diff --git a/tests/acceptance/features/apiSpaces/resharing.feature b/tests/acceptance/features/apiSpaces/resharing.feature index 47dfc10ced..c17d537502 100644 --- a/tests/acceptance/features/apiSpaces/resharing.feature +++ b/tests/acceptance/features/apiSpaces/resharing.feature @@ -57,7 +57,7 @@ Feature: Resharing Scenario: user can't share with more permissions than they have When user "Damian" shares folder "Shares/folder" with user "Ember" with permissions "31" using the sharing API - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the OCS status message should be "Cannot set the requested share permissions" @@ -97,8 +97,8 @@ Feature: Resharing | Brian | 17 | 100 | | Carol | 31 | 100 | | Damian | 17 | 100 | - | Damian | 27 | 404 | - | Damian | 31 | 404 | + | Damian | 27 | 403 | + | Damian | 31 | 403 | Scenario Outline: Resharing files with different permissions @@ -110,7 +110,7 @@ Feature: Resharing Examples: | shareepermissions | granteepermissions | code | | 17 | 17 | 100 | - | 17 | 19 | 404 | + | 17 | 19 | 403 | | 19 | 19 | 100 | diff --git a/tests/acceptance/features/apiSpacesShares/shareSpaces.feature b/tests/acceptance/features/apiSpacesShares/shareSpaces.feature index 386754003f..84a0f6a013 100644 --- a/tests/acceptance/features/apiSpacesShares/shareSpaces.feature +++ b/tests/acceptance/features/apiSpacesShares/shareSpaces.feature @@ -139,8 +139,8 @@ Feature: Share spaces When user "Brian" shares a space "share space" with settings: | shareWith | Bob | | role | | - Then the HTTP status code should be "404" - And the OCS status code should be "404" + Then the HTTP status code should be "403" + And the OCS status code should be "403" And the OCS status message should be "No share permission" And the user "Bob" should not have a space called "share space" Examples: @@ -183,8 +183,8 @@ Feature: Share spaces When user "Brian" updates the space "share space" with settings: | shareWith | Bob | | role | | - Then the HTTP status code should be "404" - And the OCS status code should be "404" + Then the HTTP status code should be "403" + And the OCS status code should be "403" And the user "Alice" should have a space called "share space" granted to "Bob" with role "viewer" Examples: | role | new_role | diff --git a/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature b/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature index a8ca3f0651..ebc4cafb54 100644 --- a/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature +++ b/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature @@ -77,8 +77,8 @@ Feature: Share spaces via link | role | | When user "Brian" creates a public link share of the space "share space" with settings: | permissions | 1 | - Then the HTTP status code should be "404" - And the OCS status code should be "404" + Then the HTTP status code should be "403" + And the OCS status code should be "403" And the OCS status message should be "No share permission" And for user "Alice" the space "share space" should not contain the last created public link Examples: diff --git a/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature b/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature index 6484ff5abb..4d78fd8023 100644 --- a/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature +++ b/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature @@ -74,8 +74,8 @@ Feature: Share a file or folder that is inside a space | path | | | shareWith | Bob | | role | editor | - Then the HTTP status code should be "404" - And the OCS status code should be "404" + Then the HTTP status code should be "403" + And the OCS status code should be "403" And the OCS status message should be "No share permission" Examples: | entity | spaceRole | diff --git a/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpaceViaPublicLink.feature b/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpaceViaPublicLink.feature index 82b8ca511b..70ed2a0a64 100644 --- a/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpaceViaPublicLink.feature +++ b/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpaceViaPublicLink.feature @@ -108,8 +108,8 @@ Feature: Share a file or folder that is inside a space via public link | password | 123 | | name | public link | | expireDate | 2042-03-25T23:59:59+0100 | - Then the HTTP status code should be "404" - And the OCS status code should be "404" + Then the HTTP status code should be "403" + And the OCS status code should be "403" And the OCS status message should be "No share permission" Examples: | entity | spaceRole | diff --git a/tests/acceptance/features/coreApiSharePublicLink2/reShareAsPublicLinkToSharesNewDav.feature b/tests/acceptance/features/coreApiSharePublicLink2/reShareAsPublicLinkToSharesNewDav.feature index 9f61b69da0..184231645e 100644 --- a/tests/acceptance/features/coreApiSharePublicLink2/reShareAsPublicLinkToSharesNewDav.feature +++ b/tests/acceptance/features/coreApiSharePublicLink2/reShareAsPublicLinkToSharesNewDav.feature @@ -19,12 +19,12 @@ Feature: reshare as public link When user "Brian" creates a public link share using the sharing API with settings | path | /Shares/test | | publicUpload | false | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline: creating a public link from a share with share+read only permissions is allowed @@ -56,12 +56,12 @@ Feature: reshare as public link | path | /Shares/test | | permissions | read,update,create,delete | | publicUpload | true | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline: creating a public link from a share with read+write permissions only is not allowed @@ -72,12 +72,12 @@ Feature: reshare as public link When user "Brian" creates a public link share using the sharing API with settings | path | /Shares/test | | publicUpload | true | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline: creating a public link from a share with share+read+write permissions is allowed @@ -131,12 +131,12 @@ Feature: reshare as public link | path | /Shares/test/sub | | permissions | read,update,create,delete | | publicUpload | true | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline: increasing permissions of a public link of a share with share+read only permissions is not allowed @@ -151,13 +151,13 @@ Feature: reshare as public link | publicUpload | false | When user "Brian" updates the last public link share using the sharing API with | permissions | read,update,create,delete | - Then the OCS status code should be "404" or "403" - And the HTTP status code should be "" or "" + Then the OCS status code should be "403" + And the HTTP status code should be "" And uploading a file should not work using the new public WebDAV API Examples: - | ocs_api_version | http_status_code1 | http_status_code2 | - | 1 | 200 | 200 | - | 2 | 404 | 403 | + | ocs_api_version | http_status_code | + | 1 | 200 | + | 2 | 403 | Scenario Outline: increasing permissions of a public link from a sub-folder of a share with share+read only permissions is not allowed @@ -173,10 +173,10 @@ Feature: reshare as public link And uploading a file should not work using the new public WebDAV API When user "Brian" updates the last public link share using the sharing API with | permissions | read,update,create,delete | - Then the OCS status code should be "404" or "403" - And the HTTP status code should be "" or "" + Then the OCS status code should be "403" + And the HTTP status code should be "" And uploading a file should not work using the new public WebDAV API Examples: - | ocs_api_version | http_status_code1 | http_status_code2 | - | 1 | 200 | 200 | - | 2 | 404 | 403 | + | ocs_api_version | http_status_code | + | 1 | 200 | + | 2 | 403 | diff --git a/tests/acceptance/features/coreApiSharePublicLink3/updatePublicLinkShare.feature b/tests/acceptance/features/coreApiSharePublicLink3/updatePublicLinkShare.feature index 942c8d0679..caeae169f9 100644 --- a/tests/acceptance/features/coreApiSharePublicLink3/updatePublicLinkShare.feature +++ b/tests/acceptance/features/coreApiSharePublicLink3/updatePublicLinkShare.feature @@ -258,14 +258,14 @@ Feature: update a public link share | publicUpload | false | When user "Brian" updates the last public link share using the sharing API with | publicUpload | true | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And uploading a file should not work using the old public WebDAV API And uploading a file should not work using the new public WebDAV API Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline:adding public upload to a shared folder as recipient is allowed with permissions using the public API @@ -300,14 +300,14 @@ Feature: update a public link share | permissions | read | When user "Brian" updates the last public link share using the sharing API with | permissions | read,update,create,delete | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And uploading a file should not work using the old public WebDAV API And uploading a file should not work using the new public WebDAV API Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline: adding public link with all permissions to a read only shared folder as recipient is allowed with permissions using the public API diff --git a/tests/acceptance/features/coreApiShareReshareToShares1/reShare.feature b/tests/acceptance/features/coreApiShareReshareToShares1/reShare.feature index df88a9264f..926f7da7f2 100644 --- a/tests/acceptance/features/coreApiShareReshareToShares1/reShare.feature +++ b/tests/acceptance/features/coreApiShareReshareToShares1/reShare.feature @@ -18,7 +18,7 @@ Feature: sharing And user "Alice" has shared file "/textfile0.txt" with user "Brian" with permissions "read,update" And user "Brian" has accepted share "/textfile0.txt" offered by user "Alice" When user "Brian" shares file "/Shares/textfile0.txt" with user "Carol" with permissions "read,update" using the sharing API - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And as "Carol" file "/Shares/textfile0.txt" should not exist And the sharing API should report to user "Carol" that no shares are in the pending state @@ -26,7 +26,7 @@ Feature: sharing Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline: user is not allowed to reshare folder when reshare permission is not given @@ -35,7 +35,7 @@ Feature: sharing And user "Alice" has shared folder "/FOLDER" with user "Brian" with permissions "read,update" And user "Brian" has accepted share "/FOLDER" offered by user "Alice" When user "Brian" shares folder "/Shares/FOLDER" with user "Carol" with permissions "read,update" using the sharing API - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And as "Carol" folder "/Shares/FOLDER" should not exist And the sharing API should report to user "Carol" that no shares are in the pending state @@ -43,7 +43,7 @@ Feature: sharing Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | @smokeTest Scenario Outline: user is allowed to reshare file with the same permissions @@ -116,7 +116,7 @@ Feature: sharing And user "Alice" has shared file "/textfile0.txt" with user "Brian" with permissions 17 And user "Brian" has accepted share "/textfile0.txt" offered by user "Alice" When user "Brian" shares file "/Shares/textfile0.txt" with user "Carol" with permissions using the sharing API - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And as "Carol" file "/Shares/textfile0.txt" should not exist And the sharing API should report to user "Carol" that no shares are in the pending state @@ -125,18 +125,18 @@ Feature: sharing | ocs_api_version | http_status_code | reshare_permissions | # passing on more bits including reshare | 1 | 200 | 19 | - | 2 | 404 | 19 | + | 2 | 403 | 19 | | 1 | 200 | 23 | - | 2 | 404 | 23 | + | 2 | 403 | 23 | | 1 | 200 | 31 | - | 2 | 404 | 31 | + | 2 | 403 | 31 | # passing on more bits but not reshare | 1 | 200 | 3 | - | 2 | 404 | 3 | + | 2 | 403 | 3 | | 1 | 200 | 7 | - | 2 | 404 | 7 | + | 2 | 403 | 7 | | 1 | 200 | 15 | - | 2 | 404 | 15 | + | 2 | 403 | 15 | Scenario Outline: user is allowed to reshare file and set create (4) or delete (8) permissions bits, which get ignored @@ -186,7 +186,7 @@ Feature: sharing And user "Alice" has shared folder "/PARENT" with user "Brian" with permissions And user "Brian" has accepted share "/PARENT" offered by user "Alice" When user "Brian" shares folder "/Shares/PARENT" with user "Carol" with permissions using the sharing API - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And as "Carol" folder "/Shares/PARENT" should not exist And the sharing API should report to user "Carol" that no shares are in the pending state @@ -195,30 +195,30 @@ Feature: sharing | ocs_api_version | http_status_code | received_permissions | reshare_permissions | # try to pass on more bits including reshare | 1 | 200 | 17 | 19 | - | 2 | 404 | 17 | 19 | + | 2 | 403 | 17 | 19 | | 1 | 200 | 17 | 21 | - | 2 | 404 | 17 | 21 | + | 2 | 403 | 17 | 21 | | 1 | 200 | 17 | 23 | - | 2 | 404 | 17 | 23 | + | 2 | 403 | 17 | 23 | | 1 | 200 | 17 | 31 | - | 2 | 404 | 17 | 31 | + | 2 | 403 | 17 | 31 | | 1 | 200 | 19 | 23 | - | 2 | 404 | 19 | 23 | + | 2 | 403 | 19 | 23 | | 1 | 200 | 19 | 31 | - | 2 | 404 | 19 | 31 | + | 2 | 403 | 19 | 31 | # try to pass on more bits but not reshare | 1 | 200 | 17 | 3 | - | 2 | 404 | 17 | 3 | + | 2 | 403 | 17 | 3 | | 1 | 200 | 17 | 5 | - | 2 | 404 | 17 | 5 | + | 2 | 403 | 17 | 5 | | 1 | 200 | 17 | 7 | - | 2 | 404 | 17 | 7 | + | 2 | 403 | 17 | 7 | | 1 | 200 | 17 | 15 | - | 2 | 404 | 17 | 15 | + | 2 | 403 | 17 | 15 | | 1 | 200 | 19 | 7 | - | 2 | 404 | 19 | 7 | + | 2 | 403 | 19 | 7 | | 1 | 200 | 19 | 15 | - | 2 | 404 | 19 | 15 | + | 2 | 403 | 19 | 15 | Scenario Outline: user is not allowed to reshare folder and add delete permission bit (8) @@ -227,7 +227,7 @@ Feature: sharing And user "Alice" has shared folder "/PARENT" with user "Brian" with permissions And user "Brian" has accepted share "/PARENT" offered by user "Alice" When user "Brian" shares folder "/Shares/PARENT" with user "Carol" with permissions using the sharing API - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And as "Carol" folder "/Shares/PARENT" should not exist And the sharing API should report to user "Carol" that no shares are in the pending state @@ -236,18 +236,18 @@ Feature: sharing | ocs_api_version | http_status_code | received_permissions | reshare_permissions | # try to pass on extra delete (including reshare) | 1 | 200 | 17 | 25 | - | 2 | 404 | 17 | 25 | + | 2 | 403 | 17 | 25 | | 1 | 200 | 19 | 27 | - | 2 | 404 | 19 | 27 | + | 2 | 403 | 19 | 27 | | 1 | 200 | 23 | 31 | - | 2 | 404 | 23 | 31 | + | 2 | 403 | 23 | 31 | # try to pass on extra delete (but not reshare) | 1 | 200 | 17 | 9 | - | 2 | 404 | 17 | 9 | + | 2 | 403 | 17 | 9 | | 1 | 200 | 19 | 11 | - | 2 | 404 | 19 | 11 | + | 2 | 403 | 19 | 11 | | 1 | 200 | 23 | 15 | - | 2 | 404 | 23 | 15 | + | 2 | 403 | 23 | 15 | Scenario Outline: reshare a file with same name as a deleted file diff --git a/tests/acceptance/features/coreApiShareReshareToShares2/reShareSubfolder.feature b/tests/acceptance/features/coreApiShareReshareToShares2/reShareSubfolder.feature index 6a6e8550dc..d70a66e1a8 100644 --- a/tests/acceptance/features/coreApiShareReshareToShares2/reShareSubfolder.feature +++ b/tests/acceptance/features/coreApiShareReshareToShares2/reShareSubfolder.feature @@ -35,7 +35,7 @@ Feature: a subfolder of a received share can be reshared And user "Alice" has shared folder "/TMP" with user "Brian" with permissions And user "Brian" has accepted share "/TMP" offered by user "Alice" When user "Brian" shares folder "/Shares/TMP/SUB" with user "Carol" with permissions using the sharing API - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And as "Carol" folder "/Shares/SUB" should not exist And the sharing API should report to user "Carol" that no shares are in the pending state @@ -44,44 +44,44 @@ Feature: a subfolder of a received share can be reshared | ocs_api_version | http_status_code | received_permissions | reshare_permissions | # try to pass on more bits including reshare | 1 | 200 | 17 | 19 | - | 2 | 404 | 17 | 19 | + | 2 | 403 | 17 | 19 | | 1 | 200 | 17 | 21 | - | 2 | 404 | 17 | 21 | + | 2 | 403 | 17 | 21 | | 1 | 200 | 17 | 23 | - | 2 | 404 | 17 | 23 | + | 2 | 403 | 17 | 23 | | 1 | 200 | 17 | 31 | - | 2 | 404 | 17 | 31 | + | 2 | 403 | 17 | 31 | | 1 | 200 | 19 | 23 | - | 2 | 404 | 19 | 23 | + | 2 | 403 | 19 | 23 | | 1 | 200 | 19 | 31 | - | 2 | 404 | 19 | 31 | + | 2 | 403 | 19 | 31 | # try to pass on more bits but not reshare | 1 | 200 | 17 | 3 | - | 2 | 404 | 17 | 3 | + | 2 | 403 | 17 | 3 | | 1 | 200 | 17 | 5 | - | 2 | 404 | 17 | 5 | + | 2 | 403 | 17 | 5 | | 1 | 200 | 17 | 7 | - | 2 | 404 | 17 | 7 | + | 2 | 403 | 17 | 7 | | 1 | 200 | 17 | 15 | - | 2 | 404 | 17 | 15 | + | 2 | 403 | 17 | 15 | | 1 | 200 | 19 | 7 | - | 2 | 404 | 19 | 7 | + | 2 | 403 | 19 | 7 | | 1 | 200 | 19 | 15 | - | 2 | 404 | 19 | 15 | + | 2 | 403 | 19 | 15 | # try to pass on extra delete (including reshare) | 1 | 200 | 17 | 25 | - | 2 | 404 | 17 | 25 | + | 2 | 403 | 17 | 25 | | 1 | 200 | 19 | 27 | - | 2 | 404 | 19 | 27 | + | 2 | 403 | 19 | 27 | | 1 | 200 | 23 | 31 | - | 2 | 404 | 23 | 31 | + | 2 | 403 | 23 | 31 | # try to pass on extra delete (but not reshare) | 1 | 200 | 17 | 9 | - | 2 | 404 | 17 | 9 | + | 2 | 403 | 17 | 9 | | 1 | 200 | 19 | 11 | - | 2 | 404 | 19 | 11 | + | 2 | 403 | 19 | 11 | | 1 | 200 | 23 | 15 | - | 2 | 404 | 23 | 15 | + | 2 | 403 | 23 | 15 | @issue-2214 Scenario Outline: user is allowed to update reshare of a sub-folder with less permissions @@ -132,7 +132,7 @@ Feature: a subfolder of a received share can be reshared And user "Carol" has accepted share "/SUB" offered by user "Brian" When user "Brian" updates the last share using the sharing API with | permissions | all | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And as "Carol" folder "/Shares/SUB" should exist But user "Carol" should not be able to upload file "filesForUpload/textfile.txt" to "/Shares/SUB/textfile.txt" @@ -141,4 +141,4 @@ Feature: a subfolder of a received share can be reshared Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | diff --git a/tests/acceptance/features/coreApiShareReshareToShares3/reShareUpdate.feature b/tests/acceptance/features/coreApiShareReshareToShares3/reShareUpdate.feature index 088eada24e..9be59069b7 100644 --- a/tests/acceptance/features/coreApiShareReshareToShares3/reShareUpdate.feature +++ b/tests/acceptance/features/coreApiShareReshareToShares3/reShareUpdate.feature @@ -55,13 +55,13 @@ Feature: sharing And user "Carol" has accepted share "/TMP" offered by user "Brian" When user "Brian" updates the last share using the sharing API with | permissions | all | - Then the OCS status code should be "404" + Then the OCS status code should be "403" And the HTTP status code should be "" And user "Carol" should not be able to upload file "filesForUpload/textfile.txt" to "Shares/TMP/textfile.txt" Examples: | ocs_api_version | http_status_code | | 1 | 200 | - | 2 | 404 | + | 2 | 403 | Scenario Outline: update of user reshare by the original share owner can increase permissions up to the permissions of the top-level share