From 828d3eec96ec4f5354bcddc81dd502c641bede87 Mon Sep 17 00:00:00 2001 From: Viktor Scharf Date: Sun, 30 Jan 2022 20:50:41 +0100 Subject: [PATCH] change tests. add disabling/deleting space tests --- ...ected-failures-localAPI-on-OCIS-storage.md | 10 +-- .../features/apiSpaces/deleteSpaces.feature | 79 ++++++++++++++++ ...ces.feature => removeSpaceObjects.feature} | 89 ++++--------------- .../features/bootstrap/SpacesContext.php | 82 +++++++++++++++-- 4 files changed, 177 insertions(+), 83 deletions(-) create mode 100644 tests/acceptance/features/apiSpaces/deleteSpaces.feature rename tests/acceptance/features/apiSpaces/{removeSpaces.feature => removeSpaceObjects.feature} (61%) diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index 49ce60e034..f26e00031c 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -21,9 +21,7 @@ #### [Overwriting a file in the space within the allowed quota does not work](https://github.com/owncloud/ocis/issues/2829) - [apiSpaces/quota.feature:56](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/quota.feature#L56) -#### [Viewer has the possibility to delete the space](https://github.com/owncloud/ocis/issues/3031) -- [apiSpaces/removeSpaces.feature:130](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/removeSpaces.feature#L130) -- [apiSpaces/removeSpaces.feature:140](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/removeSpaces.feature#L140) -- [apiSpaces/removeSpaces.feature:150](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/removeSpaces.feature#L150) -- [apiSpaces/removeSpaces.feature:160](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/removeSpaces.feature#L160) -- [apiSpaces/removeSpaces.feature:171](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/removeSpaces.feature#L171) +#### [Viewer and editor has the possibility to disable the space](https://github.com/owncloud/ocis/issues/3031) +- [apiSpaces/removeSpaceObjects.feature:121](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/removeSpaceObjects.feature#L121) +- [apiSpaces/deleteSpaces.feature:60](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/deleteSpaces.feature#L60) +- [apiSpaces/deleteSpaces.feature:71](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/deleteSpaces.feature#L60) diff --git a/tests/acceptance/features/apiSpaces/deleteSpaces.feature b/tests/acceptance/features/apiSpaces/deleteSpaces.feature new file mode 100644 index 0000000000..979bd840c0 --- /dev/null +++ b/tests/acceptance/features/apiSpaces/deleteSpaces.feature @@ -0,0 +1,79 @@ +@api @skipOnOcV10 +Feature: Disabling and deleting space + As a manager of space + I want to be able to disable the space first, then delete it. + I want to make sure that a disabled spaces isn't accessible by shared users. + + Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production + See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839 + + Background: + Given user "Alice" has been created with default attributes and without skeleton files + And user "Brian" has been created with default attributes and without skeleton files + And the administrator has given "Alice" the role "Admin" using the settings api + + + Scenario: An owner can disable a Space via the Graph API + Given user "Alice" has created a space "disable a space" of type "project" with quota "10" + And user "Alice" has shared a space "disable a space" to user "Brian" with role "editor" + When user "Alice" disables a space "disable a space" + Then the HTTP status code should be "204" + When user "Alice" lists all available spaces via the GraphApi + Then the json responded should contain a space "disable a space" with these key and value pairs: + | key | value | + | name | disable a space | + When user "Brian" lists all available spaces via the GraphApi + Then the json responded should not contain a space with name "disable a space" + + + Scenario: An owner can delete a disabled Space via the webDav API + Given user "Alice" has created a space "delete a space" of type "project" with quota "10" + And user "Alice" has disabled a space "delete a space" + When user "Alice" deletes a space "delete a space" + Then the HTTP status code should be "204" + When user "Alice" lists all available spaces via the GraphApi + Then the json responded should not contain a space with name "delete a space" + + + Scenario: An owner can disable and delete Space in which files and folders exist via the webDav API + Given user "Alice" has created a space "delete a space with content" of type "project" with quota "10" + And user "Alice" has uploaded a file inside space "delete a space with content" with content "test" to "test.txt" + And user "Alice" has created a folder "MainFolder" in space "delete a space with content" + When user "Alice" disables a space "delete a space with content" + Then the HTTP status code should be "204" + When user "Alice" deletes a space "delete a space with content" + Then the HTTP status code should be "204" + When user "Alice" lists all available spaces via the GraphApi + Then the json responded should not contain a space with name "delete a space with content" + + + Scenario: An owner cannot delete a space via the webDav API without first disabling it + Given user "Alice" has created a space "delete without disabling" of type "project" with quota "10" + When user "Alice" deletes a space "delete without disabling" + Then the HTTP status code should be "400" + When user "Alice" lists all available spaces via the GraphApi + Then the json responded should contain a space "delete without disabling" with these key and value pairs: + | key | value | + | name | delete without disabling | + + + Scenario: An user with editor role cannot disable a Space via the Graph API + Given user "Alice" has created a space "editor tries to disable a space" of type "project" with quota "10" + And user "Alice" has shared a space "editor tries to disable a space" to user "Brian" with role "editor" + When user "Brian" disables a space "editor tries to disable a space" + Then the HTTP status code should be "403" + When user "Brian" lists all available spaces via the GraphApi + Then the json responded should contain a space "editor tries to disable a space" with these key and value pairs: + | key | value | + | name | editor tries to disable a space | + + + Scenario: An user with viewer role cannot disable a Space via the Graph API + Given user "Alice" has created a space "viewer tries to disable a space" of type "project" with quota "10" + And user "Alice" has shared a space "viewer tries to disable a space" to user "Brian" with role "viewer" + When user "Brian" disables a space "viewer tries to disable a space" + Then the HTTP status code should be "403" + When user "Brian" lists all available spaces via the GraphApi + Then the json responded should contain a space "viewer tries to disable a space" with these key and value pairs: + | key | value | + | name | viewer tries to disable a space | diff --git a/tests/acceptance/features/apiSpaces/removeSpaces.feature b/tests/acceptance/features/apiSpaces/removeSpaceObjects.feature similarity index 61% rename from tests/acceptance/features/apiSpaces/removeSpaces.feature rename to tests/acceptance/features/apiSpaces/removeSpaceObjects.feature index 71e65273e2..aa15aa89d7 100644 --- a/tests/acceptance/features/apiSpaces/removeSpaces.feature +++ b/tests/acceptance/features/apiSpaces/removeSpaceObjects.feature @@ -1,7 +1,7 @@ @api @skipOnOcV10 -Feature: Remove files, folder and spaces +Feature: Remove files, folder As a user - I want to be able to remove files, folders and space itself + I want to be able to remove files, folders Users with the editor role can also remove objects Users with the viewer role cannot remove objects @@ -13,13 +13,13 @@ Feature: Remove files, folder and spaces And user "Brian" has been created with default attributes and without skeleton files And the administrator has given "Alice" the role "Admin" using the settings api -# owner of space +# owner of space (admin permissions) Scenario: An owner can delete a folder with some subfolders in a Space via the webDav API Given user "Alice" has created a space "Owner deletes folder" of type "project" with quota "10" And user "Alice" has created a folder "folderForDeleting/sub1/sub2" in space "Owner deletes folder" When user "Alice" removes the object "folderForDeleting" from space "Owner deletes folder" - Then the HTTP status code should be "200" + Then the HTTP status code should be "204" And for user "Alice" the space "Owner deletes folder" should not contain these entries: | folderForDeleting | @@ -28,7 +28,7 @@ Feature: Remove files, folder and spaces Given user "Alice" has created a space "Owner deletes subfolder" of type "project" with quota "10" And user "Alice" has created a subfolder "folder/subFolderForDeleting" in space "Owner deletes subfolder" When user "Alice" removes the object "folder/subFolderForDeleting" from space "Owner deletes subfolder" - Then the HTTP status code should be "200" + Then the HTTP status code should be "204" And for user "Alice" the space "Owner deletes subfolder" should contain these entries: | folder | And for user "Alice" folder "folder/" of the space "Owner deletes subfolder" should not contain these entries: @@ -39,7 +39,7 @@ Feature: Remove files, folder and spaces Given user "Alice" has created a space "Owner deletes file" of type "project" with quota "20" And user "Alice" has uploaded a file inside space "Owner deletes file" with content "some content" to "text.txt" When user "Alice" removes the object "text.txt" from space "Owner deletes file" - Then the HTTP status code should be "200" + Then the HTTP status code should be "204" And for user "Alice" the space "Owner deletes file" should not contain these entries: | text.txt | When user "Alice" lists all available spaces via the GraphApi @@ -48,24 +48,6 @@ Feature: Remove files, folder and spaces | name | Owner deletes file | | quota@@@used | 0 | - - Scenario: An owner can delete an empty Space via the webDav API - Given user "Alice" has created a space "Owner deletes an empty space" of type "project" with quota "20" - When user "Alice" removes a space "Owner deletes an empty space" - Then the HTTP status code should be "200" - When user "Alice" lists all available spaces via the GraphApi - Then the json responded should not contain a space with name "Owner deletes an empty space" - - - Scenario: An owner can delete a Space containing folders and files via the webDav API - Given user "Alice" has created a space "Owner deletes space" of type "project" with quota "20" - And user "Alice" has created a folder "folderForDeleting/sub1/sub2" in space "Owner deletes space" - And user "Alice" has uploaded a file inside space "Owner deletes space" with content "some content" to "folderForDeleting/sub1/sub2/text.txt" - When user "Alice" removes a space "Owner deletes space" - Then the HTTP status code should be "200" - When user "Alice" lists all available spaces via the GraphApi - Then the json responded should not contain a space with name "Owner deletes space" - # editor role Scenario: An editor can delete a folder with some subfolders in a Space via the webDav API @@ -73,7 +55,7 @@ Feature: Remove files, folder and spaces And user "Alice" has created a folder "folderForDeleting/sub1/sub2" in space "Editor deletes folder" And user "Alice" has shared a space "Editor deletes folder" to user "Brian" with role "editor" When user "Brian" removes the object "folderForDeleting" from space "Editor deletes folder" - Then the HTTP status code should be "200" + Then the HTTP status code should be "204" And for user "Brian" the space "Editor deletes folder" should not contain these entries: | folderForDeleting | @@ -83,7 +65,7 @@ Feature: Remove files, folder and spaces And user "Alice" has created a subfolder "folder/subFolderForDeleting" in space "Editor deletes subfolder" And user "Alice" has shared a space "Editor deletes subfolder" to user "Brian" with role "editor" When user "Brian" removes the object "folder/subFolderForDeleting" from space "Editor deletes subfolder" - Then the HTTP status code should be "200" + Then the HTTP status code should be "204" And for user "Brian" the space "Editor deletes subfolder" should contain these entries: | folder | And for user "Brian" folder "folder/" of the space "Editor deletes subfolder" should not contain these entries: @@ -95,7 +77,7 @@ Feature: Remove files, folder and spaces And user "Alice" has uploaded a file inside space "Editor deletes file" with content "some content" to "text.txt" And user "Alice" has shared a space "Editor deletes file" to user "Brian" with role "editor" When user "Brian" removes the object "text.txt" from space "Editor deletes file" - Then the HTTP status code should be "200" + Then the HTTP status code should be "204" And for user "Brian" the space "Editor deletes file" should not contain these entries: | text.txt | When user "Brian" lists all available spaces via the GraphApi @@ -104,27 +86,6 @@ Feature: Remove files, folder and spaces | name | Editor deletes file | | quota@@@used | 0 | - - Scenario: An editor can delete an empty Space via the webDav API - Given user "Alice" has created a space "Editor deletes an empty space" of type "project" with quota "20" - And user "Alice" has shared a space "Editor deletes an empty space" to user "Brian" with role "editor" - When user "Brian" removes a space "Editor deletes an empty space" - Then the HTTP status code should be "200" - When user "Brian" lists all available spaces via the GraphApi - Then the json responded should not contain a space with name "Editor deletes an empty space" - - - Scenario: An editor can delete a Space containing folders and files via the webDav API - Given user "Alice" has created a space "Editor deletes space" of type "project" with quota "20" - And user "Alice" has created a folder "folderForDeleting/sub1/sub2" in space "Editor deletes space" - And user "Alice" has uploaded a file inside space "Editor deletes space" with content "some content" to "folderForDeleting/sub1/sub2/text.txt" - And user "Alice" has shared a space "Editor deletes space" to user "Brian" with role "editor" - When user "Brian" removes a space "Editor deletes space" - Then the HTTP status code should be "200" - When user "Brian" lists all available spaces via the GraphApi - Then the json responded should not contain a space with name "Editor deletes space" - - # viewer role Scenario: A viewer cannot delete a folder with some subfolders in a Space via the webDav API @@ -156,26 +117,12 @@ Feature: Remove files, folder and spaces And for user "Brian" the space "Viewer deletes file" should contain these entries: | text.txt | - - Scenario: A viewer cannot delete an empty Space via the webDav API - Given user "Alice" has created a space "Viewer deletes an empty space" of type "project" with quota "20" - And user "Alice" has shared a space "Viewer deletes an empty space" to user "Brian" with role "viewer" - When user "Brian" removes a space "Viewer deletes an empty space" - Then the HTTP status code should be "403" - When user "Brian" lists all available spaces via the GraphApi - Then the json responded should contain a space "Viewer deletes an empty space" with these key and value pairs: - | key | value | - | name | Viewer deletes an empty space | - - - Scenario: A viewer cannot delete a Space containing folders and files via the webDav API - Given user "Alice" has created a space "Viewer deletes space" of type "project" with quota "20" - And user "Alice" has created a folder "folderForDeleting/sub1/sub2" in space "Viewer deletes space" - And user "Alice" has uploaded a file inside space "Viewer deletes space" with content "some content" to "folderForDeleting/sub1/sub2/text.txt" - And user "Alice" has shared a space "Viewer deletes space" to user "Brian" with role "viewer" - When user "Brian" removes a space "Viewer deletes space" - Then the HTTP status code should be "403" - When user "Brian" lists all available spaces via the GraphApi - Then the json responded should contain a space "Viewer deletes space" with these key and value pairs: - | key | value | - | name | Viewer deletes space | + + Scenario: An user is unable to delete a Space via the webDav API + Given user "Alice" has created a space "user deletes a space" of type "project" with quota "20" + When user "Alice" removes the object "" from space "user deletes a space" + Then the HTTP status code should be "405" + When user "Alice" lists all available spaces via the GraphApi + Then the json responded should contain a space "user deletes a space" with these key and value pairs: + | key | value | + | name | user deletes a space | diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php index 3e1b6af248..16d23b839f 100644 --- a/tests/acceptance/features/bootstrap/SpacesContext.php +++ b/tests/acceptance/features/bootstrap/SpacesContext.php @@ -1372,7 +1372,14 @@ class SpacesContext implements Context { $space = $this->getSpaceByName($user, $spaceName); $fullUrl = $this->baseUrl . "/ocs/v2.php/apps/files_sharing/api/v1/shares/" . $space['id'] . "?shareWith=" . $userRecipient; - HttpRequestHelper::delete($fullUrl, "", $user, $this->featureContext->getPasswordForUser($user)); + $this->featureContext->setResponse( + HttpRequestHelper::delete( + $fullUrl, + "", + $user, + $this->featureContext->getPasswordForUser($user) + ) + ); } /** @@ -1392,11 +1399,18 @@ class SpacesContext implements Context { ): void { $space = $this->getSpaceByName($user, $spaceName); $spaceWebDavUrl = $space["root"]["webDavUrl"] . '/' . $object; - HttpRequestHelper::delete($spaceWebDavUrl, "", $user, $this->featureContext->getPasswordForUser($user)); + $this->featureContext->setResponse( + HttpRequestHelper::delete( + $spaceWebDavUrl, + "", + $user, + $this->featureContext->getPasswordForUser($user) + ) + ); } /** - * @When /^user "([^"]*)" removes a space "([^"]*)"$/ + * @When /^user "([^"]*)" disables a space "([^"]*)"$/ * * @param string $user * @param string $spaceName @@ -1404,12 +1418,68 @@ class SpacesContext implements Context { * @return void * @throws GuzzleException */ - public function sendRemoveSpaceRequest( + public function sendDisableSpaceRequest( string $user, string $spaceName ): void { $space = $this->getSpaceByName($user, $spaceName); - $spaceWebDavUrl = $space["root"]["webDavUrl"]; - HttpRequestHelper::delete($spaceWebDavUrl, "", $user, $this->featureContext->getPasswordForUser($user)); + $fullUrl = $this->baseUrl . "/graph/v1.0/drives/" . $space["id"]; + $this->featureContext->setResponse( + HttpRequestHelper::delete( + $fullUrl, + "", + $user, + $this->featureContext->getPasswordForUser($user) + ) + ); + } + + /** + * @When /^user "([^"]*)" has disabled a space "([^"]*)"$/ + * + * @param string $user + * @param string $spaceName + * + * @return void + * @throws GuzzleException + */ + public function sendUserHasDisabledSpaceRequest( + string $user, + string $spaceName + ): void { + $this->sendDisableSpaceRequest($user, $spaceName); + $expectedHTTPStatus = "204"; + $this->featureContext->theHTTPStatusCodeShouldBe( + $expectedHTTPStatus, + "Expected response status code should be $expectedHTTPStatus" + ); + } + + /** + * @When /^user "([^"]*)" deletes a space "([^"]*)"$/ + * + * @param string $user + * @param string $spaceName + * + * @return void + * @throws GuzzleException + */ + public function sendDeleteSpaceRequest( + string $user, + string $spaceName + ): void { + $header = ["Purge" => "T"]; + $space = $this->getSpaceByName($user, $spaceName); + $fullUrl = $this->baseUrl . "/graph/v1.0/drives/" . $space["id"]; + + $this->featureContext->setResponse( + HttpRequestHelper::delete( + $fullUrl, + "", + $user, + $this->featureContext->getPasswordForUser($user), + $header + ) + ); } }