From ac9e46124c749a541df9336a752a1065f81f3487 Mon Sep 17 00:00:00 2001 From: Amrita <54478846+amrita-shrestha@users.noreply.github.com> Date: Tue, 28 Mar 2023 09:10:21 +0545 Subject: [PATCH] [tests-only][full-ci]Extend tests coverage for different role capability for spaces (#5853) * Add tests related to different user role manipulating space * Review addressed * Refactor existing scenario --- ...ected-failures-localAPI-on-OCIS-storage.md | 32 ++- .../features/apiSpaces/createSpace.feature | 156 +++++++++++ .../features/apiSpaces/deleteSpaces.feature | 130 ---------- .../apiSpaces/disableAndDeleteSpaces.feature | 242 ++++++++++++++++++ .../features/apiSpaces/listSpaces.feature | 150 +---------- .../apiSpaces/restoreSpaceObjects.feature | 2 +- .../features/apiSpaces/restoreSpaces.feature | 28 +- .../features/bootstrap/SpacesContext.php | 4 +- 8 files changed, 442 insertions(+), 302 deletions(-) create mode 100644 tests/acceptance/features/apiSpaces/createSpace.feature delete mode 100644 tests/acceptance/features/apiSpaces/deleteSpaces.feature create mode 100644 tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index 0283b9c9b24..2db8fda708d 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -23,8 +23,6 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/createGroupCaseSensitive.feature:21](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroupCaseSensitive.feature#L21) - [apiGraph/createGroupCaseSensitive.feature:22](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroupCaseSensitive.feature#L22) - [apiGraph/createGroup.feature:26](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L26) -- [apiGraph/createUser.feature:29](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createUser.feature#L29) -- [apiGraph/createUser.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createUser.feature#L62) ### [PROPFIND on accepted shares with identical names containing brackets exit with 404](https://github.com/owncloud/ocis/issues/4421) - [apiSpacesShares/changingFilesShare.feature:12](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/changingFilesShare.feature#L12) @@ -93,7 +91,6 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiSpacesShares/publicLinkDownload.feature:30](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/publicLinkDownload.feature#L30) #### [A User can get information of another user with Graph API](https://github.com/owncloud/ocis/issues/5125) -- [apiGraph/getUser.feature:31](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L31) - [apiGraph/getUser.feature:32](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L32) - [apiGraph/getUser.feature:33](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L33) - [apiGraph/getUser.feature:34](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L34) @@ -105,9 +102,10 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/getUser.feature:40](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L40) - [apiGraph/getUser.feature:41](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L41) - [apiGraph/getUser.feature:42](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L42) -- [apiGraph/getUser.feature:143](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L143) -- [apiGraph/getUser.feature:144](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L144) -- [apiGraph/getUser.feature:145](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L145) +- [apiGraph/getUser.feature:43](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L43) +- [apiGraph/getUser.feature:155](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L155) +- [apiGraph/getUser.feature:156](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L156) +- [apiGraph/getUser.feature:157](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L157) - [apiGraph/getUser.feature:146](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L146) - [apiGraph/getUser.feature:147](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L147) - [apiGraph/getUser.feature:148](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L148) @@ -123,23 +121,17 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiAsyncUpload/delayPostprocessing.feature:15](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L15) - [apiAsyncUpload/delayPostprocessing.feature:16](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAsyncUpload/delayPostprocessing.feature#L16) -#### [Normal user can get expanded members information of a group](https://github.com/owncloud/ocis/issues/5604) -- [apiGraph/getGroup.feature:101](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L101) - #### [Sharing to a group with an expiration date does not work #5442](https://github.com/owncloud/ocis/issues/5442) - [apiSpacesShares/shareSubItemOfSpace.feature:105](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature#L105) +#### [Space admin should not be able to change the user quota](https://github.com/owncloud/ocis/issues/5475) +- [apiSpaces/spaceManagement.feature:149](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/spaceManagement.feature#L149) + #### [Normal user can get expanded members information of a group](https://github.com/owncloud/ocis/issues/5604) - [apiGraph/getGroup.feature:130](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L130) - [apiGraph/getGroup.feature:131](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L131) - [apiGraph/getGroup.feature:132](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L132) -#### [Changing user with an uppercase name gives 404 error](https://github.com/owncloud/ocis/issues/5763) -- [apiGraph/editUser.feature:41](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L41) - -#### [Using # in the onPremisesSamAccountName breaks getting users](https://github.com/owncloud/ocis/issues/5755) -- [apiGraph/editUser.feature:44](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L44) - #### [Same users can be added in a group multiple time](https://github.com/owncloud/ocis/issues/5702) - [apiGraph/addUserToGroup.feature:246](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L246) @@ -174,6 +166,8 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/removeUserFromGroup.feature:172](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L172) - [apiGraph/removeUserFromGroup.feature:173](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L173) - [apiGraph/removeUserFromGroup.feature:174](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L174) +- [apiSpaces/createSpace.feature:18](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/createSpace.feature#L18) +- [apiSpaces/createSpace.feature:19](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/createSpace.feature#L19) #### [API requests for a non-existent resources should return 404](https://github.com/owncloud/ocis/issues/5939) - [apiGraph/addUserToGroup.feature:162](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L162) @@ -181,14 +175,18 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/addUserToGroup.feature:164](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L164) ### [Users are added in a group with wrong host in host-part of user](https://github.com/owncloud/ocis/issues/5871) -- [apiGraph/addUserToGroup.feature:292](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L292) -- [apiGraph/addUserToGroup.feature:306](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L306) +- [apiGraph/addUserToGroup.feature:316](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L316) +- [apiGraph/addUserToGroup.feature:330](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L330) + +#### [[Stable 2.0] Admin user rename nonexistent group return 204 http status code](https://github.com/owncloud/ocis/issues/5948) +- [apiGraph/editGroup.feature:40](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L40) ### [Space admin trying to set personal space quota returns status code 200](https://github.com/owncloud/ocis/issues/5947) - [apiSpaces/setQuota.feature:80](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/setQuota.feature#L80) - [apiSpaces/setQuota.feature:81](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/setQuota.feature#L81) - [apiSpaces/setQuota.feature:82](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/setQuota.feature#L82) - [apiSpaces/setQuota.feature:83](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/setQuota.feature#L83) +- [apiSpaces/setQuota.feature:83](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/setQuota.feature#L83) Note: always have an empty line at the end of this file. The bash script that processes this file requires that the last line has a newline on the end. diff --git a/tests/acceptance/features/apiSpaces/createSpace.feature b/tests/acceptance/features/apiSpaces/createSpace.feature new file mode 100644 index 00000000000..81b5ec9bf0b --- /dev/null +++ b/tests/acceptance/features/apiSpaces/createSpace.feature @@ -0,0 +1,156 @@ +@api +Feature: create space + As an admin and space admin + I want to create new spaces + So that I can organize a set of resources in a hierarchical tree + + Background: + Given user "Alice" has been created with default attributes and without skeleton files + + + Scenario Outline: user with role user and guest can't create Space via Graph API + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" tries to create a space "Project Mars" of type "project" with the default quota using the Graph API + Then the HTTP status code should be "403" + And the user "Alice" should not have a space called "share space" + Examples: + | role | + | User | + | Guest | + + + Scenario Outline: an admin or space admin user can create a Space via the Graph API with a default quota + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the Graph API + Then the HTTP status code should be "201" + And the JSON response should contain space called "Project Mars" and match + """ + { + "type": "object", + "required": [ + "driveType", + "driveAlias", + "name", + "id", + "quota", + "root", + "webUrl" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Mars"] + }, + "driveType": { + "type": "string", + "enum": ["project"] + }, + "driveAlias": { + "type": "string", + "enum": ["project/project-mars"] + }, + "id": { + "type": "string", + "enum": ["%space_id%"] + }, + "quota": { + "type": "object", + "required": [ + "total" + ], + "properties": { + "state": { + "type": "number", + "enum": [1000000000] + } + } + }, + "root": { + "type": "object", + "required": [ + "webDavUrl" + ], + "properties": { + "webDavUrl": { + "type": "string", + "enum": ["%base_url%/dav/spaces/%space_id%"] + } + } + }, + "webUrl": { + "type": "string", + "enum": ["%base_url%/f/%space_id%"] + } + } + } + """ + Examples: + | role | + | Admin | + | Space Admin | + + + Scenario Outline: an admin or space admin user can create a Space via the Graph API with certain quota + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the Graph API + Then the HTTP status code should be "201" + And the JSON response should contain space called "Project Venus" and match + """ + { + "type": "object", + "required": [ + "driveType", + "name", + "id", + "quota", + "root", + "webUrl" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Venus"] + }, + "driveType": { + "type": "string", + "enum": ["project"] + }, + "id": { + "type": "string", + "enum": ["%space_id%"] + }, + "quota": { + "type": "object", + "required": [ + "total" + ], + "properties": { + "state": { + "type": "number", + "enum": [2000] + } + } + }, + "root": { + "type": "object", + "required": [ + "webDavUrl" + ], + "properties": { + "webDavUrl": { + "type": "string", + "enum": ["%base_url%/dav/spaces/%space_id%"] + } + } + }, + "webUrl": { + "type": "string", + "enum": ["%base_url%/f/%space_id%"] + } + } + } + """ + Examples: + | role | + | Admin | + | Space Admin | diff --git a/tests/acceptance/features/apiSpaces/deleteSpaces.feature b/tests/acceptance/features/apiSpaces/deleteSpaces.feature deleted file mode 100644 index 3d681bade45..00000000000 --- a/tests/acceptance/features/apiSpaces/deleteSpaces.feature +++ /dev/null @@ -1,130 +0,0 @@ -@api @skipOnOcV10 -Feature: Disabling and deleting space - As a manager of space - I want to be able to disable the space first, then delete it. - I want to make sure that a disabled spaces isn't accessible by shared users. - - Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production - See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839 - - Background: - Given these users have been created with default attributes and without skeleton files: - | username | - | Alice | - | Brian | - | Bob | - And the administrator has given "Alice" the role "Space Admin" using the settings api - And user "Alice" has created a space "Project Moon" with the default quota using the GraphApi - And user "Alice" has shared a space "Project Moon" with settings: - | shareWith | Brian | - | role | editor | - And user "Alice" has shared a space "Project Moon" with settings: - | shareWith | Bob | - | role | viewer | - - - Scenario Outline: A space admin user can disable a Space via the Graph API - When user "Alice" disables a space "Project Moon" - Then the HTTP status code should be "204" - And for user "Alice" the JSON response should contain space called "Project Moon" and match - """ - { - "type": "object", - "required": [ - "name", - "root" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Moon"] - }, - "root": { - "type": "object", - "required": [ - "deleted" - ], - "properties": { - "deleted": { - "type": "object", - "required": [ - "state" - ], - "properties": { - "state": { - "type": "string", - "enum": ["trashed"] - } - } - } - } - } - } - } - """ - And the user "" should not have a space called "Project Moon" - Examples: - | user | - | Brian | - | Bob | - - - Scenario Outline: An user without space admin role cannot disable a Space via the Graph API - When user "" disables a space "Project Moon" - Then the HTTP status code should be "403" - And for user "" the JSON response should contain space called "Project Moon" and match - """ - { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Moon"] - } - } - } - """ - Examples: - | user | - | Brian | - | Bob | - - - Scenario: A space manager can delete a disabled Space via the webDav API - Given user "Alice" has disabled a space "Project Moon" - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "204" - And the user "Alice" should not have a space called "Project Moon" - - - Scenario: An space manager can disable and delete Space in which files and folders exist via the webDav API - Given user "Alice" has uploaded a file inside space "Project Moon" with content "test" to "test.txt" - And user "Alice" has created a folder "MainFolder" in space "Project Moon" - When user "Alice" disables a space "Project Moon" - Then the HTTP status code should be "204" - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "204" - And the user "Alice" should not have a space called "Project Moon" - - - Scenario: An space manager cannot delete a space via the webDav API without first disabling it - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "400" - And for user "Alice" the JSON response should contain space called "Project Moon" and match - """ - { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Moon"] - } - } - } - """ diff --git a/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature b/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature new file mode 100644 index 00000000000..858ba12c55a --- /dev/null +++ b/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature @@ -0,0 +1,242 @@ +@api @skipOnOcV10 +Feature: Disabling and deleting space + As a manager of space + I want to be able to disable the space first, then delete it. + So that a disabled spaces isn't accessible by shared users. + + Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production + See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839 + + Background: + Given these users have been created with default attributes and without skeleton files: + | username | + | Alice | + | Brian | + | Bob | + | Carol | + And the administrator has given "Alice" the role "Space Admin" using the settings api + And user "Alice" has created a space "Project Moon" with the default quota using the GraphApi + And user "Alice" has shared a space "Project Moon" with settings: + | shareWith | Brian | + | role | editor | + And user "Alice" has shared a space "Project Moon" with settings: + | shareWith | Bob | + | role | viewer | + + + Scenario Outline: user can disable their own space via the Graph API + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" disables a space "Project Moon" + Then the HTTP status code should be "204" + And for user "Alice" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name", + "root" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + }, + "root": { + "type": "object", + "required": [ + "deleted" + ], + "properties": { + "deleted": { + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "type": "string", + "enum": ["trashed"] + } + } + } + } + } + } + } + """ + And the user "Brian" should not have a space called "Project Moon" + And the user "Bob" should not have a space called "Project Moon" + Examples: + | role | + | Admin | + | Space Admin | + | User | + | Guest | + + + Scenario Outline: user with role user and guest cannot disable other space via the Graph API + Given the administrator has given "Carol" the role "" using the settings api + When user "Carol" tries to disable a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "403" + And for user "Brian" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + } + } + } + """ + And for user "Bob" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + } + } + } + """ + Examples: + | role | + | User | + | Guest | + + + Scenario: a space manager can disable and delete space in which files and folders exist via the webDav API + Given user "Alice" has uploaded a file inside space "Project Moon" with content "test" to "test.txt" + And user "Alice" has created a folder "MainFolder" in space "Project Moon" + When user "Alice" disables a space "Project Moon" + Then the HTTP status code should be "204" + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + + + Scenario Outline: user cannot delete their own space without first disabling it + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "400" + And for user "Alice" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + } + } + } + """ + Examples: + | role | + | Admin | + | Space Admin | + | User | + | Guest | + + + Scenario Outline: user can delete their own disabled space via the Graph API + Given the administrator has given "Alice" the role "" using the settings api + And user "Alice" has disabled a space "Project Moon" + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + Examples: + | role | + | Admin | + | Space Admin | + | User | + | Guest | + + + Scenario Outline: an admin and space manager can disable other space via the Graph API + Given the administrator has given "Carol" the role "" using the settings api + When user "Carol" tries to disable a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "204" + And for user "Alice" the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name", + "root" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + }, + "root": { + "type": "object", + "required": [ + "deleted" + ], + "properties": { + "deleted": { + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "type": "string", + "enum": ["trashed"] + } + } + } + } + } + } + } + """ + Examples: + | role | + | Admin | + + @skipOnStable2.0 + Examples: + | role | + | Space Admin | + + + Scenario Outline: an admin and space manager can delete other disabled Space + Given the administrator has given "Carol" the role "" using the settings api + And user "Alice" has disabled a space "Project Moon" + When user "Carol" tries to delete a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + Examples: + | role | + | Admin | + + @skipOnStable2.0 + Examples: + | role | + | Space Admin | + + + Scenario Outline: user with role user and guest cannot delete others disabled Space via the Graph API + Given the administrator has given "Carol" the role "" using the settings api + And user "Alice" has disabled a space "Project Moon" + When user "Carol" tries to delete a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "403" + Examples: + | role | + | User | + | Guest | diff --git a/tests/acceptance/features/apiSpaces/listSpaces.feature b/tests/acceptance/features/apiSpaces/listSpaces.feature index 205bdd78856..89ea4cb5e8d 100644 --- a/tests/acceptance/features/apiSpaces/listSpaces.feature +++ b/tests/acceptance/features/apiSpaces/listSpaces.feature @@ -203,154 +203,6 @@ Feature: List and create spaces Then the HTTP status code should be "207" - Scenario Outline: The user without permissions to create space cannot create a Space via Graph API - Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the GraphApi - Then the HTTP status code should be "401" - And the user "Alice" should not have a space called "share space" - Examples: - | role | - | User | - | Guest | - - - Scenario Outline: An admin or space admin user can create a Space via the Graph API with default quota - Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the GraphApi - Then the HTTP status code should be "201" - And the JSON response should contain space called "Project Mars" and match - """ - { - "type": "object", - "required": [ - "driveType", - "driveAlias", - "name", - "id", - "quota", - "root", - "webUrl" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Mars"] - }, - "driveType": { - "type": "string", - "enum": ["project"] - }, - "driveAlias": { - "type": "string", - "enum": ["project/project-mars"] - }, - "id": { - "type": "string", - "enum": ["%space_id%"] - }, - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "state": { - "type": "number", - "enum": [1000000000] - } - } - }, - "root": { - "type": "object", - "required": [ - "webDavUrl" - ], - "properties": { - "webDavUrl": { - "type": "string", - "enum": ["%base_url%/dav/spaces/%space_id%"] - } - } - }, - "webUrl": { - "type": "string", - "enum": ["%base_url%/f/%space_id%"] - } - } - } - """ - Examples: - | role | - | Admin | - | Space Admin | - - - Scenario Outline: An admin or space admin user can create a Space via the Graph API with certain quota - Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the GraphApi - Then the HTTP status code should be "201" - And the JSON response should contain space called "Project Venus" and match - """ - { - "type": "object", - "required": [ - "driveType", - "name", - "id", - "quota", - "root", - "webUrl" - ], - "properties": { - "name": { - "type": "string", - "enum": ["Project Venus"] - }, - "driveType": { - "type": "string", - "enum": ["project"] - }, - "id": { - "type": "string", - "enum": ["%space_id%"] - }, - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "state": { - "type": "number", - "enum": [2000] - } - } - }, - "root": { - "type": "object", - "required": [ - "webDavUrl" - ], - "properties": { - "webDavUrl": { - "type": "string", - "enum": ["%base_url%/dav/spaces/%space_id%"] - } - } - }, - "webUrl": { - "type": "string", - "enum": ["%base_url%/f/%space_id%"] - } - } - } - """ - Examples: - | role | - | Admin | - | Space Admin | - - Scenario: A user can list his personal space via multiple endpoints When user "Alice" lists all available spaces via the GraphApi with query "$filter=driveType eq 'personal'" Then the HTTP status code should be "200" @@ -443,7 +295,7 @@ Feature: List and create spaces Scenario Outline: A user can list his created spaces via multiple endpoints Given the administrator has given "Alice" the role "" using the settings api - When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the GraphApi + When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the Graph API Then the HTTP status code should be "201" And the JSON response should contain space called "Project Venus" and match """ diff --git a/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature b/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature index f22920d8139..8e3133f6fd8 100644 --- a/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature +++ b/tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature @@ -16,7 +16,7 @@ Feature: Restore files, folder | Carol | And using spaces DAV path And the administrator has given "Alice" the role "Space Admin" using the settings api - And user "Alice" creates a space "restore objects" of type "project" with the default quota using the GraphApi + And user "Alice" has created a space "restore objects" with the default quota using the GraphApi And user "Alice" has created a folder "newFolder" in space "restore objects" And user "Alice" has uploaded a file inside space "restore objects" with content "test" to "newFolder/file.txt" diff --git a/tests/acceptance/features/apiSpaces/restoreSpaces.feature b/tests/acceptance/features/apiSpaces/restoreSpaces.feature index c7ab87e5c3e..5eea6649042 100644 --- a/tests/acceptance/features/apiSpaces/restoreSpaces.feature +++ b/tests/acceptance/features/apiSpaces/restoreSpaces.feature @@ -47,7 +47,7 @@ Feature: Restoring space | mainFolder | - Scenario: Participant can create data in the space after restoring + Scenario: participant can create data in the space after restoring Given user "Alice" has shared a space "restore a space" with settings: | shareWith | Brian | | role | editor | @@ -60,14 +60,36 @@ Feature: Restoring space | mainFolder | - Scenario Outline: User without space manager role cannot restore space + Scenario Outline: user without space manager role cannot restore space Given user "Alice" has shared a space "restore a space" with settings: | shareWith | Brian | | role | | And user "Alice" has disabled a space "restore a space" - When user "Brian" restores a disabled space "restore a space" owned by user "Alice" + When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice" Then the HTTP status code should be "404" Examples: | role | | viewer | | editor | + + + Scenario Outline: user with role user and guest cannot restore space + Given the administrator has given "Brian" the role "" using the settings api + And user "Alice" has disabled a space "restore a space" + When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice" + Then the HTTP status code should be "404" + Examples: + | role | + | User | + | Guest | + + @issue-5872 @skipOnStable2.0 + Scenario Outline: admin and space admin can restore other space + Given the administrator has given "Brian" the role "" using the settings api + And user "Alice" has disabled a space "restore a space" + When user "Brian" restores a disabled space "restore a space" owned by user "Alice" + Then the HTTP status code should be "200" + Examples: + | role | + | Admin | + | Space Admin | diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php index f774c5703e8..62304aa9e2e 100644 --- a/tests/acceptance/features/bootstrap/SpacesContext.php +++ b/tests/acceptance/features/bootstrap/SpacesContext.php @@ -627,7 +627,7 @@ public function theUserLooksUpTheSingleSpaceUsingTheGraphApiByUsingItsId(string } /** - * @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with the default quota using the GraphApi$/ + * @When /^user "([^"]*)" (?:creates|tries to create) a space "([^"]*)" of type "([^"]*)" with the default quota using the Graph API$/ * * @param string $user * @param string $spaceName @@ -658,7 +658,7 @@ public function theUserCreatesASpaceUsingTheGraphApi( } /** - * @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with quota "([^"]*)" using the GraphApi$/ + * @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with quota "([^"]*)" using the Graph API$/ * * @param string $user * @param string $spaceName