From d37cea3a5ec21eb3fbf61d3c5734a0860fc7087b Mon Sep 17 00:00:00 2001 From: Swikriti Tripathi <41103328+SwikritiT@users.noreply.github.com> Date: Sat, 2 Dec 2023 08:24:56 +0545 Subject: [PATCH] [tests-only][full-ci] tests: add api tests for deleting public link password (#7828) --- .../expected-failures-API-on-OCIS-storage.md | 4 ++ .../apiSpacesShares/shareOperations.feature | 37 +++++++++++ .../shareSpacesViaLink.feature | 63 ++++++++++++++++++ .../changingPublicLinkShare.feature | 66 +++++++++++++++++++ 4 files changed, 170 insertions(+) diff --git a/tests/acceptance/expected-failures-API-on-OCIS-storage.md b/tests/acceptance/expected-failures-API-on-OCIS-storage.md index 238c0ba1eb..e829619bcc 100644 --- a/tests/acceptance/expected-failures-API-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-API-on-OCIS-storage.md @@ -515,5 +515,9 @@ Not everything needs to be implemented for ocis. While the oc10 testsuite covers - [coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature:22](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature#L22) - [coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature#L23) +#### [Normal users can update the public link to delete its password if permission is not sent in data](https://github.com/owncloud/ocis/issues/7821) + +- [coreApiSharePublicLink1/changingPublicLinkShare.feature:154](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L154) + Note: always have an empty line at the end of this file. The bash script that processes this file requires that the last line has a newline on the end. diff --git a/tests/acceptance/features/apiSpacesShares/shareOperations.feature b/tests/acceptance/features/apiSpacesShares/shareOperations.feature index 25d3bb97a3..fea00f4591 100644 --- a/tests/acceptance/features/apiSpacesShares/shareOperations.feature +++ b/tests/acceptance/features/apiSpacesShares/shareOperations.feature @@ -351,3 +351,40 @@ Feature: sharing | permissions | | change | | create | + + + Scenario Outline: space admin tries to remove password of a public link share (change/create permission) + Given using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created folder "FOLDER" + And user "Alice" has created a public link share with settings + | path | /FOLDER | + | permissions | | + | password | %public% | + When user "Alice" updates the last public link share using the sharing API with + | path | /FOLDER | + | permissions | | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | permissions | + | change | + | create | + + + Scenario: space admin removes password of a public link share (read permission) + Given using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created folder "FOLDER" + And user "Alice" has created a public link share with settings + | path | /FOLDER | + | permissions | read | + | password | %public% | + When user "Alice" updates the last public link share using the sharing API with + | path | /FOLDER | + | permissions | read | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "100" diff --git a/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature b/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature index b3ab045e9d..f762a767bc 100644 --- a/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature +++ b/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature @@ -128,3 +128,66 @@ Feature: Share spaces via link Then the HTTP status code should be "400" And the OCS status message should be "Can not share space root" And for user "Alice" the space "Alice Hansen" should not contain the last created public link + + + Scenario: space admin removes password of a public link share of a space + Given user "Alice" has created a public link share of the space "share space" with settings: + | permissions | 1 | + | password | %public% | + When user "Alice" updates the last public link share using the sharing API with + | permissions | 1 | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "100" + + + Scenario Outline: space admin tries to remove password of a public link share of a space (various permission) + Given user "Alice" has created a public link share of the space "share space" with settings: + | permissions | | + | password | %public% | + When user "Alice" updates the last public link share using the sharing API with + | permissions | | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | permissions | + | 5 | + | 15 | + | 4 | + + + Scenario: space manager tries to remove password of a public link share of a space (read permission) + Given user "Alice" has shared a space "share space" with settings: + | shareWith | Brian | + | role | manager | + And user "Brian" has created a public link share of the space "share space" with settings: + | permissions | 1 | + | password | %public% | + When user "Brian" updates the last public link share using the sharing API with + | permissions | 1 | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "104" + And the OCS status message should be "user is not allowed to delete the password from the public link" + + + Scenario Outline: space manager tries to remove password of a public link share of a space (various permission) + Given user "Alice" has shared a space "share space" with settings: + | shareWith | Brian | + | role | manager | + And user "Brian" has created a public link share of the space "share space" with settings: + | permissions | | + | password | %public% | + When user "Brian" updates the last public link share using the sharing API with + | permissions | | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | permissions | + | 5 | + | 15 | + | 4 | diff --git a/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature b/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature index b73fb64515..74296b42ab 100644 --- a/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature +++ b/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature @@ -131,3 +131,69 @@ Feature: changing a public link share When the public deletes file "parent.txt" from the last public link share using the password "%public%" and new public WebDAV API Then the HTTP status code should be "403" And as "Alice" file "PARENT/parent.txt" should exist + + + Scenario Outline: normal user tries to remove password of a public link share (change/create permission) + Given user "Alice" has created a public link share with settings + | path | /PARENT | + | permissions | | + | password | %public% | + When user "Alice" updates the last public link share using the sharing API with + | path | /PARENT | + | permissions | | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | permissions | + | change | + | create | + + @issue-7821 + Scenario: normal user tries to remove password of a public link (update without sending permissions) + Given user "Alice" has created a public link share with settings + | path | /PARENT | + | permissions | change | + | password | %public% | + When user "Alice" updates the last public link share using the sharing API with + | path | /PARENT | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "400" + And the OCS status message should be "missing required password" + + + Scenario: administrator removes password of a read-only public link + Given admin has created folder "/PARENT" + And user "admin" has uploaded file "filesForUpload/textfile.txt" to "PARENT/parent.txt" + And user "admin" has created a public link share with settings + | path | /PARENT | + | permissions | read | + | password | %public% | + When user "admin" updates the last public link share using the sharing API with + | path | /PARENT | + | permissions | read | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "100" + And the public should be able to download file "/parent.txt" from inside the last public link shared folder using the new public WebDAV API with password "" + + + Scenario Outline: administrator tries to remove password of a public link share (change/create permission) + Given admin has created folder "/PARENT" + And user "admin" has created a public link share with settings + | path | /PARENT | + | permissions | | + | password | %public% | + When user "admin" updates the last public link share using the sharing API with + | path | /PARENT | + | permissions | | + | password | | + Then the HTTP status code should be "200" + And the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | permissions | + | change | + | create |