diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index db29cc51bea..b5191109285 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -176,5 +176,12 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/addUserToGroup.feature:316](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L316) - [apiGraph/addUserToGroup.feature:330](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L330) +#### [Admin user can't restore other user spaces](https://github.com/owncloud/ocis/issues/5872) +- [apiSpaces/restoreSpaces.feature:94](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/restoreSpaces.feature#L94) + +#### [https://github.com/owncloud/ocis/issues/5938](https://github.com/owncloud/ocis/issues/5938) +- [apiSpaces/createSpace.feature:18](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/createSpace.feature#L18) +- [apiSpaces/createSpace.feature:19](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/createSpace.feature#L19) + Note: always have an empty line at the end of this file. The bash script that processes this file requires that the last line has a newline on the end. diff --git a/tests/acceptance/features/apiSpaces/createSpace.feature b/tests/acceptance/features/apiSpaces/createSpace.feature new file mode 100644 index 00000000000..81b5ec9bf0b --- /dev/null +++ b/tests/acceptance/features/apiSpaces/createSpace.feature @@ -0,0 +1,156 @@ +@api +Feature: create space + As an admin and space admin + I want to create new spaces + So that I can organize a set of resources in a hierarchical tree + + Background: + Given user "Alice" has been created with default attributes and without skeleton files + + + Scenario Outline: user with role user and guest can't create Space via Graph API + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" tries to create a space "Project Mars" of type "project" with the default quota using the Graph API + Then the HTTP status code should be "403" + And the user "Alice" should not have a space called "share space" + Examples: + | role | + | User | + | Guest | + + + Scenario Outline: an admin or space admin user can create a Space via the Graph API with a default quota + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the Graph API + Then the HTTP status code should be "201" + And the JSON response should contain space called "Project Mars" and match + """ + { + "type": "object", + "required": [ + "driveType", + "driveAlias", + "name", + "id", + "quota", + "root", + "webUrl" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Mars"] + }, + "driveType": { + "type": "string", + "enum": ["project"] + }, + "driveAlias": { + "type": "string", + "enum": ["project/project-mars"] + }, + "id": { + "type": "string", + "enum": ["%space_id%"] + }, + "quota": { + "type": "object", + "required": [ + "total" + ], + "properties": { + "state": { + "type": "number", + "enum": [1000000000] + } + } + }, + "root": { + "type": "object", + "required": [ + "webDavUrl" + ], + "properties": { + "webDavUrl": { + "type": "string", + "enum": ["%base_url%/dav/spaces/%space_id%"] + } + } + }, + "webUrl": { + "type": "string", + "enum": ["%base_url%/f/%space_id%"] + } + } + } + """ + Examples: + | role | + | Admin | + | Space Admin | + + + Scenario Outline: an admin or space admin user can create a Space via the Graph API with certain quota + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the Graph API + Then the HTTP status code should be "201" + And the JSON response should contain space called "Project Venus" and match + """ + { + "type": "object", + "required": [ + "driveType", + "name", + "id", + "quota", + "root", + "webUrl" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Venus"] + }, + "driveType": { + "type": "string", + "enum": ["project"] + }, + "id": { + "type": "string", + "enum": ["%space_id%"] + }, + "quota": { + "type": "object", + "required": [ + "total" + ], + "properties": { + "state": { + "type": "number", + "enum": [2000] + } + } + }, + "root": { + "type": "object", + "required": [ + "webDavUrl" + ], + "properties": { + "webDavUrl": { + "type": "string", + "enum": ["%base_url%/dav/spaces/%space_id%"] + } + } + }, + "webUrl": { + "type": "string", + "enum": ["%base_url%/f/%space_id%"] + } + } + } + """ + Examples: + | role | + | Admin | + | Space Admin | diff --git a/tests/acceptance/features/apiSpaces/deleteSpaces.feature b/tests/acceptance/features/apiSpaces/deleteSpaces.feature deleted file mode 100644 index 3d681bade45..00000000000 --- a/tests/acceptance/features/apiSpaces/deleteSpaces.feature +++ /dev/null @@ -1,130 +0,0 @@ -@api @skipOnOcV10 -Feature: Disabling and deleting space - As a manager of space - I want to be able to disable the space first, then delete it. - I want to make sure that a disabled spaces isn't accessible by shared users. - - Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production - See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839 - - Background: - Given these users have been created with default attributes and without skeleton files: - | username | - | Alice | - | Brian | - | Bob | - And the administrator has given "Alice" the role "Space Admin" using the settings api - And user "Alice" has created a space "Project Moon" with the default quota using the GraphApi - And user "Alice" has shared a space "Project Moon" with settings: - | shareWith | Brian | - | role | editor | - And user "Alice" has shared a space "Project Moon" with settings: - | shareWith | Bob | - | role | viewer | - - - Scenario Outline: A space admin user can disable a Space via the Graph API - When user "Alice" disables a space "Project Moon" - Then the HTTP status code should be "204" - And for user "Alice" the JSON response should contain space called "Project Moon" and match - """ - { - "type": "object", - "required": [ - "name", - "root" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Moon"] - }, - "root": { - "type": "object", - "required": [ - "deleted" - ], - "properties": { - "deleted": { - "type": "object", - "required": [ - "state" - ], - "properties": { - "state": { - "type": "string", - "enum": ["trashed"] - } - } - } - } - } - } - } - """ - And the user "" should not have a space called "Project Moon" - Examples: - | user | - | Brian | - | Bob | - - - Scenario Outline: An user without space admin role cannot disable a Space via the Graph API - When user "" disables a space "Project Moon" - Then the HTTP status code should be "403" - And for user "" the JSON response should contain space called "Project Moon" and match - """ - { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Moon"] - } - } - } - """ - Examples: - | user | - | Brian | - | Bob | - - - Scenario: A space manager can delete a disabled Space via the webDav API - Given user "Alice" has disabled a space "Project Moon" - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "204" - And the user "Alice" should not have a space called "Project Moon" - - - Scenario: An space manager can disable and delete Space in which files and folders exist via the webDav API - Given user "Alice" has uploaded a file inside space "Project Moon" with content "test" to "test.txt" - And user "Alice" has created a folder "MainFolder" in space "Project Moon" - When user "Alice" disables a space "Project Moon" - Then the HTTP status code should be "204" - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "204" - And the user "Alice" should not have a space called "Project Moon" - - - Scenario: An space manager cannot delete a space via the webDav API without first disabling it - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "400" - And for user "Alice" the JSON response should contain space called "Project Moon" and match - """ - { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Moon"] - } - } - } - """ diff --git a/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature b/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature new file mode 100644 index 00000000000..63108b8ade3 --- /dev/null +++ b/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature @@ -0,0 +1,234 @@ +@api @skipOnOcV10 +Feature: Disabling and deleting space + As a manager of space + I want to be able to disable the space first, then delete it. + So that a disabled spaces isn't accessible by shared users. + + Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production + See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839 + + Background: + Given these users have been created with default attributes and without skeleton files: + | username | + | Alice | + | Brian | + | Bob | + | Carol | + And the administrator has given "Alice" the role "Space Admin" using the settings api + And user "Alice" has created a space "Project Moon" with the default quota using the GraphApi + And user "Alice" has shared a space "Project Moon" with settings: + | shareWith | Brian | + | role | editor | + And user "Alice" has shared a space "Project Moon" with settings: + | shareWith | Bob | + | role | viewer | + + + Scenario Outline: user can disable their own space via the Graph API + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" disables a space "Project Moon" + Then the HTTP status code should be "204" + And for user "Alice" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name", + "root" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + }, + "root": { + "type": "object", + "required": [ + "deleted" + ], + "properties": { + "deleted": { + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "type": "string", + "enum": ["trashed"] + } + } + } + } + } + } + } + """ + And the user "Brian" should not have a space called "Project Moon" + And the user "Bob" should not have a space called "Project Moon" + Examples: + | role | + | Admin | + | Space Admin | + | User | + | Guest | + + + Scenario Outline: user with role user and guest cannot disable other space via the Graph API + Given the administrator has given "Carol" the role "" using the settings api + When user "Carol" tries to disable a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "403" + And for user "Brian" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + } + } + } + """ + And for user "Bob" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + } + } + } + """ + Examples: + | role | + | User | + | Guest | + + + Scenario: a space manager can disable and delete space in which files and folders exist via the webDav API + Given user "Alice" has uploaded a file inside space "Project Moon" with content "test" to "test.txt" + And user "Alice" has created a folder "MainFolder" in space "Project Moon" + When user "Alice" disables a space "Project Moon" + Then the HTTP status code should be "204" + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + + + Scenario Outline: user cannot delete their own space without first disabling it + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "400" + And for user "Alice" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + } + } + } + """ + Examples: + | role | + | Admin | + | Space Admin | + | User | + | Guest | + + + Scenario Outline: user can delete their own disabled space via the Graph API + Given the administrator has given "Alice" the role "" using the settings api + And user "Alice" has disabled a space "Project Moon" + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + Examples: + | role | + | Admin | + | Space Admin | + | User | + | Guest | + + + Scenario Outline: an admin and space manager can disable other space via the Graph API + Given the administrator has given "Carol" the role "" using the settings api + When user "Carol" tries to disable a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "204" + And for user "Alice" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name", + "root" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + }, + "root": { + "type": "object", + "required": [ + "deleted" + ], + "properties": { + "deleted": { + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "type": "string", + "enum": ["trashed"] + } + } + } + } + } + } + } + """ + Examples: + | role | + | Admin | + | Space Admin | + + + Scenario Outline: an admin and space manager can delete other disabled Space + Given the administrator has given "Carol" the role "" using the settings api + And user "Alice" has disabled a space "Project Moon" + When user "Carol" tries to delete a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + Examples: + | role | + | Admin | + | Space Admin | + + + Scenario Outline: user with role user and guest cannot delete others disabled Space via the Graph API + Given the administrator has given "Carol" the role "" using the settings api + And user "Alice" has disabled a space "Project Moon" + When user "Carol" tries to delete a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "403" + Examples: + | role | + | User | + | Guest | diff --git a/tests/acceptance/features/apiSpaces/listSpaces.feature b/tests/acceptance/features/apiSpaces/listSpaces.feature index 46278ac5d47..ecf6c528b6b 100644 --- a/tests/acceptance/features/apiSpaces/listSpaces.feature +++ b/tests/acceptance/features/apiSpaces/listSpaces.feature @@ -212,154 +212,6 @@ Feature: List and create spaces Then the HTTP status code should be "207" - Scenario Outline: The user without permissions to create space cannot create a Space via Graph API - Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the GraphApi - Then the HTTP status code should be "401" - And the user "Alice" should not have a space called "share space" - Examples: - | role | - | User | - | Guest | - - - Scenario Outline: An admin or space admin user can create a Space via the Graph API with default quota - Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the GraphApi - Then the HTTP status code should be "201" - And the JSON response should contain space called "Project Mars" and match - """ - { - "type": "object", - "required": [ - "driveType", - "driveAlias", - "name", - "id", - "quota", - "root", - "webUrl" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Mars"] - }, - "driveType": { - "type": "string", - "enum": ["project"] - }, - "driveAlias": { - "type": "string", - "enum": ["project/project-mars"] - }, - "id": { - "type": "string", - "enum": ["%space_id%"] - }, - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "state": { - "type": "number", - "enum": [1000000000] - } - } - }, - "root": { - "type": "object", - "required": [ - "webDavUrl" - ], - "properties": { - "webDavUrl": { - "type": "string", - "enum": ["%base_url%/dav/spaces/%space_id%"] - } - } - }, - "webUrl": { - "type": "string", - "enum": ["%base_url%/f/%space_id%"] - } - } - } - """ - Examples: - | role | - | Admin | - | Space Admin | - - - Scenario Outline: An admin or space admin user can create a Space via the Graph API with certain quota - Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the GraphApi - Then the HTTP status code should be "201" - And the JSON response should contain space called "Project Venus" and match - """ - { - "type": "object", - "required": [ - "driveType", - "name", - "id", - "quota", - "root", - "webUrl" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Venus"] - }, - "driveType": { - "type": "string", - "enum": ["project"] - }, - "id": { - "type": "string", - "enum": ["%space_id%"] - }, - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "state": { - "type": "number", - "enum": [2000] - } - } - }, - "root": { - "type": "object", - "required": [ - "webDavUrl" - ], - "properties": { - "webDavUrl": { - "type": "string", - "enum": ["%base_url%/dav/spaces/%space_id%"] - } - } - }, - "webUrl": { - "type": "string", - "enum": ["%base_url%/f/%space_id%"] - } - } - } - """ - Examples: - | role | - | Admin | - | Space Admin | - - Scenario: A user can list his personal space via multiple endpoints When user "Alice" lists all available spaces via the GraphApi with query "$filter=driveType eq 'personal'" Then the HTTP status code should be "200" @@ -462,7 +314,7 @@ Feature: List and create spaces Scenario Outline: A user can list his created spaces via multiple endpoints Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the GraphApi + When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the Graph API Then the HTTP status code should be "201" And the JSON response should contain space called "Project Venus" and match """ diff --git a/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature b/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature index f22920d8139..8e3133f6fd8 100644 --- a/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature +++ b/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature @@ -16,7 +16,7 @@ Feature: Restore files, folder | Carol | And using spaces DAV path And the administrator has given "Alice" the role "Space Admin" using the settings api - And user "Alice" creates a space "restore objects" of type "project" with the default quota using the GraphApi + And user "Alice" has created a space "restore objects" with the default quota using the GraphApi And user "Alice" has created a folder "newFolder" in space "restore objects" And user "Alice" has uploaded a file inside space "restore objects" with content "test" to "newFolder/file.txt" diff --git a/tests/acceptance/features/apiSpaces/restoreSpaces.feature b/tests/acceptance/features/apiSpaces/restoreSpaces.feature index c7ab87e5c3e..94b78f4ed56 100644 --- a/tests/acceptance/features/apiSpaces/restoreSpaces.feature +++ b/tests/acceptance/features/apiSpaces/restoreSpaces.feature @@ -47,7 +47,7 @@ Feature: Restoring space | mainFolder | - Scenario: Participant can create data in the space after restoring + Scenario: participant can create data in the space after restoring Given user "Alice" has shared a space "restore a space" with settings: | shareWith | Brian | | role | editor | @@ -60,14 +60,36 @@ Feature: Restoring space | mainFolder | - Scenario Outline: User without space manager role cannot restore space + Scenario Outline: user without space manager role cannot restore space Given user "Alice" has shared a space "restore a space" with settings: | shareWith | Brian | | role | | And user "Alice" has disabled a space "restore a space" - When user "Brian" restores a disabled space "restore a space" owned by user "Alice" + When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice" Then the HTTP status code should be "404" Examples: | role | | viewer | | editor | + + + Scenario Outline: user with role user and guest cannot restore space + Given the administrator has given "Brian" the role "" using the settings api + And user "Alice" has disabled a space "restore a space" + When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice" + Then the HTTP status code should be "404" + Examples: + | role | + | User | + | Guest | + + @issue-5872 + Scenario Outline: admin and space admin can restore other space + Given the administrator has given "Brian" the role "" using the settings api + And user "Alice" has disabled a space "restore a space" + When user "Brian" restores a disabled space "restore a space" owned by user "Alice" + Then the HTTP status code should be "200" + Examples: + | role | + | Admin | + | Space Admin | diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php index 1ebbb46d462..8d3d086c7f4 100644 --- a/tests/acceptance/features/bootstrap/SpacesContext.php +++ b/tests/acceptance/features/bootstrap/SpacesContext.php @@ -627,7 +627,7 @@ public function theUserLooksUpTheSingleSpaceUsingTheGraphApiByUsingItsId(string } /** - * @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with the default quota using the GraphApi$/ + * @When /^user "([^"]*)" (?:creates|tries to create) a space "([^"]*)" of type "([^"]*)" with the default quota using the Graph API$/ * * @param string $user * @param string $spaceName @@ -658,7 +658,7 @@ public function theUserCreatesASpaceUsingTheGraphApi( } /** - * @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with quota "([^"]*)" using the GraphApi$/ + * @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with quota "([^"]*)" using the Graph API$/ * * @param string $user * @param string $spaceName