From 85714c113d8183ed1927d05abdd7bb3d5dcd2a94 Mon Sep 17 00:00:00 2001
From: Viktor Scharf <scharf.vi@gmail.com>
Date: Thu, 10 Feb 2022 20:21:22 +0100
Subject: [PATCH 1/2] added checks: who is owner, who has be granted

---
 .../features/apiSpaces/restoreSpaces.feature  | 17 ++++-
 .../features/apiSpaces/shareSpaces.feature    | 24 ++++--
 .../features/bootstrap/SpacesContext.php      | 75 +++++++++++++++++--
 3 files changed, 102 insertions(+), 14 deletions(-)

diff --git a/tests/acceptance/features/apiSpaces/restoreSpaces.feature b/tests/acceptance/features/apiSpaces/restoreSpaces.feature
index 6c2f4c42aa2..0351fc2d20e 100644
--- a/tests/acceptance/features/apiSpaces/restoreSpaces.feature
+++ b/tests/acceptance/features/apiSpaces/restoreSpaces.feature
@@ -53,4 +53,19 @@ Feature: Restoring space
     Then for user "Brian" the space "create data in restored space" should contain these entries:
       | test.txt         |
       | mainFolder       |
-    
\ No newline at end of file
+    
+
+  Scenario: User with viewer permissions cannot restore space
+    Given user "Alice" has created a space "viewer restores space" of type "project" with quota "10"
+    And user "Alice" has shared a space "viewer restores space" to user "Brian" with role "viewer"
+    And user "Alice" has disabled a space "viewer restores space"
+    When user "Brian" restores a disabled space "viewer restores space" without manager rights
+    Then the HTTP status code should be "404"
+
+
+  Scenario: User with editor permissions cannot restore space
+    Given user "Alice" has created a space "editor restores space" of type "project" with quota "10"
+    And user "Alice" has shared a space "editor restores space" to user "Brian" with role "editor"
+    And user "Alice" has disabled a space "editor restores space"
+    When user "Brian" restores a disabled space "editor restores space" without manager rights
+    Then the HTTP status code should be "404"
diff --git a/tests/acceptance/features/apiSpaces/shareSpaces.feature b/tests/acceptance/features/apiSpaces/shareSpaces.feature
index c475513b982..df41dd452b1 100644
--- a/tests/acceptance/features/apiSpaces/shareSpaces.feature
+++ b/tests/acceptance/features/apiSpaces/shareSpaces.feature
@@ -9,6 +9,7 @@ Feature: Share spaces
   Background:
     Given user "Alice" has been created with default attributes and without skeleton files
     And user "Brian" has been created with default attributes and without skeleton files
+    And user "Bob" has been created with default attributes and without skeleton files
     And the administrator has given "Alice" the role "Admin" using the settings api
 
 
@@ -32,13 +33,22 @@ Feature: Share spaces
     Given user "Alice" has created a space "Share space to Brian" of type "project" with quota "10"
     And user "Alice" has shared a space "Share space to Brian" to user "Brian" with role "viewer"
     When user "Brian" lists all available spaces via the GraphApi
-    Then the json responded should contain a space "Share space to Brian" with these key and value pairs:
-      | key              | value                            |
-      | driveType        | project                          |
-      | id               | %space_id%                       |
-      | name             | Share space to Brian             |
-      | quota@@@state    | normal                           |
-      | root@@@webDavUrl | %base_url%/dav/spaces/%space_id% |
+    Then the json responded should contain a space "Share space to Brian" owned by "Alice" with these key and value pairs:
+      | key               | value                |
+      | driveType         | project              |
+      | id                | %space_id%           |
+      | name              | Share space to Brian |
+      | owner@@@user@@@id | %user_id%            | 
+
+  
+  Scenario: A user can see who has been granted access
+    Given user "Alice" has created a space "Share space to Brian" of type "project" with quota "10"
+    And user "Alice" has shared a space "Share space to Brian" to user "Brian" with role "viewer"
+    When user "Alice" lists all available spaces via the GraphApi
+    And the json responded should contain a space "Share space to Brian" granted to "Brian" with these key and value pairs:
+      | key                                                    | value      |
+      | root@@@permissions@@@1@@@grantedTo@@@0@@@user@@@id     | %user_id%  | 
+      | root@@@permissions@@@1@@@roles@@@0                     | viewer     |
 
 
   Scenario: A user can see a file in a received shared space
diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php
index 5648a3af971..fbcf2b7c457 100644
--- a/tests/acceptance/features/bootstrap/SpacesContext.php
+++ b/tests/acceptance/features/bootstrap/SpacesContext.php
@@ -205,6 +205,40 @@ public function getSpaceByName(string $user, string $spaceName): array {
 		return $spaces[$spaceName];
 	}
 
+	/**
+	 * The method returns userId
+	 *
+	 * @param string $userName
+	 *
+	 * @return string
+	 */
+	public function getUserIdByUserName(string $userName): string {
+
+		$fullUrl = $this->baseUrl . "/api/v0/accounts/accounts-list";
+		$this->featureContext->setResponse(
+			HttpRequestHelper::post(
+				$fullUrl, 
+				"", 
+				$this->featureContext->getAdminUsername(), 
+				$this->featureContext->getAdminPassword(), 
+				[], 
+				"{}"
+			)
+		);
+		if ($this->featureContext->getResponse()) {
+			$rawBody = $this->featureContext->getResponse()->getBody()->getContents();
+			if (isset(\json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR)["accounts"])) {
+				$accounts = \json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR)["accounts"];
+			}
+		}
+		foreach ($accounts as $account) {
+			if ($account["preferredName"] === $userName) {
+				return $account["id"];
+			}
+		}
+		throw new Exception(__METHOD__ . " user with name $userName not found");
+	}
+
 	/**
 	 * @BeforeScenario
 	 *
@@ -718,9 +752,10 @@ public function folderOfTheSpaceShouldContainEntries(
 	}
 
 	/**
-	 * @Then /^the json responded should contain a space "([^"]*)" with these key and value pairs:$/
-	 *
+	 * @Then /^the json responded should contain a space "([^"]*)" (?:|(?:owned by|granted to) "([^"]*)" )with these key and value pairs:$/
+	 * 
 	 * @param string $spaceName
+	 * @param string $userName
 	 * @param TableNode $table
 	 *
 	 * @return void
@@ -728,6 +763,7 @@ public function folderOfTheSpaceShouldContainEntries(
 	 */
 	public function jsonRespondedShouldContain(
 		string $spaceName,
+		string $userName = '',
 		TableNode $table
 	): void {
 		$this->featureContext->verifyTableNodeColumns($table, ['key', 'value']);
@@ -745,7 +781,13 @@ public function jsonRespondedShouldContain(
 						"function" =>
 							[$this, "getSpaceIdByNameFromResponse"],
 						"parameter" => [$spaceName]
-					]
+					],
+					[ 
+						"code" => "%user_id%",
+						"function" =>
+							[$this, "getUserIdByUserName"],
+						"parameter" => [$userName]
+					],
 				]
 			);
 			$segments = explode("@@@", $row["key"]);
@@ -1488,19 +1530,24 @@ public function sendDeleteSpaceRequest(
 	 *
 	 * @param  string $user
 	 * @param  string $spaceName
+	 * @param  string $userWithManagerRigths
 	 *
 	 * @return void
 	 * @throws GuzzleException
 	 */
 	public function sendRestoreSpaceRequest(
 		string $user,
-		string $spaceName
+		string $spaceName,
+		string $userWithManagerRigths = ''
 	): void {
+		if (!empty($userWithManagerRigths)) {
+			$space = $this->getSpaceByName($userWithManagerRigths, $spaceName);
+		} else {
+			$space = $this->getSpaceByName($user, $spaceName);
+		}
 		$header = ["restore" => true];
 		$body = '{}';
-		$space = $this->getSpaceByName($user, $spaceName);
 		$fullUrl = $this->baseUrl . "/graph/v1.0/drives/" . $space["id"];
-
 		$this->featureContext->setResponse(
 			HttpRequestHelper::sendRequest(
 				$fullUrl,
@@ -1514,6 +1561,22 @@ public function sendRestoreSpaceRequest(
 		);
 	}
 
+	/**
+	 * @When /^user "([^"]*)" restores a disabled space "([^"]*)" without manager rights$/
+	 *
+	 * @param  string $user
+	 * @param  string $spaceName
+	 *
+	 * @return void
+	 * @throws GuzzleException
+	 */
+	public function sendRestoreSpaceWithoutRightsRequest(
+		string $user,
+		string $spaceName
+	): void {
+		$this->sendRestoreSpaceRequest($user, $spaceName, $this->featureContext->getAdminUsername());
+	}
+
 	/**
 	 * @When /^user "([^"]*)" has restored a disabled space "([^"]*)"$/
 	 *

From 493ec780f0f97739c86b894ef7f5735be47c8641 Mon Sep 17 00:00:00 2001
From: Viktor Scharf <scharf.vi@gmail.com>
Date: Fri, 11 Feb 2022 10:43:42 +0100
Subject: [PATCH 2/2] fix after review

---
 .../features/apiSpaces/shareSpaces.feature        |  2 +-
 .../features/bootstrap/SpacesContext.php          | 15 +++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/tests/acceptance/features/apiSpaces/shareSpaces.feature b/tests/acceptance/features/apiSpaces/shareSpaces.feature
index df41dd452b1..70704abdd37 100644
--- a/tests/acceptance/features/apiSpaces/shareSpaces.feature
+++ b/tests/acceptance/features/apiSpaces/shareSpaces.feature
@@ -45,7 +45,7 @@ Feature: Share spaces
     Given user "Alice" has created a space "Share space to Brian" of type "project" with quota "10"
     And user "Alice" has shared a space "Share space to Brian" to user "Brian" with role "viewer"
     When user "Alice" lists all available spaces via the GraphApi
-    And the json responded should contain a space "Share space to Brian" granted to "Brian" with these key and value pairs:
+    Then the json responded should contain a space "Share space to Brian" granted to "Brian" with these key and value pairs:
       | key                                                    | value      |
       | root@@@permissions@@@1@@@grantedTo@@@0@@@user@@@id     | %user_id%  | 
       | root@@@permissions@@@1@@@roles@@@0                     | viewer     |
diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php
index fbcf2b7c457..67c6c55f2d6 100644
--- a/tests/acceptance/features/bootstrap/SpacesContext.php
+++ b/tests/acceptance/features/bootstrap/SpacesContext.php
@@ -227,8 +227,11 @@ public function getUserIdByUserName(string $userName): string {
 		);
 		if ($this->featureContext->getResponse()) {
 			$rawBody = $this->featureContext->getResponse()->getBody()->getContents();
-			if (isset(\json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR)["accounts"])) {
-				$accounts = \json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR)["accounts"];
+			$response = \json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR);
+			if (isset($response["accounts"])) {
+				$accounts = $response["accounts"];
+			} else {
+				throw new Exception(__METHOD__ . " accounts-list is empty");
 			}
 		}
 		foreach ($accounts as $account) {
@@ -1530,7 +1533,7 @@ public function sendDeleteSpaceRequest(
 	 *
 	 * @param  string $user
 	 * @param  string $spaceName
-	 * @param  string $userWithManagerRigths
+	 * @param  string $userWithManagerRights
 	 *
 	 * @return void
 	 * @throws GuzzleException
@@ -1538,10 +1541,10 @@ public function sendDeleteSpaceRequest(
 	public function sendRestoreSpaceRequest(
 		string $user,
 		string $spaceName,
-		string $userWithManagerRigths = ''
+		string $userWithManagerRights = ''
 	): void {
-		if (!empty($userWithManagerRigths)) {
-			$space = $this->getSpaceByName($userWithManagerRigths, $spaceName);
+		if (!empty($userWithManagerRights)) {
+			$space = $this->getSpaceByName($userWithManagerRights, $spaceName);
 		} else {
 			$space = $this->getSpaceByName($user, $spaceName);
 		}