diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index cf6ac4c63ab..6542d9ec2eb 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -43,3 +43,8 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiSpaces/moveSpaces.feature:186](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/moveSpaces.feature#L186) - [apiSpaces/moveSpaces.feature:189](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/moveSpaces.feature#L189) +### [Removing the public link password is broken](https://github.com/owncloud/ocis/issues/4262) +- [apiSpaces/editPublicLinkOfSpace.feature:55](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/editPublicLinkOfSpace.feature#L55) + +### [A space manager cannot see the public links of another manager](https://github.com/owncloud/ocis/issues/4260) +- [apiSpaces/editPublicLinkOfSpace.feature:67](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/editPublicLinkOfSpace.feature#L67) diff --git a/tests/acceptance/features/apiSpaces/editPublicLinkOfSpace.feature b/tests/acceptance/features/apiSpaces/editPublicLinkOfSpace.feature new file mode 100644 index 00000000000..e359dac65fa --- /dev/null +++ b/tests/acceptance/features/apiSpaces/editPublicLinkOfSpace.feature @@ -0,0 +1,83 @@ +@api @skipOnOcV10 +Feature: A manager of the space can edit public link + As an user with manager space role + I want to be able to edit a public link. + So that I can remove or change permission, password, expireDate, and name attributes + Users without the manager role cannot see or edit the public link + + + Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production + See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839 + + Background: + Given these users have been created with default attributes and without skeleton files: + | username | + | Alice | + | Brian | + And the administrator has given "Alice" the role "Space Admin" using the settings api + And user "Alice" has created a space "edit space" with the default quota using the GraphApi + And user "Alice" has created a public link share of the space "edit space" with settings: + | permissions | 1 | + | password | qwerty | + | expireDate | 2040-01-01T23:59:59+0100 | + | name | someName | + And user "Alice" has uploaded a file inside space "edit space" with content "some content" to "test.txt" + + + Scenario Outline: A manager of the space can edit public link. + Given using OCS API version "2" + When user "Alice" updates the last public link share using the sharing API with + | permissions | | + | password | | + | name | | + | expireDate | | + Then the HTTP status code should be "200" + And the OCS status code should be "200" + And the OCS status message should be "OK" + And the fields of the last response to user "Alice" should include + | item_type | folder | + | mimetype | httpd/unix-directory | + | file_target | / | + | path | / | + | permissions | | + | share_type | public_link | + | displayname_file_owner | %displayname% | + | displayname_owner | %displayname% | + | uid_file_owner | %username% | + | uid_owner | %username% | + | name | | + | expiration | | + And the public should be able to download file "/test.txt" from inside the last public link shared folder using the new public WebDAV API with password "" + And the downloaded content should be "some content" + Examples: + | permissions | expectedPermissions | password | linkName | expireDate | + | 5 | read,create | newPass | | | + | 15 | read,update,create,delete | | newName | 2042-03-25T23:59:59+0100 | + + + Scenario Outline: Only users with manager role can see a created public link + Given using OCS API version "2" + When user "Alice" shares a space "edit space" to user "Brian" with role "" + Then the HTTP status code should be "200" + And the OCS status code should be "200" + And for user "Alice" the space "edit space" should contain the last created public link + And for user "Brian" the space "edit space" contain the last created public link + Examples: + | role | shouldOrNot | + | manager | should | + | editor | should not | + | viewer | should not | + + + Scenario Outline: Members of the space try to edit a public link + Given using OCS API version "2" + And user "Alice" has shared a space "edit space" to user "Brian" with role "" + When user "Brian" updates the last public link share using the sharing API with + | permissions | 15 | + Then the HTTP status code should be "" + And the OCS status code should be "" + Examples: + | role | code | codeOCS | + | manager | 200 | 200 | + | editor | 401 | 997 | + | viewer | 401 | 997 | diff --git a/tests/acceptance/features/apiSpaces/shareSpacesViaLink.feature b/tests/acceptance/features/apiSpaces/shareSpacesViaLink.feature index f6178aa79d0..8260c4a52fb 100644 --- a/tests/acceptance/features/apiSpaces/shareSpacesViaLink.feature +++ b/tests/acceptance/features/apiSpaces/shareSpacesViaLink.feature @@ -37,13 +37,14 @@ Feature: Share spaces via link | uid_file_owner | %username% | | uid_owner | %username% | | name | | - And the public should be able to download file "/test.txt" from inside the last public link shared folder using the new public WebDAV API with password "123" + And the public should be able to download file "/test.txt" from inside the last public link shared folder using the new public WebDAV API with password "" And the downloaded content should be "some content" + But the public should not be able to download file "/test.txt" from inside the last public link shared folder using the new public WebDAV API with password "wrong pass" Examples: - | permissions | expectedPermissions | password | linkName | expireDate | - | 1 | read | 123 | link | 2042-03-25T23:59:59+0100 | - | 5 | read,create | 123 | | 2042-03-25T23:59:59+0100 | - | 15 | read,update,create,delete | | link | | + | permissions | expectedPermissions | password | linkName | expireDate | + | 1 | read | 123234 | link | 2042-03-25T23:59:59+0100 | + | 5 | read,create | qwerty 123 | | 2042-03-25T23:59:59+0100 | + | 15 | read,update,create,delete | d*V^o*Y03R9n8Z | link | | Scenario: An uploader should be able to upload a file @@ -79,7 +80,17 @@ Feature: Share spaces via link Then the HTTP status code should be "404" And the OCS status code should be "404" And the OCS status message should be "No share permission" + And for user "Alice" the space "share space" should not contain the last created public link Examples: | role | | viewer | | editor | + + + Scenario: An user with manager role can share a space to public via link + Given user "Alice" has shared a space "share space" to user "Brian" with role "manager" + When user "Brian" creates a public link share of the space "share space" with settings: + | permissions | 1 | + Then the HTTP status code should be "200" + And the OCS status code should be "200" + And for user "Alice" the space "share space" should contain the last created public link diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php index c7d341387d9..1dd8cb2e1fc 100644 --- a/tests/acceptance/features/bootstrap/SpacesContext.php +++ b/tests/acceptance/features/bootstrap/SpacesContext.php @@ -558,7 +558,7 @@ public function sendPutRequestToUrl( * @param mixed $body * @param string $xRequestId * @param array $headers - * + * * * @return ResponseInterface * @@ -2771,7 +2771,7 @@ public function sendShareSpaceViaLinkRequest( $rows["password"] = \array_key_exists("password", $rows) ? $rows["password"] : null; $rows["name"] = \array_key_exists("name", $rows) ? $rows["name"] : null; $rows["expireDate"] = \array_key_exists("expireDate", $rows) ? $rows["expireDate"] : null; - + $body = [ "space_ref" => $space['id'], "shareType" => $rows["shareType"], @@ -2791,8 +2791,82 @@ public function sendShareSpaceViaLinkRequest( $body ) ); - + // set last response as PublicShareData. using method from core $this->featureContext->setLastPublicShareData($this->featureContext->getResponseXml(null, __METHOD__)); + // set last shareId if ShareData exists. using method from core + if (isset($this->featureContext->getLastPublicShareData()->data)) { + $this->featureContext->setLastPublicLinkShareId((string) $this->featureContext->getLastPublicShareData()->data[0]->id); + } + } + + /** + * @Given /^user "([^"]*)" has created a public link share of the space "([^"]*)" with settings:$/ + * + * @param string $user + * @param string $spaceName + * @param TableNode|null $table + * + * @return void + * @throws GuzzleException + */ + public function userHasCreatedPublicLinkShareOfSpace( + string $user, + string $spaceName, + ?TableNode $table + ): void { + $this->sendShareSpaceViaLinkRequest($user, $spaceName, $table); + + $expectedHTTPStatus = "200"; + $this->featureContext->theHTTPStatusCodeShouldBe( + $expectedHTTPStatus, + "Expected response status code should be $expectedHTTPStatus" + ); + $this->featureContext->setLastPublicLinkShareId((string) $this->featureContext->getLastPublicShareData()->data[0]->id); + } + + /** + * @Then /^for user "([^"]*)" the space "([^"]*)" should (not|)\s?contain the last created public link$/ + * + * @param string $user + * @param string $spaceName + * @param string $shouldOrNot (not|) + * + * @return void + * + * @throws Exception|GuzzleException + */ + public function forUserSpaceShouldContainLinks( + string $user, + string $spaceName, + string $shouldOrNot + ): void { + $space = $this->getSpaceByName($user, $spaceName); + $url = "/apps/files_sharing/api/v1/shares"; + + $bodyTable = new TableNode([ + ["space_ref", $space['id']], + ["reshares", true], + ]); + + $this->ocsContext->userSendsHTTPMethodToOcsApiEndpointWithBody( + $user, + 'GET', + $url, + $bodyTable + ); + + $should = ($shouldOrNot !== "not"); + $responseArray = json_decode(json_encode($this->featureContext->getResponseXml()->data),true, 512, JSON_THROW_ON_ERROR); + + if ($should) { + Assert::assertNotEmpty($responseArray, __METHOD__ . ' Response should contain a link, but it is empty'); + foreach ($responseArray as $element) { + $expectedLinkId = $this->featureContext->getLastPublicLinkShareId(); + Assert::assertEquals($element["id"], $expectedLinkId, "link IDs are different"); + } + } else { + Assert::assertEmpty($responseArray, __METHOD__ . ' Response should be empty'); + } } }