diff --git a/services/graph/pkg/service/v0/users.go b/services/graph/pkg/service/v0/users.go index 0a3e5cc143..4e86377c82 100644 --- a/services/graph/pkg/service/v0/users.go +++ b/services/graph/pkg/service/v0/users.go @@ -138,7 +138,7 @@ func (g Graph) GetUserDrive(w http.ResponseWriter, r *http.Request) { ctx := r.Context() filters := []*storageprovider.ListStorageSpacesRequest_Filter{listStorageSpacesTypeFilter("personal"), listStorageSpacesUserFilter(userID)} - res, err := g.ListStorageSpacesWithFilters(ctx, filters, false) + res, err := g.ListStorageSpacesWithFilters(ctx, filters, true) switch { case err != nil: logger.Error().Err(err).Msg("could not get drive: transport error") diff --git a/tests/TestHelpers/GraphHelper.php b/tests/TestHelpers/GraphHelper.php index 012fe1683e..6e005ccbf7 100644 --- a/tests/TestHelpers/GraphHelper.php +++ b/tests/TestHelpers/GraphHelper.php @@ -345,6 +345,32 @@ class GraphHelper { ); } + /*** + * @param string $baseUrl + * @param string $xRequestId + * @param string $byUser + * @param string $userPassword + * @param string $userId + * + * @return ResponseInterface + * @throws GuzzleException + */ + public static function getPersonalDriveInformationByUserId( + string $baseUrl, + string $xRequestId, + string $byUser, + string $userPassword, + string $userId + ): ResponseInterface { + $url = self::getFullUrl($baseUrl, 'users/' . $userId . '/drive'); + return HttpRequestHelper::get( + $url, + $xRequestId, + $byUser, + $userPassword + ); + } + /** * @param string $baseUrl * @param string $xRequestId diff --git a/tests/acceptance/features/apiGraph/getUser.feature b/tests/acceptance/features/apiGraph/getUser.feature index 0aa129413c..3b509020da 100644 --- a/tests/acceptance/features/apiGraph/getUser.feature +++ b/tests/acceptance/features/apiGraph/getUser.feature @@ -1005,3 +1005,252 @@ Feature: get users | Guest | User | | Guest | Guest | | Guest | Admin | + + @issue-6017 + Scenario Outline: admin user gets the drive information of a user with different user role + Given the administrator has assigned the role "" to user "Alice" using the Graph API + And the administrator has assigned the role "" to user "Brian" using the Graph API + And user "Brian" has created folder "my_data" + When user "Alice" gets the personal drive information of user "Brian" using Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "driveAlias", + "driveType", + "id", + "name", + "webUrl", + "owner", + "quota", + "root" + ], + "properties": { + "driveAlias": { + "type": "string", + "enum": ["personal/brian"] + }, + "driveType": { + "type": "string", + "enum": ["personal"] + }, + "id": { + "type": "string", + "pattern": "^%space_id_pattern%$" + }, + "name": { + "type": "string", + "enum": ["Brian Murphy"] + }, + "webUrl": { + "type": "string", + "pattern": "^%base_url%/f/%space_id_pattern%$" + }, + "owner": { + "type": "object", + "required": [ + "user" + ], + "properties": { + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "type": "string", + "enum": [""] + }, + "id": { + "type": "string", + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "qouta": { + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "type": "string", + "enum": ["normal"] + } + } + }, + "root": { + "type": "object", + "required": [ + "webDavUrl" + ], + "properties": { + "webDavUrl": { + "type": "string", + "pattern": "^%base_url%/dav/spaces/%space_id_pattern%$" + } + } + } + } + } + """ + Examples: + | user-role-1 | user-role-2 | + | Admin | Admin | + | Admin | Space Admin | + | Admin | User | + | Admin | Guest | + | Space Admin | Admin | + | Space Admin | Space Admin | + | Space Admin | User | + | Space Admin | Guest | + + + Scenario Outline: non-admin user tries to get drive information of other user with different user role + Given the administrator has assigned the role "" to user "Alice" using the Graph API + And the administrator has assigned the role "" to user "Brian" using the Graph API + When user "Alice" gets the personal drive information of user "Brian" using Graph API + Then the HTTP status code should be "404" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "error" + ], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "string", + "enum": ["itemNotFound"] + }, + "message": { + "type": "string", + "enum": ["no drive returned from storage"] + } + } + } + } + } + """ + Examples: + | user-role-1 | user-role-2 | + | User | Admin | + | User | Space Admin | + | User | User | + | User | Guest | + | Guest | Admin | + | Guest | Space Admin | + | Guest | User | + | Guest | Guest | + + + Scenario Outline: user with different user role gets his/her own drive information + Given the administrator has assigned the role "" to user "Alice" using the Graph API + When user "Alice" gets own personal drive information using Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "driveAlias", + "driveType", + "id", + "name", + "webUrl", + "owner", + "quota", + "root" + ], + "properties": { + "driveAlias": { + "type": "string", + "enum": ["personal/alice"] + }, + "driveType": { + "type": "string", + "enum": ["personal"] + }, + "id": { + "type": "string", + "pattern": "^%space_id_pattern%$" + }, + "name": { + "type": "string", + "enum": ["Alice Hansen"] + }, + "webUrl": { + "type": "string", + "pattern": "^%base_url%/f/%space_id_pattern%$" + }, + "owner": { + "type": "object", + "required": [ + "user" + ], + "properties": { + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "type": "string", + "enum": [""] + }, + "id": { + "type": "string", + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "qouta": { + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "type": "string", + "enum": ["normal"] + } + } + }, + "root": { + "type": "object", + "required": [ + "webDavUrl" + ], + "properties": { + "webDavUrl": { + "type": "string", + "pattern": "^%base_url%/dav/spaces/%space_id_pattern%$" + } + } + } + } + } + """ + Examples: + | userRole | + | Admin | + | Space Admin | + | User | + | Guest | diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php index 46f09acdac..50d987c6ec 100644 --- a/tests/acceptance/features/bootstrap/GraphContext.php +++ b/tests/acceptance/features/bootstrap/GraphContext.php @@ -2293,4 +2293,28 @@ class GraphContext implements Context { "Expected user '" . $user . "' to be added once to group '" . $group . "' but the user is listed '" . $count . "' times" ); } + + /** + * @When /^user "([^"]*)" gets the personal drive information of user "([^"]*)" using Graph API$/ + * @When /^user "([^"]*)" gets own personal drive information using Graph API$/ + * + * @param string $byUser + * @param string|null $user + * + * @return void + */ + public function userGetsThePersonalDriveInformationOfUserUsingGraphApi(string $byUser, ?string $user = null): void { + $user = $user ?? $byUser; + $credentials = $this->getAdminOrUserCredentials($byUser); + $userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id'); + $this->featureContext->setResponse( + GraphHelper::getPersonalDriveInformationByUserId( + $this->featureContext->getBaseUrl(), + $this->featureContext->getStepLineRef(), + $credentials["username"], + $credentials["password"], + $userId + ) + ); + } }