "user0" gets the info of the last share using the sharing API
+    Then the fields of the last response should include
+      | item_type         | file           |
+      | item_source       | A_NUMBER       |
+      | share_type        | group          |
+      | file_target       | /textfile0.txt |
+      | permissions       | read, update, share  |
+      | mail_send         | 0              |
+      | uid_owner         | user0          |
+      | file_parent       | A_NUMBER       |
+      | displayname_owner | User Zero      |
+    Examples:
+      | ocs_api_version | http_status_code |
+      | 1               | 200              |
+      | 2               | 400              |
+
+  Scenario Outline: Deleting group share is allowed when sharing with groups is forbidden
+    Given using OCS API version "<ocs_api_version>"
+    And group "grp1" has been created
+    # Note: in the user_ldap test environment user1 is in grp1
+    And user "user0" has shared file "textfile0.txt" with group "grp1"
+    And parameter "shareapi_allow_group_sharing" of app "core" has been set to "no"
+    When user "user0" deletes the last share using the sharing API
+    Then the OCS status code should be "<ocs_status_code>"
+    And the HTTP status code should be "200"
+    When user "user0" gets the info of the last share using the sharing API
+    Then the last response should be empty
+    Examples:
+      | ocs_api_version | ocs_status_code |
+      | 1               | 100             |
+      | 2               | 200             |
diff --git a/tests/acceptance/features/bootstrap/Sharing.php b/tests/acceptance/features/bootstrap/Sharing.php
@@ -1565,6 +1565,18 @@ public function checkFields($body) {
 		}
 	}
 
+	/**
+	 * @Then the last response should be empty
+	 *
+	 * @return void
+	 */
+	public function theFieldsOfTheLastResponseShouldBeEmpty() {
+		$data = $this->getResponseXml()->data[0];
+		Assert::assertEquals(
+			\count($data->element), 0, "last response contains data"
+		);
+	}
+
 	/**
 	 *
 	 * @return string

diff --git a/tests/acceptance/features/bootstrap/WebUISharingContext.php b/tests/acceptance/features/bootstrap/WebUISharingContext.php
@@ -292,14 +292,15 @@ public function theUserHasOpenedThePublicLinkShareTab() {
 	}
 
 	/**
-	 * @When the user deletes share with user :username for the current file
+	 * @When /^the user deletes share with (user|group) ((?:[^']*)|(?:[^"]*)) for the current file$/
 	 *
-	 * @param string $username
+	 * @param string $userOrGroup
+	 * @param string $name
 	 *
 	 * @return void
 	 */
-	public function theUserDeleteShareWithUser($username) {
-		$this->sharingDialog->deleteShareWithUser($this->getSession(), $username);
+	public function theUserDeleteShareWithUser($userOrGroup, $name) {
+		$this->sharingDialog->deleteShareWith($this->getSession(), $userOrGroup, \trim($name, '""'));
 	}
 
 	/**

diff --git a/tests/acceptance/features/lib/FilesPageElement/SharingDialog.php b/tests/acceptance/features/lib/FilesPageElement/SharingDialog.php
@@ -672,18 +672,22 @@ public function getShareWithList() {
 	}
 
 	/**
-	 * delete user from shared with list
+	 * delete user/group from shared with list
 	 *
 	 * @param Session $session
+	 * @param string $userOrGroup
 	 * @param string $username
 	 *
 	 * @return void
 	 */
-	public function deleteShareWithUser(Session $session, $username) {
+	public function deleteShareWith(Session $session, $userOrGroup, $username) {
 		$shareWithList = $this->getShareWithList();
-		foreach ($shareWithList as $userOrGroup) {
-			if ($userOrGroup->find('xpath', $this->userOrGroupNameSpanXpath)->getHtml() === $username) {
-				$userOrGroup->find('xpath', $this->unShareTabXpath)->click();
+		foreach ($shareWithList as $item) {
+			if ($userOrGroup == "group") {
+				$username = \sprintf($this->groupFramework, $username);
+			}
+			if ($item->find('xpath', $this->userOrGroupNameSpanXpath)->getHtml() === $username) {
+				$item->find('xpath', $this->unShareTabXpath)->click();
 				$this->waitForAjaxCallsToStartAndFinish($session);
 			}
 		}

diff --git a/tests/acceptance/features/webUIRestrictSharing/restrictSharing.feature b/tests/acceptance/features/webUIRestrictSharing/restrictSharing.feature
@@ -94,5 +94,5 @@ Feature: restrict Sharing
     And the setting "Allow sharing with groups" in the section "Sharing" has been disabled
     When the user opens the share dialog for folder "simple-folder"
     Then group "grp1" should be listed in the shared with list
-    When the user deletes share with user "grp1 (group)" for the current file
+    When the user deletes share with group "grp1" for the current file
     Then group "grp1" should not be listed in the shared with list