mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2025-12-27 00:00:49 -05:00
760 lines
29 KiB
Gherkin
760 lines
29 KiB
Gherkin
Feature: permissions role definitions
|
|
As a user
|
|
I want to get the role management endpoints
|
|
So that I can find out if those endpoints are working correctly or not
|
|
|
|
Background:
|
|
Given user "Alice" has been created with default attributes
|
|
|
|
|
|
Scenario: get a list of permissions role definitions
|
|
When user "Alice" gets a list of permissions role definitions using the Graph API
|
|
Then the HTTP status code should be "200"
|
|
And the JSON data of the response should match
|
|
"""
|
|
{
|
|
"type": "array",
|
|
"maxItems": 7,
|
|
"minItems": 7,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 10
|
|
},
|
|
"description": {
|
|
"const": "View and download."
|
|
},
|
|
"displayName": {
|
|
"const": "Can view"
|
|
},
|
|
"id": {
|
|
"const": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 4,
|
|
"minItems": 4,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.File"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.File \u0026\u0026 @Subject.UserType==\"Federated\""
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder \u0026\u0026 @Subject.UserType==\"Federated\""
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 40
|
|
},
|
|
"description": {
|
|
"const": "View and download."
|
|
},
|
|
"displayName": {
|
|
"const": "Can view"
|
|
},
|
|
"id": {
|
|
"const": "a8d5fe5e-96e3-418d-825b-534dbdf22b99"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 1,
|
|
"minItems": 1,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/permissions/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Root"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 60
|
|
},
|
|
"description": {
|
|
"const": "View, download, upload, edit, add and delete."
|
|
},
|
|
"displayName": {
|
|
"const": "Can edit"
|
|
},
|
|
"id": {
|
|
"const": "fb6c3e19-e378-47e5-b277-9732f9de6e21"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 2,
|
|
"minItems": 2,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/children/create",
|
|
"libre.graph/driveItem/standard/delete",
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/upload/create",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/path/update",
|
|
"libre.graph/driveItem/deleted/update",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/children/create",
|
|
"libre.graph/driveItem/standard/delete",
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/upload/create",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/path/update",
|
|
"libre.graph/driveItem/deleted/update",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder \u0026\u0026 @Subject.UserType==\"Federated\""
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 90
|
|
},
|
|
"description": {
|
|
"const": "View, download, upload, edit, add, delete including the history."
|
|
},
|
|
"displayName": {
|
|
"const": "Can edit"
|
|
},
|
|
"id": {
|
|
"const": "58c63c02-1d89-4572-916a-870abc5a1b7d"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 1,
|
|
"minItems": 1,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/children/create",
|
|
"libre.graph/driveItem/standard/delete",
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/upload/create",
|
|
"libre.graph/driveItem/permissions/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/versions/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/path/update",
|
|
"libre.graph/driveItem/versions/update",
|
|
"libre.graph/driveItem/deleted/update",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Root"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 100
|
|
},
|
|
"description": {
|
|
"const": "View, download and edit."
|
|
},
|
|
"displayName": {
|
|
"const": "Can edit"
|
|
},
|
|
"id": {
|
|
"const": "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 2,
|
|
"minItems": 2,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/upload/create",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/deleted/update",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const":"exists @Resource.File"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/upload/create",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/deleted/update",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const":"exists @Resource.File \u0026\u0026 @Subject.UserType==\"Federated\""
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 50
|
|
},
|
|
"description": {
|
|
"const": "View, download and upload."
|
|
},
|
|
"displayName": {
|
|
"const": "Can upload"
|
|
},
|
|
"id": {
|
|
"const": "1c996275-f1c9-4e71-abdf-a42f6495e960"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 1,
|
|
"minItems": 1,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/children/create",
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/upload/create",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/path/update",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 120
|
|
},
|
|
"description": {
|
|
"const": "View, download, upload, edit, add, delete and manage members."
|
|
},
|
|
"displayName": {
|
|
"const": "Can manage"
|
|
},
|
|
"id": {
|
|
"const": "312c0871-5ef7-4b3a-85b6-0e4074c64049"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 1,
|
|
"minItems": 1,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/permissions/create",
|
|
"libre.graph/driveItem/children/create",
|
|
"libre.graph/driveItem/standard/delete",
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/upload/create",
|
|
"libre.graph/driveItem/permissions/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/versions/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/path/update",
|
|
"libre.graph/driveItem/permissions/delete",
|
|
"libre.graph/driveItem/deleted/delete",
|
|
"libre.graph/driveItem/versions/update",
|
|
"libre.graph/driveItem/deleted/update",
|
|
"libre.graph/driveItem/basic/read",
|
|
"libre.graph/driveItem/permissions/update",
|
|
"libre.graph/driveItem/permissions/deny"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Root"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
"""
|
|
|
|
|
|
Scenario: get details of a specific permission role definition
|
|
When user "Alice" gets the "Viewer" role definition using the Graph API
|
|
Then the HTTP status code should be "200"
|
|
And the JSON data of the response should match
|
|
"""
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight":{
|
|
"const": 10
|
|
},
|
|
"description": {
|
|
"const": "View and download."
|
|
},
|
|
"displayName": {
|
|
"const": "Can view"
|
|
},
|
|
"id": {
|
|
"const": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 4,
|
|
"minItems": 4,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.File"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.File \u0026\u0026 @Subject.UserType==\"Federated\""
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/quota/read",
|
|
"libre.graph/driveItem/content/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/deleted/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder \u0026\u0026 @Subject.UserType==\"Federated\""
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
"""
|
|
|
|
@env-config
|
|
Scenario: get details of a secure viewer role definition
|
|
Given the administrator has enabled the permissions role "Secure Viewer"
|
|
When user "Alice" gets the "Secure Viewer" role definition using the Graph API
|
|
Then the HTTP status code should be "200"
|
|
And the JSON data of the response should match
|
|
"""
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"@libre.graph.weight",
|
|
"description",
|
|
"displayName",
|
|
"id",
|
|
"rolePermissions"
|
|
],
|
|
"properties": {
|
|
"@libre.graph.weight": {
|
|
"const": 20
|
|
},
|
|
"description": {
|
|
"const": "View only documents, images and PDFs. Watermarks will be applied."
|
|
},
|
|
"displayName": {
|
|
"const": "Can view (secure)"
|
|
},
|
|
"id": {
|
|
"const": "aa97fe03-7980-45ac-9e50-b325749fd7e6"
|
|
},
|
|
"rolePermissions": {
|
|
"type": "array",
|
|
"maxItems": 2,
|
|
"minItems": 2,
|
|
"uniqueItems": true,
|
|
"items": {
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.File"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"allowedResourceActions",
|
|
"condition"
|
|
],
|
|
"properties": {
|
|
"allowedResourceActions": {
|
|
"const": [
|
|
"libre.graph/driveItem/path/read",
|
|
"libre.graph/driveItem/children/read",
|
|
"libre.graph/driveItem/basic/read"
|
|
]
|
|
},
|
|
"condition": {
|
|
"const": "exists @Resource.Folder"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
"""
|