diff --git a/tests/acceptance/features/apiGraph/assignRole.feature b/tests/acceptance/features/apiGraph/assignRole.feature index 900a486d643..b14533c93f2 100644 --- a/tests/acceptance/features/apiGraph/assignRole.feature +++ b/tests/acceptance/features/apiGraph/assignRole.feature @@ -35,7 +35,7 @@ Feature: assign role Scenario Outline: assign role to the user with setting api and list role with graph api Given user "Alice" has been created with default attributes and without skeleton files - And the administrator has assigned the role "" to user "Alice" using the Graph API + And the administrator has given "Alice" the role "" using the settings api When the administrator retrieves the assigned role of user "Alice" using the Graph API Then the HTTP status code should be "200" And the Graph API response should have the role "" diff --git a/tests/acceptance/features/apiGraph/changeRole.feature b/tests/acceptance/features/apiGraph/changeRole.feature index a5572054db2..ce1d5f0915a 100644 --- a/tests/acceptance/features/apiGraph/changeRole.feature +++ b/tests/acceptance/features/apiGraph/changeRole.feature @@ -46,3 +46,16 @@ Feature: change role | User | | User Light | | Admin | + + + Scenario Outline: non-admin cannot change the user role + Given the administrator has assigned the role "" to user "Alice" using the Graph API + And user "Brian" has been created with default attributes and without skeleton files + When user "Alice" tries to change the role of user "Alice" to role "Admin" using the Graph API + Then the HTTP status code should be "401" + And user "Brian" should have the role "User" + Examples: + | role | + | Space Admin | + | User | + | User Light | diff --git a/tests/acceptance/features/apiGraph/createUser.feature b/tests/acceptance/features/apiGraph/createUser.feature index b4e4a9ff61c..9d9b5b555e0 100644 --- a/tests/acceptance/features/apiGraph/createUser.feature +++ b/tests/acceptance/features/apiGraph/createUser.feature @@ -22,23 +22,24 @@ Feature: create user Then the HTTP status code should be "" And user "" exist Examples: - | userName | displayName | email | password | code | enable | shouldOrNot | - | SameDisplayName | Alice Hansen | new@example.org | containsCharacters(*:!;_+-&) | 200 | true | should | - | withoutPassSameEmail | without pass | alice@example.org | | 200 | true | should | - | name | pass with space | example@example.org | my pass | 200 | true | should | - | nameWithCharacters(*:!;_+-&) | user | new@example.org | 123 | 400 | true | should not | - | name with space | name with space | example@example.org | 123 | 400 | true | should not | - | createDisabledUser | disabled user | example@example.org | 123 | 200 | false | should | - | nameWithNumbers0123456 | user | name0123456@example.org | 123 | 200 | true | should | - | name.with.dots | user | name.w.dots@example.org | 123 | 200 | true | should | - | 123456789 | user | 123456789@example.org | 123 | 400 | true | should not | - | 0.0 | user | float@example.org | 123 | 400 | true | should not | + | userName | displayName | email | password | code | enable | shouldOrNot | + | SameDisplayName | Alice Hansen | new@example.org | containsCharacters(*:!;_+-&) | 200 | true | should | + | withoutPassSameEmail | without pass | alice@example.org | | 200 | true | should | + | name | pass with space | example@example.org | my pass | 200 | true | should | + | user1 | user names must not start with a number | example@example.org | my pass | 200 | true | should | + | nameWithCharacters(*:!;_+-&) | user | new@example.org | 123 | 400 | true | should not | + | name with space | name with space | example@example.org | 123 | 400 | true | should not | + | createDisabledUser | disabled user | example@example.org | 123 | 200 | false | should | + | nameWithNumbers0123456 | user | name0123456@example.org | 123 | 200 | true | should | + | name.with.dots | user | name.w.dots@example.org | 123 | 200 | true | should | + | 123456789 | user | 123456789@example.org | 123 | 400 | true | should not | + | 0.0 | user | float@example.org | 123 | 400 | true | should not | @skipOnStable2.0 Examples: - | userName | displayName | email | password | code | enable | shouldOrNot | - | withoutEmail | without email | | 123 | 200 | true | should | - | Alice | same userName | new@example.org | 123 | 409 | true | should | + | userName | displayName | email | password | code | enable | shouldOrNot | + | withoutEmail | without email | | 123 | 200 | true | should | + | Alice | same userName | new@example.org | 123 | 409 | true | should | Scenario: user cannot be created with empty name @@ -94,3 +95,63 @@ Feature: create user | accountEnabled | true | Then the HTTP status code should be "200" And user "Brian" should exist + + + @env-config + Scenario Outline: create user with setting OCIS no restriction on the user name + Given the config "GRAPH_USERNAME_MATCH" has been set to "none" + And the administrator has assigned the role "Admin" to user "Alice" using the Graph API + When the user "Alice" creates a new user using GraphAPI with the following settings: + | userName | | + | displayName | test user | + | email | new@example.org | + | password | 123 | + | accountEnabled | true | + Then the HTTP status code should be "200" + And user "" should exist + Examples: + | userName | description | + | 1248Bob | user names starts with the number | + | (*:!;+-&$%)_alice | user names starts with the ASCII characters | + + + @env-config + Scenario: create user with setting OCIS not to assign the default user role + Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "false" + When the user "admin" creates a new user using GraphAPI with the following settings: + | userName | sam | + | displayName | test user | + | email | new@example.org | + | password | 123 | + | accountEnabled | true | + Then the HTTP status code should be "200" + And user "sam" should exist + When the administrator retrieves the assigned role of user "sam" using the Graph API + Then the HTTP status code should be "200" + And the Graph API response should have no role + + + @env-config + Scenario: create user with setting OCIS assign the default user role + Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "true" + When the user "admin" creates a new user using GraphAPI with the following settings: + | userName | sam | + | displayName | test user | + | email | new@example.org | + | password | 123 | + | accountEnabled | true | + Then the HTTP status code should be "200" + And user "sam" should exist + And user "sam" should have the role "User" assigned + + + Scenario: user is created with the default User role + When the user "admin" creates a new user using GraphAPI with the following settings: + | userName | sam | + | displayName | test user | + | email | new@example.org | + | password | 123 | + | accountEnabled | true | + Then the HTTP status code should be "200" + And user "sam" should exist + And user "sam" should have the role "User" assigned diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php index 9165daae010..acadf6010e5 100644 --- a/tests/acceptance/features/bootstrap/GraphContext.php +++ b/tests/acceptance/features/bootstrap/GraphContext.php @@ -1952,6 +1952,20 @@ public function theGraphApiResponseShouldHaveTheRole(string $role): void { ); } + /** + * @Then /^the Graph API response should have no role$/ + * + * @return void + * @throws Exception + * @throws GuzzleException + */ + public function theGraphApiResponseShouldHaveNoRole(): void { + Assert::assertEmpty( + $this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse())['value'], + "the user has a role, but should not" + ); + } + /** * @When user :user gets details of the group :groupName using the Graph API * @@ -2402,7 +2416,7 @@ public function userTriesToExportGdprReportOfAnotherUserUsingGraphApi(string $us * @throws GuzzleException */ public function getAssignedRole(string $user) { - $userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $user; + $userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $this->featureContext->getUserIdByUserName($user); return ( GraphHelper::getAssignedRole( $this->featureContext->getBAseUrl(),