From 63ba5613c0ae76f955c45fc8f57e8c8055d70c36 Mon Sep 17 00:00:00 2001 From: Amrita <54478846+amrita-shrestha@users.noreply.github.com> Date: Tue, 28 Mar 2023 09:09:37 +0545 Subject: [PATCH] [tests-only][full-ci]Extend tests coverage for different role capability for group (#5742) * Extend tests coverage for different role capability for group * Remove unwanted scenario * Change http status code --- ...ected-failures-localAPI-on-OCIS-storage.md | 51 ++++++++++++++++--- .../features/apiGraph/addUserToGroup.feature | 44 ++++++++++++---- .../features/apiGraph/createGroup.feature | 12 +++-- .../features/apiGraph/deleteGroup.feature | 10 +++- .../features/apiGraph/editGroup.feature | 24 +++++++-- .../features/apiGraph/getGroup.feature | 43 ++++++++++++---- .../apiGraph/removeUserFromGroup.feature | 10 +++- .../features/bootstrap/GraphContext.php | 27 ++++++++-- 8 files changed, 180 insertions(+), 41 deletions(-) diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index 6ca2ca97c99..db29cc51bea 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -44,7 +44,7 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiSpacesShares/copySpaces.feature:793](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/copySpaces.feature#L793) ### [Creating group with empty name returns status code 200](https://github.com/owncloud/ocis/issues/5050) -- [apiGraph/createGroup.feature:40](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L40) +- [apiGraph/createGroup.feature:46](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L46) ### [Settings service user can list other peoples assignments](https://github.com/owncloud/ocis/issues/5032) - [apiAccountsHashDifficulty/assignRole.feature:27](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L27) @@ -59,7 +59,7 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/deleteGroup.feature:51](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L51) #### [Share lists deleted user as 'user'](https://github.com/owncloud/ocis/issues/903) -- [apiGraph/deleteGroup.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L62) +- [apiGraph/deleteGroup.feature:68](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L68) #### [Updating group displayName request seems OK but group is not being renamed](https://github.com/owncloud/ocis/issues/5099) - [apiGraph/editGroup.feature:20](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L20) @@ -68,6 +68,7 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/editGroup.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L23) - [apiGraph/editGroup.feature:24](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L24) - [apiGraph/editGroup.feature:25](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L25) +- [apiGraph/editGroup.feature:40](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L40) #### [CORS headers are not identical with oC10 headers](https://github.com/owncloud/ocis/issues/5195) - [apiCors/cors.feature:25](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L25) @@ -121,7 +122,9 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiSpacesShares/shareSubItemOfSpace.feature:105](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature#L105) #### [Normal user can get expanded members information of a group](https://github.com/owncloud/ocis/issues/5604) -- [apiGraph/getGroup.feature:100](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L100) +- [apiGraph/getGroup.feature:130](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L130) +- [apiGraph/getGroup.feature:131](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L131) +- [apiGraph/getGroup.feature:132](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L132) #### [Changing user with an uppercase name gives 404 error](https://github.com/owncloud/ocis/issues/5763) - [apiGraph/editUser.feature:41](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L41) @@ -130,14 +133,48 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/editUser.feature:44](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L44) #### [Same users can be added in a group multiple time](https://github.com/owncloud/ocis/issues/5702) -- [apiGraph/addUserToGroup.feature:222](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L222) +- [apiGraph/addUserToGroup.feature:246](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L246) #### [Try to add group to a group return 204](https://github.com/owncloud/ocis/issues/5793) -- [apiGraph/addUserToGroup.feature:244](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L244) +- [apiGraph/addUserToGroup.feature:268](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L268) + +#### [API requests from an unauthorized user should return 403](https://github.com/owncloud/ocis/issues/5938) +- [apiGraph/addUserToGroup.feature:131](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L131) +- [apiGraph/addUserToGroup.feature:132](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L132) +- [apiGraph/addUserToGroup.feature:133](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L133) +- [apiGraph/addUserToGroup.feature:145](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L145) +- [apiGraph/addUserToGroup.feature:146](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L146) +- [apiGraph/addUserToGroup.feature:147](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L147) +- [apiGraph/createGroup.feature:41](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L41) +- [apiGraph/createGroup.feature:42](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L42) +- [apiGraph/createGroup.feature:43](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L43) +- [apiGraph/deleteGroup.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L63) +- [apiGraph/deleteGroup.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L64) +- [apiGraph/deleteGroup.feature:65](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L65) +- [apiGraph/editGroup.feature:35](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L35) +- [apiGraph/editGroup.feature:36](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L36) +- [apiGraph/editGroup.feature:37](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L37) +- [apiGraph/getGroup.feature:35](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L35) +- [apiGraph/getGroup.feature:36](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L36) +- [apiGraph/getGroup.feature:37](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L37) +- [apiGraph/getGroup.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L64) +- [apiGraph/getGroup.feature:65](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L65) +- [apiGraph/getGroup.feature:66](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L66) +- [apiGraph/getGroup.feature:102](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L102) +- [apiGraph/getGroup.feature:103](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L103) +- [apiGraph/getGroup.feature:104](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L104) +- [apiGraph/removeUserFromGroup.feature:172](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L172) +- [apiGraph/removeUserFromGroup.feature:173](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L173) +- [apiGraph/removeUserFromGroup.feature:174](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L174) + +#### [API requests for a non-existent resources should return 404](https://github.com/owncloud/ocis/issues/5939) +- [apiGraph/addUserToGroup.feature:162](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L162) +- [apiGraph/addUserToGroup.feature:163](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L163) +- [apiGraph/addUserToGroup.feature:164](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L164) ### [Users are added in a group with wrong host in host-part of user](https://github.com/owncloud/ocis/issues/5871) -- [apiGraph/addUserToGroup.feature:292](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L292) -- [apiGraph/addUserToGroup.feature:306](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L306) +- [apiGraph/addUserToGroup.feature:316](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L316) +- [apiGraph/addUserToGroup.feature:330](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L330) Note: always have an empty line at the end of this file. The bash script that processes this file requires that the last line has a newline on the end. diff --git a/tests/acceptance/features/apiGraph/addUserToGroup.feature b/tests/acceptance/features/apiGraph/addUserToGroup.feature index 541b3338363..5c8ec22c620 100644 --- a/tests/acceptance/features/apiGraph/addUserToGroup.feature +++ b/tests/acceptance/features/apiGraph/addUserToGroup.feature @@ -120,27 +120,51 @@ Feature: add users to group | Alice | var/../etc | - Scenario: normal user tries to add himself to a group - Given group "groupA" has been created + Scenario Outline: user other than the admin tries to add himself to a group + Given the administrator has given "Alice" the role "" using the settings api + And group "groupA" has been created When user "Alice" tries to add himself to group "groupA" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the last response should be an unauthorized response + Examples: + | role | + | Space Admin | + | User | + | Guest | - Scenario: normal user tries to other user to a group + Scenario Outline: user other than the admin tries to add other user to a group Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api And group "groupA" has been created When user "Alice" tries to add user "Brian" to group "groupA" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the last response should be an unauthorized response + Examples: + | role | + | Space Admin | + | User | + | Guest | - Scenario: admin tries to add user to a non-existing group + Scenario: admin tries to add user to a nonexistent group When the administrator tries to add user "Alice" to a nonexistent group using the Graph API Then the HTTP status code should be "404" - Scenario: admin tries to add a non-existing user to a group + Scenario Outline: user other than the admin tries to add user to a nonexistent group + Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Alice" the role "" using the settings api + When the user "Alice" tries to add user "Brian" to a nonexistent group using the Graph API + Then the HTTP status code should be "404" + Examples: + | role | + | Space Admin | + | User | + | Guest | + + + Scenario: admin tries to add a nonexistent user to a group Given group "groupA" has been created When the administrator tries to add user "nonexistentuser" to group "groupA" using the provisioning API Then the HTTP status code should be "405" @@ -169,7 +193,7 @@ Feature: add users to group | Carol | grp1 | - Scenario: admin tries to add users to a non-existing group at once + Scenario: admin tries to add users to a nonexistent group at once Given the administrator has given "Alice" the role "Admin" using the settings api And these users have been created with default attributes and without skeleton files: | username | @@ -182,7 +206,7 @@ Feature: add users to group Then the HTTP status code should be "404" - Scenario: admin tries to add multiple non-existing users to a group at once + Scenario: admin tries to add multiple nonexistent users to a group at once Given the administrator has given "Alice" the role "Admin" using the settings api And user "Alice" has created a group "grp1" using the Graph API When the administrator "Alice" tries to add the following nonexistent users to a group "grp1" at once using the Graph API @@ -192,7 +216,7 @@ Feature: add users to group Then the HTTP status code should be "404" - Scenario: admin tries to add non-existing and existing users to a group at once + Scenario: admin tries to add nonexistent and existing users to a group at once Given the administrator has given "Alice" the role "Admin" using the settings api And these users have been created with default attributes and without skeleton files: | username | diff --git a/tests/acceptance/features/apiGraph/createGroup.feature b/tests/acceptance/features/apiGraph/createGroup.feature index 48af53fb0fa..c0c8d1ba303 100644 --- a/tests/acceptance/features/apiGraph/createGroup.feature +++ b/tests/acceptance/features/apiGraph/createGroup.feature @@ -30,13 +30,19 @@ Feature: create group And group "mygroup" should exist - Scenario: normal user tries to create a group + Scenario Outline: user other than the admin can't create a group Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api When user "Brian" tries to create a group "mygroup" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And group "mygroup" should not exist + Examples: + | userRole | + | Space Admin | + | User | + | Guest | - + @issue-5050 Scenario: admin user tries to create a group that is the empty string When user "Alice" tries to create a group "" using the Graph API Then the HTTP status code should be "400" diff --git a/tests/acceptance/features/apiGraph/deleteGroup.feature b/tests/acceptance/features/apiGraph/deleteGroup.feature index 0fb377347ca..211672f1c44 100644 --- a/tests/acceptance/features/apiGraph/deleteGroup.feature +++ b/tests/acceptance/features/apiGraph/deleteGroup.feature @@ -51,12 +51,18 @@ Feature: delete groups | 50%2Fix | %2F literal looks like an escaped slash | - Scenario: normal user tries to delete a group + Scenario Outline: user other than the admin can't delete a group Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api And group "new-group" has been created When user "Brian" tries to delete group "new-group" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And group "new-group" should exist + Examples: + | role | + | Space Admin | + | User | + | Guest | @issue-903 Scenario: deleted group should not be listed in the sharees list diff --git a/tests/acceptance/features/apiGraph/editGroup.feature b/tests/acceptance/features/apiGraph/editGroup.feature index e188c04be21..fd938edeadc 100644 --- a/tests/acceptance/features/apiGraph/editGroup.feature +++ b/tests/acceptance/features/apiGraph/editGroup.feature @@ -1,4 +1,4 @@ -@api @skipOnOcV10 +@api @skipOnOcV10 @issue-5099 Feature: edit group name As an admin I want to be able to edit group name @@ -8,7 +8,7 @@ Feature: edit group name Given user "Alice" has been created with default attributes and without skeleton files And the administrator has given "Alice" the role "Admin" using the settings api - @issue-5099 + Scenario Outline: admin user renames a group Given group "" has been created When user "Alice" renames group "" to "" using the Graph API @@ -22,4 +22,22 @@ Feature: edit group name | grp1 | नेपाली | | grp1 | $x<=>[y*z^2]! | | grp1 | staff?group | - | grp1 | 50%pass | \ No newline at end of file + | grp1 | 50%pass | + + + Scenario Outline: user other than the admin can't rename a group + Given the administrator has given "Alice" the role "" using the settings api + And group "grp1" has been created + When user "Alice" tries to rename group "grp1" to "grp101" using the Graph API + Then the HTTP status code should be "403" + Examples: + | role | + | Space Admin | + | User | + | Guest | + + + Scenario: admin user tries to rename nonexistent group + When user "Alice" tries to rename a nonexistent group to "grp1" using the Graph API + Then the HTTP status code should be "404" + And group "grp1" should not exist diff --git a/tests/acceptance/features/apiGraph/getGroup.feature b/tests/acceptance/features/apiGraph/getGroup.feature index 9479dc99bac..261d2044ff8 100644 --- a/tests/acceptance/features/apiGraph/getGroup.feature +++ b/tests/acceptance/features/apiGraph/getGroup.feature @@ -21,14 +21,20 @@ Feature: get groups and their members | h2o-lover | - Scenario: normal user cannot get the groups list + Scenario Outline: user other than the admin shouldn't get the groups list Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api And group "tea-lover" has been created And group "coffee-lover" has been created And group "h2o-lover" has been created When user "Brian" gets all the groups using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the last response should be an unauthorized response + Examples: + | role | + | Space Admin | + | User | + | Guest | Scenario: admin user gets users of a group @@ -46,12 +52,18 @@ Feature: get groups and their members | Carol | - Scenario: normal user tries to get users of a group + Scenario Outline: user other than the admin shouldn't get users of a group Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api And group "tea-lover" has been created When user "Brian" gets all the members of group "tea-lover" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the last response should be an unauthorized response + Examples: + | role | + | Space Admin | + | User | + | Guest | Scenario: admin user gets all groups along with its member's information @@ -75,18 +87,24 @@ Feature: get groups and their members | Carol King | %uuid_v4% | carol@example.org | Carol | - Scenario: normal user gets all groups along with their members information + Scenario Outline: user other than the admin shouldn't get all groups along with its member's information Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api And group "tea-lover" has been created And group "coffee-lover" has been created And user "Alice" has been added to group "tea-lover" And user "Brian" has been added to group "coffee-lover" When user "Brian" retrieves all groups along with their members using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the last response should be an unauthorized response + Examples: + | role | + | Space Admin | + | User | + | Guest | - Scenario: admin user gets a group along with their members information + Scenario: admin user gets a group along with its member's information Given user "Brian" has been created with default attributes and without skeleton files And group "tea-lover" has been created And user "Alice" has been added to group "tea-lover" @@ -97,14 +115,21 @@ Feature: get groups and their members | Alice Hansen | %uuid_v4% | alice@example.org | Alice | | Brian Murphy | %uuid_v4% | brian@example.org | Brian | - Scenario: normal user gets a group along with their members information + @issue-5604 + Scenario Outline: user other than the admin gets a group along with its member's information Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api And group "tea-lover" has been created And user "Alice" has been added to group "tea-lover" And user "Brian" has been added to group "tea-lover" When user "Brian" gets all the members information of group "tea-lover" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the last response should be an unauthorized response + Examples: + | role | + | Space Admin | + | User | + | Guest | Scenario: Get details of a group diff --git a/tests/acceptance/features/apiGraph/removeUserFromGroup.feature b/tests/acceptance/features/apiGraph/removeUserFromGroup.feature index 554773c8c23..b4fa14bfd84 100644 --- a/tests/acceptance/features/apiGraph/removeUserFromGroup.feature +++ b/tests/acceptance/features/apiGraph/removeUserFromGroup.feature @@ -157,15 +157,21 @@ Feature: remove a user from a group Then the HTTP status code should be "404" - Scenario: normal user tries to remove a user in their group + Scenario Outline: user other than the admin can't remove a user from their group Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Brian" the role "" using the settings api And group "grp1" has been created And user "Alice" has been added to group "grp1" And user "Brian" has been added to group "grp1" When user "Alice" tries to remove user "Brian" from group "grp1" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the last response should be an unauthorized response And user "Brian" should belong to group "grp1" + Examples: + | role | + | Space Admin | + | User | + | Guest | Scenario: admin removes a disabled user from a group diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php index 52b94166f77..56622a08811 100644 --- a/tests/acceptance/features/bootstrap/GraphContext.php +++ b/tests/acceptance/features/bootstrap/GraphContext.php @@ -1292,38 +1292,55 @@ public function theFollowingUsersShouldBeListedInFollowingGroups(TableNode $tabl /** * rename group name * - * @param string $oldGroup + * @param string $oldGroupId * @param string $newGroup * @param string $user * * @return ResponseInterface * @throws GuzzleException */ - public function renameGroup(string $oldGroup, string $newGroup, ?string $user = null): ResponseInterface { + public function renameGroup(string $oldGroupId, string $newGroup, ?string $user = null): ResponseInterface { $credentials = $this->getAdminOrUserCredentials($user); - $groupId = $this->featureContext->getAttributeOfCreatedGroup($oldGroup, "id"); return GraphHelper::updateGroup( $this->featureContext->getBaseUrl(), $this->featureContext->getStepLineRef(), $credentials['username'], $credentials['password'], - $groupId, + $oldGroupId, $newGroup ); } /** * @When user :user renames group :oldGroup to :newGroup using the Graph API + * @When user :user tries to rename group :oldGroup to :newGroup using the Graph API * * @param string $user * @param string $oldGroup * @param string $newGroup * * @return void + * @throws GuzzleException */ public function userRenamesGroupUsingTheGraphApi(string $user, string $oldGroup, string $newGroup): void { - $this->featureContext->setResponse($this->renameGroup($oldGroup, $newGroup, $user)); + $oldGroupId = $this->featureContext->getAttributeOfCreatedGroup($oldGroup, "id"); + $this->featureContext->setResponse($this->renameGroup($oldGroupId, $newGroup, $user)); + } + + /** + * @When user :user tries to rename a nonexistent group to :newGroup using the Graph API + * + * @param string $user + * @param string $newGroup + * + * @return void + * @throws GuzzleException + * @throws Exception + */ + public function userTriesToRenameNonExistentGroupToNewGroupName(string $user, string $newGroup): void { + $oldGroupId = WebDavHelper::generateUUIDv4(); + $this->featureContext->setResponse($this->renameGroup($oldGroupId, $newGroup, $user)); } /**