From a780da88d1cd1fa2bb7fe65b21342e15b393597d Mon Sep 17 00:00:00 2001 From: Niraj Acharya Date: Fri, 18 Oct 2024 16:50:47 +0545 Subject: [PATCH] running secure viewer role with ocis wrapper instead of running ocis with GRAPH_AVAILABLE_ROLES --- .drone.star | 1 - tests/acceptance/TestHelpers/GraphHelper.php | 2 +- tests/acceptance/config/behat.yml | 4 + .../expected-failures-API-on-OCIS-storage.md | 6 +- ...ected-failures-localAPI-on-OCIS-storage.md | 14 +- .../features/apiContract/sharesReport.feature | 10 +- .../apiGraph/roleManagementEndpoint.feature | 157 ++++++------ .../features/apiLocks/lockFiles.feature | 5 +- .../apiSharingNg1/listPermissions.feature | 228 +++++++++--------- .../features/apiSharingNg1/sharedByMe.feature | 4 - .../apiSharingNg1/sharedWithMe.feature | 4 - .../features/apiSpaces/filePreviews.feature | 5 +- .../copyByFileId.feature | 38 +-- .../apiSpacesShares/copySpaces.feature | 23 +- .../apiSpacesShares/shareOperations.feature | 10 +- .../moveReceivedShare.feature | 17 +- .../coreApiWebdavProperties/copyFile.feature | 31 +-- 17 files changed, 286 insertions(+), 273 deletions(-) diff --git a/.drone.star b/.drone.star index 5da5d8e3ff..2764e87072 100644 --- a/.drone.star +++ b/.drone.star @@ -2112,7 +2112,6 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on = "NATS_NATS_PORT": 9233, "OCIS_JWT_SECRET": "some-ocis-jwt-secret", "EVENTHISTORY_STORE": "memory", - "GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6", "OCIS_TRANSLATION_PATH": "%s/tests/config/translations" % dirs["base"], } diff --git a/tests/acceptance/TestHelpers/GraphHelper.php b/tests/acceptance/TestHelpers/GraphHelper.php index a080ab94d0..c0f8df597d 100644 --- a/tests/acceptance/TestHelpers/GraphHelper.php +++ b/tests/acceptance/TestHelpers/GraphHelper.php @@ -41,7 +41,7 @@ class GraphHelper { ]; public const ADDITIONAL_PERMISSIONS_ROLES = [ - 'Secure viewer' => 'aa97fe03-7980-45ac-9e50-b325749fd7e6', + 'Secure Viewer' => 'aa97fe03-7980-45ac-9e50-b325749fd7e6', 'Space Editor Without Versions' => '3284f2d5-0070-4ad8-ac40-c247f7c1fb27', ]; diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 82673b782a..2fa1568a7a 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -89,6 +89,7 @@ default: - SpacesTUSContext: - GraphContext: - SharingNgContext: + - OcisConfigContext: apiArchiver: paths: @@ -328,6 +329,7 @@ default: - WebDavLockingContext: - PublicWebDavContext: - SharingNgContext: + - OcisConfigContext: apiSharingNg1: paths: @@ -514,6 +516,7 @@ default: - FilesVersionsContext: - SettingsContext: - SharingNgContext: + - OcisConfigContext: coreApiShareManagementBasicToShares: paths: @@ -698,6 +701,7 @@ default: - FeatureContext: *common_feature_context_params - SharingNgContext: - WebDavPropertiesContext: + - OcisConfigContext: coreApiWebdavUpload: paths: diff --git a/tests/acceptance/expected-failures-API-on-OCIS-storage.md b/tests/acceptance/expected-failures-API-on-OCIS-storage.md index d8bc3fac4a..ef18726182 100644 --- a/tests/acceptance/expected-failures-API-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-API-on-OCIS-storage.md @@ -164,9 +164,9 @@ _ocdav: api compatibility, return correct status code_ #### [COPY file/folder to same name is possible (but 500 code error for folder with spaces path)](https://github.com/owncloud/ocis/issues/8711) - [coreApiSharePublicLink2/copyFromPublicLink.feature:198](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink2/copyFromPublicLink.feature#L198) -- [coreApiWebdavProperties/copyFile.feature:1067](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1067) -- [coreApiWebdavProperties/copyFile.feature:1068](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1068) -- [coreApiWebdavProperties/copyFile.feature:1069](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1069) +- [coreApiWebdavProperties/copyFile.feature:1070](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1070) +- [coreApiWebdavProperties/copyFile.feature:1071](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1071) +- [coreApiWebdavProperties/copyFile.feature:1072](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1072) #### [same href in REPORT request for all dav-path-version](https://github.com/owncloud/ocis/issues/7060) diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index 8daa0f5ee0..385744c483 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -87,21 +87,21 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiLocks/lockFiles.feature:185](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L185) - [apiLocks/lockFiles.feature:186](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L186) - [apiLocks/lockFiles.feature:187](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L187) -- [apiLocks/lockFiles.feature:308](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L308) - [apiLocks/lockFiles.feature:309](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L309) - [apiLocks/lockFiles.feature:310](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L310) -- [apiLocks/lockFiles.feature:363](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L363) +- [apiLocks/lockFiles.feature:311](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L311) - [apiLocks/lockFiles.feature:364](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L364) - [apiLocks/lockFiles.feature:365](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L365) - [apiLocks/lockFiles.feature:366](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L366) - [apiLocks/lockFiles.feature:367](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L367) - [apiLocks/lockFiles.feature:368](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L368) -- [apiLocks/lockFiles.feature:398](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L398) +- [apiLocks/lockFiles.feature:369](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L369) - [apiLocks/lockFiles.feature:399](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L399) - [apiLocks/lockFiles.feature:400](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L400) - [apiLocks/lockFiles.feature:401](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L401) - [apiLocks/lockFiles.feature:402](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L402) - [apiLocks/lockFiles.feature:403](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L403) +- [apiLocks/lockFiles.feature:404](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L404) - [apiLocks/unlockFiles.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/unlockFiles.feature#L62) - [apiLocks/unlockFiles.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/unlockFiles.feature#L63) - [apiLocks/unlockFiles.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/unlockFiles.feature#L64) @@ -126,18 +126,18 @@ The expected failures in this file are from features in the owncloud/ocis repo. #### [Folders can be locked and locking works partially](https://github.com/owncloud/ocis/issues/7641) -- [apiLocks/lockFiles.feature:442](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L442) - [apiLocks/lockFiles.feature:443](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L443) - [apiLocks/lockFiles.feature:444](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L444) - [apiLocks/lockFiles.feature:445](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L445) - [apiLocks/lockFiles.feature:446](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L446) - [apiLocks/lockFiles.feature:447](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L447) -- [apiLocks/lockFiles.feature:416](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L416) +- [apiLocks/lockFiles.feature:448](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L448) - [apiLocks/lockFiles.feature:417](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L417) - [apiLocks/lockFiles.feature:418](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L418) - [apiLocks/lockFiles.feature:419](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L419) - [apiLocks/lockFiles.feature:420](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L420) - [apiLocks/lockFiles.feature:421](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L421) +- [apiLocks/lockFiles.feature:422](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L422) #### [Anonymous users can unlock a file shared to them through a public link if they get the lock token](https://github.com/owncloud/ocis/issues/7761) @@ -165,14 +165,14 @@ The expected failures in this file are from features in the owncloud/ocis repo. #### [Anonymous user trying lock a file shared to them through a public link gives 405](https://github.com/owncloud/ocis/issues/7790) -- [apiLocks/lockFiles.feature:531](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L531) - [apiLocks/lockFiles.feature:532](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L532) - [apiLocks/lockFiles.feature:533](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L533) - [apiLocks/lockFiles.feature:534](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L534) -- [apiLocks/lockFiles.feature:553](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L553) +- [apiLocks/lockFiles.feature:535](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L535) - [apiLocks/lockFiles.feature:554](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L554) - [apiLocks/lockFiles.feature:555](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L555) - [apiLocks/lockFiles.feature:556](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L556) +- [apiLocks/lockFiles.feature:557](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L557) #### [blocksDownload link type is not implemented yet (sharing-ng)](https://github.com/owncloud/ocis/issues/7879) diff --git a/tests/acceptance/features/apiContract/sharesReport.feature b/tests/acceptance/features/apiContract/sharesReport.feature index db3940dd3a..043de121f4 100644 --- a/tests/acceptance/features/apiContract/sharesReport.feature +++ b/tests/acceptance/features/apiContract/sharesReport.feature @@ -84,9 +84,10 @@ Feature: REPORT request to Shares space | old | | new | - @issue-9607 @issue-10329 + @issue-9607 @issue-10329 @env-config Scenario Outline: check the REPORT response of a folder shared with secure viewer role Given using DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has created folder "/secureFolder" And user "Alice" has uploaded file with content "secure content" to "/secureFolder/secure.txt" And user "Alice" has sent the following resource share invitation: @@ -94,7 +95,7 @@ Feature: REPORT request to Shares space | space | Personal | | sharee | Brian | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | And user "Brian" has a share "secureFolder" synced When user "Brian" searches for "secureFolder" using the WebDAV API Then the HTTP status code should be "207" @@ -125,16 +126,17 @@ Feature: REPORT request to Shares space | new | | spaces | - @issue-9607 @issue-10329 + @issue-9607 @issue-10329 @env-config Scenario Outline: check the REPORT response of a file shared with secure viewer role Given using DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has uploaded file with content "secure content" to "/secure.txt" And user "Alice" has sent the following resource share invitation: | resource | secure.txt | | space | Personal | | sharee | Brian | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | And user "Brian" has a share "secure.txt" synced When user "Brian" searches for "secure.txt" using the WebDAV API Then the HTTP status code should be "207" diff --git a/tests/acceptance/features/apiGraph/roleManagementEndpoint.feature b/tests/acceptance/features/apiGraph/roleManagementEndpoint.feature index 8926ebbbe1..6e9f6f39c4 100644 --- a/tests/acceptance/features/apiGraph/roleManagementEndpoint.feature +++ b/tests/acceptance/features/apiGraph/roleManagementEndpoint.feature @@ -14,8 +14,8 @@ Feature: permissions role definitions """ { "type": "array", - "maxItems": 8, - "minItems": 8, + "maxItems": 7, + "minItems": 7, "uniqueItems": true, "items": { "oneOf": [ @@ -541,78 +541,6 @@ Feature: permissions role definitions } } } - }, - { - "type": "object", - "required": [ - "@libre.graph.weight", - "description", - "displayName", - "id", - "rolePermissions" - ], - "properties": { - "@libre.graph.weight": { - "const": 0 - }, - "description": { - "const": "View only documents, images and PDFs. Watermarks will be applied." - }, - "displayName": { - "const": "Can view (secure)" - }, - "id": { - "const": "aa97fe03-7980-45ac-9e50-b325749fd7e6" - }, - "rolePermissions": { - "type": "array", - "maxItems": 2, - "minItems": 2, - "uniqueItems": true, - "items": { - "oneOf": [ - { - "type": "object", - "required": [ - "allowedResourceActions", - "condition" - ], - "properties": { - "allowedResourceActions": { - "const": [ - "libre.graph/driveItem/path/read", - "libre.graph/driveItem/children/read", - "libre.graph/driveItem/basic/read" - ] - }, - "condition": { - "const": "exists @Resource.File" - } - } - }, - { - "type": "object", - "required": [ - "allowedResourceActions", - "condition" - ], - "properties": { - "allowedResourceActions": { - "const": [ - "libre.graph/driveItem/path/read", - "libre.graph/driveItem/children/read", - "libre.graph/driveItem/basic/read" - ] - }, - "condition": { - "const": "exists @Resource.Folder" - } - } - } - ] - } - } - } } ] } @@ -748,3 +676,84 @@ Feature: permissions role definitions } } """ + + @env-config + Scenario: get details of a secure viewer role definition + Given the administrator has enabled the permissions role "Secure Viewer" + When user "Alice" gets the "Secure Viewer" role definition using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id", + "rolePermissions" + ], + "properties": { + "@libre.graph.weight": { + "const": 0 + }, + "description": { + "const": "View only documents, images and PDFs. Watermarks will be applied." + }, + "displayName": { + "const": "Can view (secure)" + }, + "id": { + "const": "aa97fe03-7980-45ac-9e50-b325749fd7e6" + }, + "rolePermissions": { + "type": "array", + "maxItems": 2, + "minItems": 2, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "type": "object", + "required": [ + "allowedResourceActions", + "condition" + ], + "properties": { + "allowedResourceActions": { + "const": [ + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/basic/read" + ] + }, + "condition": { + "const": "exists @Resource.File" + } + } + }, + { + "type": "object", + "required": [ + "allowedResourceActions", + "condition" + ], + "properties": { + "allowedResourceActions": { + "const": [ + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/basic/read" + ] + }, + "condition": { + "const": "exists @Resource.Folder" + } + } + } + ] + } + } + } + } + """ \ No newline at end of file diff --git a/tests/acceptance/features/apiLocks/lockFiles.feature b/tests/acceptance/features/apiLocks/lockFiles.feature index c9d790fa34..3d3c04704f 100644 --- a/tests/acceptance/features/apiLocks/lockFiles.feature +++ b/tests/acceptance/features/apiLocks/lockFiles.feature @@ -209,9 +209,10 @@ Feature: lock files | d:lockdiscovery/d:activelock/d:lockscope/d:exclusive | | | d:lockdiscovery/d:activelock/oc:ownername | Brian Murphy | - + @env-config Scenario Outline: viewer cannot lock a file in the shares using file-id Given using spaces DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has uploaded a file inside space "Alice Hansen" with content "some content" to "textfile.txt" And we save it into "FILEID" And user "Alice" has sent the following resource share invitation: @@ -227,7 +228,7 @@ Feature: lock files Examples: | permissions-role | | Viewer | - | Secure viewer | + | Secure Viewer | Scenario: sharee cannot lock a resource exclusively locked by a sharer diff --git a/tests/acceptance/features/apiSharingNg1/listPermissions.feature b/tests/acceptance/features/apiSharingNg1/listPermissions.feature index 709824f475..04508a462d 100644 --- a/tests/acceptance/features/apiSharingNg1/listPermissions.feature +++ b/tests/acceptance/features/apiSharingNg1/listPermissions.feature @@ -48,8 +48,8 @@ Feature: List a sharing permissions }, "@libre.graph.permissions.roles.allowedValues": { "type": "array", - "minItems": 4, - "maxItems": 4, + "minItems": 3, + "maxItems": 3, "uniqueItems": true, "items": { "oneOf": [ @@ -68,41 +68,6 @@ Feature: List a sharing permissions 1 ] }, - "description": { - "type": "string", - "enum": [ - "View only documents, images and PDFs. Watermarks will be applied." - ] - }, - "displayName": { - "type": "string", - "enum": [ - "Can view (secure)" - ] - }, - "id": { - "type": "string", - "enum": [ - "aa97fe03-7980-45ac-9e50-b325749fd7e6" - ] - } - } - }, - { - "type": "object", - "required": [ - "@libre.graph.weight", - "description", - "displayName", - "id" - ], - "properties": { - "@libre.graph.weight": { - "type": "integer", - "enum": [ - 2 - ] - }, "description": { "type": "string", "enum": [ @@ -135,7 +100,7 @@ Feature: List a sharing permissions "@libre.graph.weight": { "type": "integer", "enum": [ - 3 + 2 ] }, "description": { @@ -170,7 +135,7 @@ Feature: List a sharing permissions "@libre.graph.weight": { "type": "integer", "enum": [ - 4 + 3 ] }, "description": { @@ -642,8 +607,8 @@ Feature: List a sharing permissions }, "@libre.graph.permissions.roles.allowedValues": { "type": "array", - "minItems": 3, - "maxItems": 3, + "minItems": 2, + "maxItems": 2, "uniqueItems": true, "items": { "oneOf":[ @@ -659,29 +624,6 @@ Feature: List a sharing permissions "@libre.graph.weight": { "const": 1 }, - "description": { - "const": "View only documents, images and PDFs. Watermarks will be applied." - }, - "displayName": { - "const": "Can view (secure)" - }, - "id": { - "const": "aa97fe03-7980-45ac-9e50-b325749fd7e6" - } - } - }, - { - "type": "object", - "required": [ - "@libre.graph.weight", - "description", - "displayName", - "id" - ], - "properties": { - "@libre.graph.weight": { - "const": 2 - }, "description": { "const": "View and download." }, @@ -703,7 +645,7 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "const": 3 + "const": 2 }, "description": { "const": "View, download and edit." @@ -768,34 +710,11 @@ Feature: List a sharing permissions }, "@libre.graph.permissions.roles.allowedValues": { "type": "array", - "minItems": 4, - "maxItems": 4, + "minItems": 3, + "maxItems": 3, "uniqueItems": true, "items": { "oneOf":[ - { - "type": "object", - "required": [ - "@libre.graph.weight", - "description", - "displayName", - "id" - ], - "properties": { - "@libre.graph.weight": { - "const": 1 - }, - "description": { - "const": "View only documents, images and PDFs. Watermarks will be applied." - }, - "displayName": { - "const": "Can view (secure)" - }, - "id": { - "const": "aa97fe03-7980-45ac-9e50-b325749fd7e6" - } - } - }, { "type": "object", "required": [ @@ -806,7 +725,7 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "const": 2 + "const": 1 }, "description": { "const": "View and download." @@ -829,7 +748,7 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "const": 3 + "const": 2 }, "description": { "const": "View, download and upload." @@ -852,7 +771,7 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "const": 4 + "const": 3 }, "description": { "const": "View, download, upload, edit, add and delete." @@ -917,8 +836,8 @@ Feature: List a sharing permissions }, "@libre.graph.permissions.roles.allowedValues": { "type": "array", - "minItems": 3, - "maxItems": 3, + "minItems": 2, + "maxItems": 2, "uniqueItems": true, "items": { "oneOf":[ @@ -934,29 +853,6 @@ Feature: List a sharing permissions "@libre.graph.weight": { "const": 1 }, - "description": { - "const": "View only documents, images and PDFs. Watermarks will be applied." - }, - "displayName": { - "const": "Can view (secure)" - }, - "id": { - "const": "aa97fe03-7980-45ac-9e50-b325749fd7e6" - } - } - }, - { - "type": "object", - "required": [ - "@libre.graph.weight", - "description", - "displayName", - "id" - ], - "properties": { - "@libre.graph.weight": { - "const": 2 - }, "description": { "const": "View and download." }, @@ -978,7 +874,7 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "const": 3 + "const": 2 }, "description": { "const": "View, download and edit." @@ -2307,3 +2203,97 @@ Feature: List a sharing permissions } } """ + + @env-config + Scenario: user lists permissions of a folder in personal space after enabling secure viewer role + Given user "Alice" has created folder "folder" + And the administrator has enabled the permissions role "Secure Viewer" + When user "Alice" gets permissions list for folder "folder" of the space "Personal" using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "@libre.graph.permissions.actions.allowedValues", + "@libre.graph.permissions.roles.allowedValues" + ], + "properties": { + "@libre.graph.permissions.roles.allowedValues": { + "type": "array", + "minItems": 4, + "maxItems": 4, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "@libre.graph.weight": { + "const": 1 + }, + "description": { + "const": "View only documents, images and PDFs. Watermarks will be applied." + }, + "displayName": { + "const": "Can view (secure)" + }, + "id": { + "const": "aa97fe03-7980-45ac-9e50-b325749fd7e6" + } + } + }, + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Can view" + } + } + }, + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Can upload" + } + } + }, + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Can edit" + } + } + } + ] + } + } + } + } + """ \ No newline at end of file diff --git a/tests/acceptance/features/apiSharingNg1/sharedByMe.feature b/tests/acceptance/features/apiSharingNg1/sharedByMe.feature index 563554a4f8..ad9e0c172f 100644 --- a/tests/acceptance/features/apiSharingNg1/sharedByMe.feature +++ b/tests/acceptance/features/apiSharingNg1/sharedByMe.feature @@ -137,7 +137,6 @@ Feature: resources shared by user | permissions-role | | File Editor | | Viewer | - | Secure viewer | Scenario: sharer lists the file share shared from inside a folder (Personal space) @@ -382,7 +381,6 @@ Feature: resources shared by user | permissions-role | | Editor | | Viewer | - | Secure viewer | Scenario: sharer lists the file and folder shares (Personal space) @@ -958,7 +956,6 @@ Feature: resources shared by user | permissions-role | | File Editor | | Viewer | - | Secure viewer | Scenario: sharer lists the file share shared from inside a folder (Project space) @@ -1209,7 +1206,6 @@ Feature: resources shared by user | permissions-role | | Editor | | Viewer | - | Secure viewer | Scenario: sharer lists the file and folder shares (Project space) diff --git a/tests/acceptance/features/apiSharingNg1/sharedWithMe.feature b/tests/acceptance/features/apiSharingNg1/sharedWithMe.feature index e6415e82e3..0e10a6cee6 100755 --- a/tests/acceptance/features/apiSharingNg1/sharedWithMe.feature +++ b/tests/acceptance/features/apiSharingNg1/sharedWithMe.feature @@ -313,7 +313,6 @@ Feature: an user gets the resources shared to them | permissions-role | | File Editor | | Viewer | - | Secure viewer | Scenario Outline: sharee lists the folder share (Personal space) @@ -606,7 +605,6 @@ Feature: an user gets the resources shared to them | permissions-role | | Editor | | Viewer | - | Secure viewer | Scenario: sharee lists the file share received via group invitation (Personal space) @@ -2739,7 +2737,6 @@ Feature: an user gets the resources shared to them | permissions-role | | File Editor | | Viewer | - | Secure viewer | @issue-8027 @issue-8314 Scenario Outline: sharee lists the folder share (Project space) @@ -2953,7 +2950,6 @@ Feature: an user gets the resources shared to them | permissions-role | | Editor | | Viewer | - | Secure viewer | Scenario: sharee lists the file share received via group invitation (Project space) diff --git a/tests/acceptance/features/apiSpaces/filePreviews.feature b/tests/acceptance/features/apiSpaces/filePreviews.feature index 5cc00dba48..4f7ae0f94a 100644 --- a/tests/acceptance/features/apiSpaces/filePreviews.feature +++ b/tests/acceptance/features/apiSpaces/filePreviews.feature @@ -61,16 +61,17 @@ Feature: Preview file in project space | filesForUpload/testavatar.png | testavatar.png | | filesForUpload/lorem.txt | lorem.txt | - + @env-config Scenario Outline: download preview of shared file shared via Secure viewer permission role Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has uploaded a file from "" to "" via TUS inside of the space "Alice Hansen" using the WebDAV API And user "Alice" has sent the following resource share invitation: | resource | | | space | Personal | | sharee | Brian | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | And user "Brian" has a share "" synced When user "Brian" downloads the preview of shared resource "/Shares/" with width "32" and height "32" using the WebDAV API Then the HTTP status code should be "403" diff --git a/tests/acceptance/features/apiSpacesDavOperation/copyByFileId.feature b/tests/acceptance/features/apiSpacesDavOperation/copyByFileId.feature index c762d7e11c..319eb19711 100644 --- a/tests/acceptance/features/apiSpacesDavOperation/copyByFileId.feature +++ b/tests/acceptance/features/apiSpacesDavOperation/copyByFileId.feature @@ -204,6 +204,7 @@ Feature: copying file using file id Scenario: sharee tries to copy a file from shares space with secure viewer to personal space Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has created folder "/folder" And user "Alice" has uploaded file with content "some data" to "/folder/test.txt" And we save it into "FILEID" @@ -212,7 +213,7 @@ Feature: copying file using file id | space | Personal | | sharee | Brian | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | And user "Brian" has a share "folder" synced When user "Brian" copies a file "/test.txt" into "/" inside space "Personal" using file-id "<>" Then the HTTP status code should be "403" @@ -258,9 +259,10 @@ Feature: copying file using file id | Uploader | Manager | | Uploader | Space Editor | - + @env-config Scenario Outline: sharee tries to copy a file from shares to project space Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has enabled the permissions role "Secure Viewer" And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API And user "Alice" has created folder "/folder" And user "Alice" has uploaded file with content "some data" to "/folder/test.txt" @@ -288,9 +290,9 @@ Feature: copying file using file id | test.txt | Examples: | permission-role | space-role | - | Secure viewer | Manager | - | Secure viewer | Space Viewer | - | Secure viewer | Space Editor | + | Secure Viewer | Manager | + | Secure Viewer | Space Viewer | + | Secure Viewer | Space Editor | | Editor | Space Viewer | | Viewer | Space Viewer | | Uploader | Space Viewer | @@ -335,9 +337,10 @@ Feature: copying file using file id | Uploader | Editor | | Uploader | Uploader | - + @env-config Scenario Outline: sharee tries to copy a file between shares space Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has created folder "/share1" And user "Alice" has created folder "/share2" And user "Alice" has uploaded file with content "some data" to "/share1/test.txt" @@ -368,16 +371,16 @@ Feature: copying file using file id | test.txt | Examples: | from-share-role | to-share-role | - | Secure viewer | Viewer | - | Secure viewer | Editor | - | Secure viewer | Uploader | - | Secure viewer | Secure viewer | + | Secure Viewer | Viewer | + | Secure Viewer | Editor | + | Secure Viewer | Uploader | + | Secure Viewer | Secure Viewer | | Viewer | Viewer | | Editor | Viewer | | Uploader | Viewer | - | Viewer | Secure viewer | - | Editor | Secure viewer | - | Uploader | Secure viewer | + | Viewer | Secure Viewer | + | Editor | Secure Viewer | + | Uploader | Secure Viewer | Scenario Outline: copy a file from project to personal space @@ -507,9 +510,10 @@ Feature: copying file using file id | Space Viewer | Editor | | Space Viewer | Uploader | - + @env-config Scenario Outline: try to copy a file from project to shares space with read permission Given user "Brian" has been created with default attributes and without skeleton files + And the administrator has enabled the permissions role "Secure Viewer" And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API And user "Alice" has created a space "project-space" with the default quota using the Graph API And user "Alice" has uploaded a file inside space "project-space" with content "some data" to "textfile.txt" @@ -538,8 +542,8 @@ Feature: copying file using file id Examples: | space-role | permissions | | Manager | Viewer | - | Manager | Secure viewer | + | Manager | Secure Viewer | | Space Editor | Viewer | - | Space Editor | Secure viewer | + | Space Editor | Secure Viewer | | Space Viewer | Viewer | - | Space Viewer | Secure viewer | + | Space Viewer | Secure Viewer | diff --git a/tests/acceptance/features/apiSpacesShares/copySpaces.feature b/tests/acceptance/features/apiSpacesShares/copySpaces.feature index 43f219147e..30e5f96a96 100644 --- a/tests/acceptance/features/apiSpacesShares/copySpaces.feature +++ b/tests/acceptance/features/apiSpacesShares/copySpaces.feature @@ -268,9 +268,10 @@ Feature: copy file | Editor | | Viewer | - @issue-9482 + @issue-9482 @env-config Scenario: user copies a file from share space with secure viewer role to personal space Given the administrator has assigned the role "Space Admin" to user "Brian" using the Graph API + And the administrator has enabled the permissions role "Secure Viewer" And user "Brian" has created folder "/testshare" And user "Brian" has uploaded file with content "testshare content" to "/testshare/testshare.txt" And user "Brian" has sent the following resource share invitation: @@ -278,7 +279,7 @@ Feature: copy file | space | Personal | | sharee | Alice | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | When user "Alice" copies file "/testshare/testshare.txt" from space "Shares" to "/testshare.txt" inside space "Personal" using the WebDAV API Then the HTTP status code should be "403" And for user "Alice" the space "Personal" should not contain these entries: @@ -314,9 +315,10 @@ Feature: copy file | Space Editor | Editor | | Space Editor | Viewer | - @issue-9482 + @issue-9482 @env-config Scenario Outline: user copies a file from share space with secure viewer role to project space with different role Given the administrator has assigned the role "Space Admin" to user "Brian" using the Graph API + And the administrator has enabled the permissions role "Secure Viewer" And user "Brian" has created a space "Project" with the default quota using the Graph API And user "Brian" has sent the following space share invitation: | space | Project | @@ -330,7 +332,7 @@ Feature: copy file | space | Personal | | sharee | Alice | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | When user "Alice" copies file "/testshare/testshare.txt" from space "Shares" to "/testshare.txt" inside space "Project" using the WebDAV API Then the HTTP status code should be "403" And for user "Alice" the space "Project" should not contain these entries: @@ -399,10 +401,11 @@ Feature: copy file | Editor | | Viewer | - @issue-9482 - Scenario Outline: user copies a file from share space with different role to share space with role viewer or Secure viewer + @issue-9482 @env-config + Scenario Outline: user copies a file from share space with different role to share space with role viewer or Secure Viewer Given user "Brian" has created folder "/testshare1" And user "Brian" has created folder "/testshare2" + And the administrator has enabled the permissions role "Secure Viewer" And user "Brian" has uploaded file with content "testshare1 content" to "/testshare1/testshare1.txt" And user "Brian" has sent the following resource share invitation: | resource | testshare1 | @@ -425,11 +428,11 @@ Feature: copy file Examples: | permissions-role-1 | permissions-role-2 | | Editor | Viewer | - | Editor | Secure viewer | + | Editor | Secure Viewer | | Viewer | Viewer | - | Viewer | Secure viewer | - | Secure viewer | Viewer | - | Secure viewer | Secure viewer | + | Viewer | Secure Viewer | + | Secure Viewer | Viewer | + | Secure Viewer | Secure Viewer | Scenario Outline: copying a folder within the same project space with different role diff --git a/tests/acceptance/features/apiSpacesShares/shareOperations.feature b/tests/acceptance/features/apiSpacesShares/shareOperations.feature index 8c37318001..59c87960cb 100644 --- a/tests/acceptance/features/apiSpacesShares/shareOperations.feature +++ b/tests/acceptance/features/apiSpacesShares/shareOperations.feature @@ -404,23 +404,25 @@ Feature: sharing | Editor | | Uploader | - + @env-config Scenario: sharee cannot download file shared with Secure viewer permission by sharee Given using old DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has uploaded file with content "hello world" to "textfile.txt" And user "Alice" has sent the following resource share invitation: | resource | textfile.txt | | space | Personal | | sharee | Brian | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | And user "Brian" has a share "textfile.txt" synced And user "Brian" downloads file "/Shares/textfile.txt" using the WebDAV API Then the HTTP status code should be "403" - + @env-config Scenario: sharee cannot download file inside folder shared with Secure viewer permission by sharee Given using old DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has created folder "FolderToShare" And user "Alice" has uploaded file with content "hello world" to "FolderToShare/textfile.txt" And user "Alice" has sent the following resource share invitation: @@ -428,7 +430,7 @@ Feature: sharing | space | Personal | | sharee | Brian | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | And user "Brian" has a share "FolderToShare" synced And user "Brian" downloads file "/Shares/FolderToShare/textfile.txt" using the WebDAV API Then the HTTP status code should be "403" diff --git a/tests/acceptance/features/coreApiShareManagementToShares/moveReceivedShare.feature b/tests/acceptance/features/coreApiShareManagementToShares/moveReceivedShare.feature index 48648be44d..fb608c5724 100644 --- a/tests/acceptance/features/coreApiShareManagementToShares/moveReceivedShare.feature +++ b/tests/acceptance/features/coreApiShareManagementToShares/moveReceivedShare.feature @@ -88,9 +88,10 @@ Feature: sharing | dav-path | dav-path-personal | | /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% | - @issue-8242 @issue-10334 + @issue-8242 @issue-10334 @env-config Scenario Outline: share receiver renames the shared item (old/new webdav) Given user "Alice" has uploaded file with content "foo" to "/sharefile.txt" + And the administrator has enabled the permissions role "Secure Viewer" And using DAV path And user "Alice" has sent the following resource share invitation: | resource | sharefile.txt | @@ -126,13 +127,14 @@ Feature: sharing Examples: | dav-path-version | dav-path | permissions-role | | old | /webdav | Viewer | - | old | /webdav | Secure viewer | + | old | /webdav | Secure Viewer | | new | /dav/files/%username% | Viewer | - | new | /dav/files/%username% | Secure viewer | + | new | /dav/files/%username% | Secure Viewer | - @issue-8242 + @issue-8242 @env-config Scenario Outline: share receiver renames the shared item (spaces webdav) Given user "Alice" has uploaded file with content "foo" to "/sharefile.txt" + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has sent the following resource share invitation: | resource | sharefile.txt | | space | Personal | @@ -168,7 +170,7 @@ Feature: sharing Examples: | dav-path | dav-path-personal | permissions-role | | /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% | Viewer | - | /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% | Secure viewer | + | /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% | Secure Viewer | Scenario: keep group share when the one user renames the share and the user is deleted @@ -209,9 +211,10 @@ Feature: sharing And as "Alice" file "/folderToShare/renamedFile" should exist But as "Alice" file "/folderToShare/fileInside" should not exist - + @env-config Scenario Outline: receiver tries to rename a received share with read permissions inside the Shares folder Given user "Alice" has created folder "folderToShare" + And the administrator has enabled the permissions role "Secure Viewer" And user "Alice" has created folder "folderToShare/folderInside" And user "Alice" has uploaded file with content "thisIsAFileInsideTheSharedFolder" to "/folderToShare/fileInside" And user "Alice" has sent the following resource share invitation: @@ -236,7 +239,7 @@ Feature: sharing Examples: | permissions-role | | Viewer | - | Secure viewer | + | Secure Viewer | Scenario: receiver renames a received folder share to a different name on the same folder diff --git a/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature b/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature index 3c6eda5c98..e4f4022952 100644 --- a/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature +++ b/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature @@ -48,9 +48,10 @@ Feature: copy file | new | | spaces | - @skipOnReva + @skipOnReva @env-config Scenario Outline: copying a file to a folder with no permissions Given using DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Brian" has been created with default attributes and without skeleton files And user "Brian" has created folder "/testshare" And user "Brian" has sent the following resource share invitation: @@ -67,8 +68,8 @@ Feature: copy file | dav-path-version | permissions-role | | old | Viewer | | new | Viewer | - | old | Secure viewer | - | new | Secure viewer | + | old | Secure Viewer | + | new | Secure Viewer | @skipOnReva Scenario Outline: copying a file to overwrite a file into a folder with no permissions @@ -761,9 +762,10 @@ Feature: copy file | old | | new | - @skipOnReva + @skipOnReva @env-config Scenario Outline: sharee copies a file from a shared folder, shared with secure viewer permission Given using DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Brian" has been created with default attributes and without skeleton files And user "Brian" has created folder "/testshare" And user "Brian" has uploaded file with content "hello world" to "testshare/fileInsideShare.txt" @@ -772,7 +774,7 @@ Feature: copy file | space | Personal | | sharee | Alice | | shareType | user | - | permissionsRole | Secure viewer | + | permissionsRole | Secure Viewer | And user "Alice" has a share "testshare" synced When user "Alice" copies file "/Shares/testshare/fileInsideShare.txt" to "/fileInsideShare.txt" using the WebDAV API Then the HTTP status code should be "403" @@ -861,9 +863,10 @@ Feature: copy file | old | | new | - @skipOnReva + @skipOnReva @env-config Scenario Outline: copying a file between shares received from different users when one share is shared via Viewer and Secure viewer permission Given using DAV path + And the administrator has enabled the permissions role "Secure Viewer" And user "Brian" has been created with default attributes and without skeleton files And user "Carol" has been created with default attributes and without skeleton files And user "Brian" has created folder "/testshare0" @@ -893,14 +896,14 @@ Feature: copy file Examples: | dav-path-version | permissions-role-1 | permissions-role-2 | - | old | Secure viewer | Secure viewer | - | new | Secure viewer | Secure viewer | - | old | Secure viewer | Viewer | - | new | Secure viewer | Viewer | - | old | Editor | Secure viewer | - | new | Editor | Secure viewer | - | old | Viewer | Secure viewer | - | new | Viewer | Secure viewer | + | old | Secure Viewer | Secure Viewer | + | new | Secure Viewer | Secure Viewer | + | old | Secure Viewer | Viewer | + | new | Secure Viewer | Viewer | + | old | Editor | Secure Viewer | + | new | Editor | Secure Viewer | + | old | Viewer | Secure Viewer | + | new | Viewer | Secure Viewer | @skipOnReva Scenario Outline: copying a folder between shares received from different users