[test-only] expand createUser.feature

tests/acceptance/features/apiGraph/assignRole.feature

@@ -35,7 +35,7 @@ Feature: assign role
 
   Scenario Outline: assign role to the user with setting api and list role with graph api
     Given user "Alice" has been created with default attributes and without skeleton files
-    And the administrator has assigned the role "<userRole>" to user "Alice" using the Graph API
+    And the administrator has given "Alice" the role "<userRole>" using the settings api
     When the administrator retrieves the assigned role of user "Alice" using the Graph API
     Then the HTTP status code should be "200"
     And the Graph API response should have the role "<userRole>"

tests/acceptance/features/apiGraph/changeRole.feature

@@ -46,3 +46,16 @@ Feature: change role
       | User        |
       | User Light  |
       | Admin       |
+
+
+  Scenario Outline: non-admin cannot change the user role
+    Given the administrator has assigned the role "<role>" to user "Alice" using the Graph API
+    And user "Brian" has been created with default attributes and without skeleton files
+    When user "Alice" tries to change the role of user "Alice" to role "Admin" using the Graph API
+    Then the HTTP status code should be "401"
+    And user "Brian" should have the role "User"
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | User Light  |

tests/acceptance/features/apiGraph/createUser.feature

@@ -22,23 +22,24 @@ Feature: create user
     Then the HTTP status code should be "<code>"
     And user "<userName>" <shouldOrNot> exist
     Examples:
-      | userName                     | displayName     | email                   | password                     | code | enable | shouldOrNot |
-      | SameDisplayName              | Alice Hansen    | [email protected]         | containsCharacters(*:!;_+-&) | 200  | true   | should      |
-      | withoutPassSameEmail         | without pass    | [email protected]       |                              | 200  | true   | should      |
-      | name                         | pass with space | [email protected]     | my pass                      | 200  | true   | should      |
-      | nameWithCharacters(*:!;_+-&) | user            | [email protected]         | 123                          | 400  | true   | should not  |
-      | name with space              | name with space | [email protected]     | 123                          | 400  | true   | should not  |
-      | createDisabledUser           | disabled user   | [email protected]     | 123                          | 200  | false  | should      |
-      | nameWithNumbers0123456       | user            | [email protected] | 123                          | 200  | true   | should      |
-      | name.with.dots               | user            | [email protected] | 123                          | 200  | true   | should      |
-      | 123456789                    | user            | [email protected]   | 123                          | 400  | true   | should not  |
-      | 0.0                          | user            | [email protected]       | 123                          | 400  | true   | should not  |
+      | userName                     | displayName                             | email                   | password                     | code | enable | shouldOrNot |
+      | SameDisplayName              | Alice Hansen                            | [email protected]         | containsCharacters(*:!;_+-&) | 200  | true   | should      |
+      | withoutPassSameEmail         | without pass                            | [email protected]       |                              | 200  | true   | should      |
+      | name                         | pass with space                         | [email protected]     | my pass                      | 200  | true   | should      |
+      | user1                        | user names must not start with a number | [email protected]     | my pass                      | 200  | true   | should      |
+      | nameWithCharacters(*:!;_+-&) | user                                    | [email protected]         | 123                          | 400  | true   | should not  |
+      | name with space              | name with space                         | [email protected]     | 123                          | 400  | true   | should not  |
+      | createDisabledUser           | disabled user                           | [email protected]     | 123                          | 200  | false  | should      |
+      | nameWithNumbers0123456       | user                                    | [email protected] | 123                          | 200  | true   | should      |
+      | name.with.dots               | user                                    | [email protected] | 123                          | 200  | true   | should      |
+      | 123456789                    | user                                    | [email protected]   | 123                          | 400  | true   | should not  |
+      | 0.0                          | user                                    | [email protected]       | 123                          | 400  | true   | should not  |
 
     @skipOnStable2.0
     Examples:
-      | userName                     | displayName     | email               | password                     | code | enable | shouldOrNot |
-      | withoutEmail                 | without email   |                     | 123                          | 200  | true   | should      |
-      | Alice                        | same userName   | [email protected]     | 123                          | 409  | true   | should      |
+      | userName     | displayName   | email           | password | code | enable | shouldOrNot |
+      | withoutEmail | without email |                 | 123      | 200  | true   | should      |
+      | Alice        | same userName | [email protected] | 123      | 409  | true   | should      |
 
 
   Scenario: user cannot be created with empty name
@@ -94,3 +95,63 @@ Feature: create user
       | accountEnabled | true                  |
     Then the HTTP status code should be "200"
     And user "Brian" should exist
+
+
+  @env-config
+  Scenario Outline: create user with setting OCIS no restriction on the user name
+    Given the config "GRAPH_USERNAME_MATCH" has been set to "none"
+    And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
+    When the user "Alice" creates a new user using GraphAPI with the following settings:
+      | userName       | <userName>      |
+      | displayName    | test user       |
+      | email          | [email protected] |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "<userName>" should exist
+    Examples:
+      | userName          | description                                 |
+      | 1248Bob           | user names starts with the number           |
+      | (*:!;+-&$%)_alice | user names starts with the ASCII characters |
+
+
+  @env-config
+  Scenario: create user with setting OCIS not to assign the default user role
+    Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "false"
+    When the user "admin" creates a new user using GraphAPI with the following settings:
+      | userName       | sam             |
+      | displayName    | test user       |
+      | email          | [email protected] |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "sam" should exist
+    When the administrator retrieves the assigned role of user "sam" using the Graph API
+    Then the HTTP status code should be "200"
+    And the Graph API response should have no role
+
+
+  @env-config
+  Scenario: create user with setting OCIS assign the default user role
+    Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "true"
+    When the user "admin" creates a new user using GraphAPI with the following settings:
+      | userName       | sam             |
+      | displayName    | test user       |
+      | email          | [email protected] |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "sam" should exist
+    And user "sam" should have the role "User" assigned
+
+
+  Scenario: user is created with the default User role
+    When the user "admin" creates a new user using GraphAPI with the following settings:
+      | userName       | sam             |
+      | displayName    | test user       |
+      | email          | [email protected] |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "sam" should exist
+    And user "sam" should have the role "User" assigned

tests/acceptance/features/bootstrap/GraphContext.php

@@ -1952,6 +1952,20 @@ public function theGraphApiResponseShouldHaveTheRole(string $role): void {
 		);
 	}
 
+	/**
+	 * @Then /^the Graph API response should have no role$/
+	 *
+	 * @return void
+	 * @throws Exception
+	 * @throws GuzzleException
+	 */
+	public function theGraphApiResponseShouldHaveNoRole(): void {
+		Assert::assertEmpty(
+			$this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse())['value'],
+			"the user has a role, but should not"
+		);
+	}
+
 	/**
 	 * @When user :user gets details of the group :groupName using the Graph API
 	 *
@@ -2402,7 +2416,7 @@ public function userTriesToExportGdprReportOfAnotherUserUsingGraphApi(string $us
 	 * @throws GuzzleException
 	 */
 	public function getAssignedRole(string $user) {
-		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $user;
+		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $this->featureContext->getUserIdByUserName($user);
 		return (
 			GraphHelper::getAssignedRole(
 				$this->featureContext->getBAseUrl(),