diff --git a/tests/acceptance/features/apiSpaces/filePreviews.feature b/tests/acceptance/features/apiSpaces/filePreviews.feature index 249b6538a16..d6d7476d278 100644 --- a/tests/acceptance/features/apiSpaces/filePreviews.feature +++ b/tests/acceptance/features/apiSpaces/filePreviews.feature @@ -61,6 +61,23 @@ Feature: Preview file in project space | filesForUpload/lorem.txt | lorem.txt | + Scenario Outline: download preview of shared file shared via Secure viewer permission role + Given user "Brian" has been created with default attributes and without skeleton files + And user "Alice" has uploaded a file from "" to "" via TUS inside of the space "Alice Hansen" using the WebDAV API + And user "Alice" has sent the following resource share invitation: + | resource | | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure viewer | + When user "Brian" downloads the preview of shared resource "/Shares/" with width "32" and height "32" using the WebDAV API + Then the HTTP status code should be "403" + Examples: + | source | destination | + | filesForUpload/testavatar.png | testavatar.png | + | filesForUpload/lorem.txt | lorem.txt | + + Scenario: download preview of file inside shared folder in project space Given user "Brian" has been created with default attributes and without skeleton files And user "Alice" has created a folder "folder" in space "previews of the files" diff --git a/tests/acceptance/features/apiSpacesShares/shareOperations.feature b/tests/acceptance/features/apiSpacesShares/shareOperations.feature index 93a6517bf0f..82e2f241d3b 100644 --- a/tests/acceptance/features/apiSpacesShares/shareOperations.feature +++ b/tests/acceptance/features/apiSpacesShares/shareOperations.feature @@ -382,6 +382,33 @@ Feature: sharing | Uploader | + Scenario: sharee cannot download file shared with Secure viewer permission by sharee + Given using old DAV path + And user "Alice" has uploaded file with content "hello world" to "textfile.txt" + And user "Alice" has sent the following resource share invitation: + | resource | textfile.txt | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure viewer | + And user "Brian" downloads file "/Shares/textfile.txt" using the WebDAV API + Then the HTTP status code should be "403" + + + Scenario: sharee cannot download file inside folder shared with Secure viewer permission by sharee + Given using old DAV path + And user "Alice" has created folder "FolderToShare" + And user "Alice" has uploaded file with content "hello world" to "FolderToShare/textfile.txt" + And user "Alice" has sent the following resource share invitation: + | resource | FolderToShare | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure viewer | + And user "Brian" downloads file "/Shares/FolderToShare/textfile.txt" using the WebDAV API + Then the HTTP status code should be "403" + + Scenario Outline: space admin tries to remove password of a public link share (change/create permission) Given using spaces DAV path And using OCS API version ""