add checking (#5495)

owncloud · Feb 2, 2023 · 9983aa7 · 9983aa7
1 parent 8e57f03
commit 9983aa7
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 0 deletions.
diff --git a/tests/TestHelpers/GraphHelper.php b/tests/TestHelpers/GraphHelper.php
@@ -308,6 +308,32 @@ public static function getUserWithDriveInformation(
 		);
 	}
 
+	/**
+	 * @param string $baseUrl
+	 * @param string $xRequestId
+	 * @param string $byUser
+	 * @param string $userPassword
+	 * @param string|null $user
+	 *
+	 * @return ResponseInterface
+	 * @throws GuzzleException
+	 */
+	public static function getUserWithGroupInformation(
+		string $baseUrl,
+		string $xRequestId,
+		string $byUser,
+		string $userPassword,
+		?string $user = null
+	): ResponseInterface {
+		$url = self::getFullUrl($baseUrl, 'users/' . $user . '?%24expand=memberOf');
+		return HttpRequestHelper::get(
+			$url,
+			$xRequestId,
+			$byUser,
+			$userPassword,
+		);
+	}
+
 	/**
 	 * @param string $baseUrl
 	 * @param string $xRequestId

diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
@@ -93,3 +93,12 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 
 #### [A User can get information of another user with Graph API](https://github.com/owncloud/ocis/issues/5125)
 - [apiGraph/getUser.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L23)
+- [apiGraph/getUser.feature:92](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L92)
+
+#### [GET a file while it's in processing doesn't return 425 code (async uploads)](https://github.com/owncloud/ocis/issues/5326)
+- [apiAsyncUpload/delayPostprocessing.feature:14](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L14)
+- [apiAsyncUpload/delayPostprocessing.feature:15](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L15)
+- [apiAsyncUpload/delayPostprocessing.feature:16](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L16)
+
+Note: always have an empty line at the end of this file.
+The bash script that processes this file requires that the last line has a newline on the end.
diff --git a/tests/acceptance/features/apiGraph/getUser.feature b/tests/acceptance/features/apiGraph/getUser.feature
@@ -75,3 +75,25 @@ Feature: get users
       | root@@@id         | %space_id%                       |
       | root@@@webDavUrl  | %base_url%/dav/spaces/%space_id% |
       | webUrl            | %base_url%/f/%space_id%          |
+
+
+  Scenario: admin user gets the group information of a user
+    Given group "tea-lover" has been created
+    And group "coffee-lover" has been created
+    And user "Brian" has been added to group "tea-lover"
+    And user "Brian" has been added to group "coffee-lover"
+    When the user "Alice" gets user "Brian" along with his group information using Graph API
+    Then the HTTP status code should be "200"
+    And the user retrieve API response should contain the following information:
+      | displayName  | id        | mail              | onPremisesSamAccountName | memberOf                |
+      | Brian Murphy | %uuid_v4% | brian@example.org | Brian                    | tea-lover, coffee-lover |
+
+
+  Scenario: non-admin user tries to get the group information of a user
+    Given user "Carol" has been created with default attributes and without skeleton files
+    And group "coffee-lover" has been created
+    And user "Brian" has been added to group "coffee-lover"
+    When the user "Carol" gets user "Brian" along with his group information using Graph API
+    Then the HTTP status code should be "401"
+    And the last response should be an unauthorized response
+
diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php
@@ -1333,6 +1333,29 @@ public function retrieveUserInformationAlongWithDriveUsingGraphApi(
 		);
 	}
 
+	/**
+	 * @param string $byUser
+	 * @param string|null $user
+	 *
+	 * @return ResponseInterface
+	 * @throws JsonException
+	 * @throws GuzzleException
+	 */
+	public function retrieveUserInformationAlongWithGroupUsingGraphApi(
+		string $byUser,
+		?string $user = null
+	):ResponseInterface {
+		$user = $user ?? $byUser;
+		$credentials = $this->getAdminOrUserCredentials($user);
+		return GraphHelper::getUserWithGroupInformation(
+			$this->featureContext->getBaseUrl(),
+			$this->featureContext->getStepLineRef(),
+			$credentials["username"],
+			$credentials["password"],
+			$user
+		);
+	}
+
 	/**
 	 * @When /^the user "([^"]*)" gets user "([^"]*)" along with (his|her) drive information using Graph API$/
 	 *
@@ -1346,6 +1369,19 @@ public function userTriesToGetInformationOfUserAlongWithHisDriveData(string $byU
 		$this->featureContext->setResponse($response);
 	}
 
+	/**
+	 * @When /^the user "([^"]*)" gets user "([^"]*)" along with (his|her) group information using Graph API$/
+	 *
+	 * @param string $byUser
+	 * @param string $user
+	 *
+	 * @return void
+	 */
+	public function userTriesToGetInformationOfUserAlongWithHisGroup(string $byUser, string $user) {
+		$response = $this->retrieveUserInformationAlongWithGroupUsingGraphApi($byUser, $user);
+		$this->featureContext->setResponse($response);
+	}
+
 	/**
 	 *
 	 * @When /^the user "([^"]*)" gets (his|her) drive information using Graph API$/