[tests-only][full-ci]Extend tests coverage for different role capability for group

tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md

@@ -44,7 +44,7 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiSpacesShares/copySpaces.feature:793](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/copySpaces.feature#L793)
 
 ### [Creating group with empty name returns status code 200](https://github.com/owncloud/ocis/issues/5050)
-- [apiGraph/createGroup.feature:40](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L40)
+- [apiGraph/createGroup.feature:46](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L46)
 
 ### [Settings service user can list other peoples assignments](https://github.com/owncloud/ocis/issues/5032)
 - [apiAccountsHashDifficulty/assignRole.feature:27](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L27)
@@ -59,7 +59,7 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiGraph/deleteGroup.feature:51](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L51)
 
 #### [Share lists deleted user as 'user'](https://github.com/owncloud/ocis/issues/903)
-- [apiGraph/deleteGroup.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L62)
+- [apiGraph/deleteGroup.feature:68](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L68)
 
 #### [Updating group displayName request seems OK but group is not being renamed](https://github.com/owncloud/ocis/issues/5099)
 - [apiGraph/editGroup.feature:20](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L20)
@@ -68,6 +68,7 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiGraph/editGroup.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L23)
 - [apiGraph/editGroup.feature:24](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L24)
 - [apiGraph/editGroup.feature:25](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L25)
+- [apiGraph/editGroup.feature:40](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L40)
 
 #### [CORS headers are not identical with oC10 headers](https://github.com/owncloud/ocis/issues/5195)
 - [apiCors/cors.feature:25](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L25)
@@ -121,7 +122,9 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiSpacesShares/shareSubItemOfSpace.feature:105](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature#L105)
 
 #### [Normal user can get expanded members information of a group](https://github.com/owncloud/ocis/issues/5604)
-- [apiGraph/getGroup.feature:100](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L100)
+- [apiGraph/getGroup.feature:130](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L130)
+- [apiGraph/getGroup.feature:131](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L131)
+- [apiGraph/getGroup.feature:132](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L132)
 
 #### [Changing user with an uppercase name gives 404 error](https://github.com/owncloud/ocis/issues/5763)
 - [apiGraph/editUser.feature:41](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L41)
@@ -130,14 +133,48 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiGraph/editUser.feature:44](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L44)
 
 #### [Same users can be added in a group multiple time](https://github.com/owncloud/ocis/issues/5702)
-- [apiGraph/addUserToGroup.feature:222](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L222)
+- [apiGraph/addUserToGroup.feature:246](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L246)
 
 #### [Try to add group to a group return 204](https://github.com/owncloud/ocis/issues/5793)
-- [apiGraph/addUserToGroup.feature:244](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L244)
+- [apiGraph/addUserToGroup.feature:268](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L268)
+
+#### [API requests from an unauthorized user should return 403](https://github.com/owncloud/ocis/issues/5938)
+- [apiGraph/addUserToGroup.feature:131](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L131)
+- [apiGraph/addUserToGroup.feature:132](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L132)
+- [apiGraph/addUserToGroup.feature:133](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L133)
+- [apiGraph/addUserToGroup.feature:145](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L145)
+- [apiGraph/addUserToGroup.feature:146](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L146)
+- [apiGraph/addUserToGroup.feature:147](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L147)
+- [apiGraph/createGroup.feature:41](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L41)
+- [apiGraph/createGroup.feature:42](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L42)
+- [apiGraph/createGroup.feature:43](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L43)
+- [apiGraph/deleteGroup.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L63)
+- [apiGraph/deleteGroup.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L64)
+- [apiGraph/deleteGroup.feature:65](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L65)
+- [apiGraph/editGroup.feature:35](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L35)
+- [apiGraph/editGroup.feature:36](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L36)
+- [apiGraph/editGroup.feature:37](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editGroup.feature#L37)
+- [apiGraph/getGroup.feature:35](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L35)
+- [apiGraph/getGroup.feature:36](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L36)
+- [apiGraph/getGroup.feature:37](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L37)
+- [apiGraph/getGroup.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L64)
+- [apiGraph/getGroup.feature:65](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L65)
+- [apiGraph/getGroup.feature:66](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L66)
+- [apiGraph/getGroup.feature:102](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L102)
+- [apiGraph/getGroup.feature:103](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L103)
+- [apiGraph/getGroup.feature:104](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L104)
+- [apiGraph/removeUserFromGroup.feature:172](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L172)
+- [apiGraph/removeUserFromGroup.feature:173](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L173)
+- [apiGraph/removeUserFromGroup.feature:174](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/removeUserFromGroup.feature#L174)
+
+#### [API requests for a non-existent resources should return 404](https://github.com/owncloud/ocis/issues/5939)
+- [apiGraph/addUserToGroup.feature:162](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L162)
+- [apiGraph/addUserToGroup.feature:163](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L163)
+- [apiGraph/addUserToGroup.feature:164](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L164)
 
 ### [Users are added in a group with wrong host in host-part of user](https://github.com/owncloud/ocis/issues/5871)
-- [apiGraph/addUserToGroup.feature:292](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L292)
-- [apiGraph/addUserToGroup.feature:306](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L306)
+- [apiGraph/addUserToGroup.feature:316](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L316)
+- [apiGraph/addUserToGroup.feature:330](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L330)
 
 Note: always have an empty line at the end of this file.
 The bash script that processes this file requires that the last line has a newline on the end.

tests/acceptance/features/apiGraph/addUserToGroup.feature

@@ -120,27 +120,51 @@ Feature: add users to group
       | Alice    | var/../etc       |
 
 
-  Scenario: normal user tries to add himself to a group
-    Given group "groupA" has been created
+  Scenario Outline: user other than the admin tries to add himself to a group
+    Given the administrator has given "Alice" the role "<role>" using the settings api
+    And group "groupA" has been created
     When user "Alice" tries to add himself to group "groupA" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And the last response should be an unauthorized response
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | Guest       |
 
 
-  Scenario: normal user tries to other user to a group
+  Scenario Outline: user other than the admin tries to add other user to a group
     Given user "Brian" has been created with default attributes and without skeleton files
+    And the administrator has given "Brian" the role "<role>" using the settings api
     And group "groupA" has been created
     When user "Alice" tries to add user "Brian" to group "groupA" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And the last response should be an unauthorized response
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | Guest       |
 
 
-  Scenario: admin tries to add user to a non-existing group
+  Scenario: admin tries to add user to a nonexistent group
     When the administrator tries to add user "Alice" to a nonexistent group using the Graph API
     Then the HTTP status code should be "404"
 
 
-  Scenario: admin tries to add a non-existing user to a group
+  Scenario Outline: user other than the admin tries to add user to a nonexistent group
+    Given user "Brian" has been created with default attributes and without skeleton files
+    And the administrator has given "Alice" the role "<role>" using the settings api
+    When the user "Alice" tries to add user "Brian" to a nonexistent group using the Graph API
+    Then the HTTP status code should be "404"
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | Guest       |
+
+
+  Scenario: admin tries to add a nonexistent user to a group
     Given group "groupA" has been created
     When the administrator tries to add user "nonexistentuser" to group "groupA" using the provisioning API
     Then the HTTP status code should be "405"
@@ -169,7 +193,7 @@ Feature: add users to group
       | Carol    | grp1      |
 
 
-  Scenario: admin tries to add users to a non-existing group at once
+  Scenario: admin tries to add users to a nonexistent group at once
     Given the administrator has given "Alice" the role "Admin" using the settings api
     And these users have been created with default attributes and without skeleton files:
       | username |
@@ -182,7 +206,7 @@ Feature: add users to group
     Then the HTTP status code should be "404"
 
 
-  Scenario: admin tries to add multiple non-existing users to a group at once
+  Scenario: admin tries to add multiple nonexistent users to a group at once
     Given the administrator has given "Alice" the role "Admin" using the settings api
     And user "Alice" has created a group "grp1" using the Graph API
     When the administrator "Alice" tries to add the following nonexistent users to a group "grp1" at once using the Graph API
@@ -192,7 +216,7 @@ Feature: add users to group
     Then the HTTP status code should be "404"
 
 
-  Scenario: admin tries to add non-existing and existing users to a group at once
+  Scenario: admin tries to add nonexistent and existing users to a group at once
     Given the administrator has given "Alice" the role "Admin" using the settings api
     And these users have been created with default attributes and without skeleton files:
       | username |

tests/acceptance/features/apiGraph/createGroup.feature

@@ -30,13 +30,19 @@ Feature: create group
     And group "mygroup" should exist
 
 
-  Scenario: normal user tries to create a group
+  Scenario Outline: user other than the admin can't create a group
     Given user "Brian" has been created with default attributes and without skeleton files
+    And the administrator has given "Brian" the role "<userRole>" using the settings api
     When user "Brian" tries to create a group "mygroup" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And group "mygroup" should not exist
+    Examples:
+      | userRole    |
+      | Space Admin |
+      | User        |
+      | Guest       |
 
-
+  @issue-5050
   Scenario: admin user tries to create a group that is the empty string
     When user "Alice" tries to create a group "" using the Graph API
     Then the HTTP status code should be "400"

tests/acceptance/features/apiGraph/deleteGroup.feature

@@ -51,12 +51,18 @@ Feature: delete groups
       | 50%2Fix             | %2F literal looks like an escaped slash |
 
 
-  Scenario: normal user tries to delete a group
+  Scenario Outline: user other than the admin can't delete a group
     Given user "Brian" has been created with default attributes and without skeleton files
+    And the administrator has given "Brian" the role "<role>" using the settings api
     And group "new-group" has been created
     When user "Brian" tries to delete group "new-group" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And group "new-group" should exist
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | Guest       |
 
   @issue-903
   Scenario: deleted group should not be listed in the sharees list

tests/acceptance/features/apiGraph/editGroup.feature

@@ -1,4 +1,4 @@
-@api @skipOnOcV10
+@api @skipOnOcV10 @issue-5099
 Feature: edit group name
   As an admin
   I want to be able to edit group name
@@ -8,7 +8,7 @@ Feature: edit group name
     Given user "Alice" has been created with default attributes and without skeleton files
     And the administrator has given "Alice" the role "Admin" using the settings api
 
-  @issue-5099
+
   Scenario Outline: admin user renames a group
     Given group "<old_group>" has been created
     When user "Alice" renames group "<old_group>" to "<new_group>" using the Graph API
@@ -22,4 +22,22 @@ Feature: edit group name
       | grp1      | नेपाली          |
       | grp1      | $x<=>[y*z^2]! |
       | grp1      | staff?group   |
-      | grp1      | 50%pass       |
+      | grp1      | 50%pass       |
+
+
+  Scenario Outline: user other than the admin can't rename a group
+    Given the administrator has given "Alice" the role "<role>" using the settings api
+    And group "grp1" has been created
+    When user "Alice" tries to rename group "grp1" to "grp101" using the Graph API
+    Then the HTTP status code should be "403"
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | Guest       |
+
+
+  Scenario: admin user tries to rename nonexistent group
+    When user "Alice" tries to rename a nonexistent group to "grp1" using the Graph API
+    Then the HTTP status code should be "404"
+    And group "grp1" should not exist