From 706ad82968c7e6ca83da560e4dfe6f7130d3cf13 Mon Sep 17 00:00:00 2001 From: Prajwol Amatya Date: Tue, 10 Dec 2024 09:59:52 +0545 Subject: [PATCH 1/2] added test to list shares shredByMe after the share role has been disabled --- .../bootstrap/OcisConfigContext.php | 45 ++++ .../features/apiSharingNg1/sharedByMe.feature | 214 ++++++++++++++++++ 2 files changed, 259 insertions(+) diff --git a/tests/acceptance/bootstrap/OcisConfigContext.php b/tests/acceptance/bootstrap/OcisConfigContext.php index 4a7a32172c9..85f20c871e6 100644 --- a/tests/acceptance/bootstrap/OcisConfigContext.php +++ b/tests/acceptance/bootstrap/OcisConfigContext.php @@ -31,6 +31,24 @@ * steps needed to re-configure oCIS server */ class OcisConfigContext implements Context { + private array $enabledPermissionsRoles = []; + + /** + * @return array + */ + public function getEnabledPermissionsRoles(): array { + return $this->enabledPermissionsRoles; + } + + /** + * @param array $enabledPermissionsRoles + * + * @return void + */ + public function setEnabledPermissionsRoles(array $enabledPermissionsRoles): void { + $this->enabledPermissionsRoles = $enabledPermissionsRoles; + } + /** * @Given async upload has been enabled with post-processing delayed to :delayTime seconds * @@ -99,6 +117,33 @@ public function theAdministratorHasEnabledTheRole(string $role): void { $response->getStatusCode(), "Failed to enable role $role" ); + $this->setEnabledPermissionsRoles($defaultRoles); + } + + /** + * @Given the administrator has disabled the permissions role :role + * + * @param string $role + * + * @return void + */ + public function theAdministratorHasDisabledThePermissionsRole(string $role): void { + $roleId = GraphHelper::getPermissionsRoleIdByName($role); + $availableRoles = $this->getEnabledPermissionsRoles(); + + if ($key = array_search($roleId, $availableRoles)) { + unset($availableRoles[$key]); + } + $envs = [ + "GRAPH_AVAILABLE_ROLES" => implode(',', $availableRoles), + ]; + $response = OcisConfigHelper::reConfigureOcis($envs); + Assert::assertEquals( + 200, + $response->getStatusCode(), + "Failed to disable role $role" + ); + $this->setEnabledPermissionsRoles($availableRoles); } /** diff --git a/tests/acceptance/features/apiSharingNg1/sharedByMe.feature b/tests/acceptance/features/apiSharingNg1/sharedByMe.feature index 71c85b51e6e..ad4df240717 100644 --- a/tests/acceptance/features/apiSharingNg1/sharedByMe.feature +++ b/tests/acceptance/features/apiSharingNg1/sharedByMe.feature @@ -3863,3 +3863,217 @@ Feature: resources shared by user } } """ + + @env-config + Scenario Outline: sharer lists the shares shared with Secure Viewer after the role is disabled (Personal Space) + Given the administrator has enabled the permissions role "Secure Viewer" + And user "Alice" has uploaded file with content "some content" to "textfile.txt" + And user "Alice" has created folder "folderToShare" + And user "Alice" has sent the following resource share invitation: + | resource | | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And user "Brian" has a share "" synced + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "const": [ + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/basic/read" + ] + }, + "roles": { "const": null } + } + } + } + } + } + """ + Examples: + | resource | + | textfile.txt | + | folderToShare | + + @env-config + Scenario: sharer lists the shares shared with Denied after the role is disabled (Personal Space) + Given the administrator has enabled the permissions role "Denied" + And user "Alice" has created folder "folderToShare" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Denied | + And the administrator has disabled the permissions role "Denied" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "folderToShare" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "const": ["none"] + }, + "roles": { "const": null } + } + } + } + } + } + """ + + @env-config + Scenario Outline: sharer lists the shares shared with Secure Viewer after the role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the permissions role "Secure Viewer" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has uploaded a file inside space "new-space" with content "some content" to "textfile.txt" + And user "Alice" has created a folder "folderToShare" in space "new-space" + And user "Alice" has sent the following resource share invitation: + | resource | | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And user "Brian" has a share "" synced + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "const": [ + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/basic/read" + ] + }, + "roles": { "const": null } + } + } + } + } + } + """ + Examples: + | resource | + | textfile.txt | + | folderToShare | + + @env-config + Scenario: sharer lists the shares shared with Denied after the role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the permissions role "Denied" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has created a folder "folderToShare" in space "new-space" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Denied | + And the administrator has disabled the permissions role "Denied" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "folderToShare" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "const": ["none"] + }, + "roles": { "const": null } + } + } + } + } + } + """ From 97814fadd1c0ee71f91d73a7e345adbc67668634 Mon Sep 17 00:00:00 2001 From: Prajwol Amatya Date: Wed, 11 Dec 2024 14:29:15 +0545 Subject: [PATCH 2/2] added test to update role to existing roles after assigned role is disabled --- .../bootstrap/OcisConfigContext.php | 27 ++ tests/acceptance/config/behat.yml | 1 + .../updateShareInvitations.feature | 355 ++++++++++++++++++ 3 files changed, 383 insertions(+) diff --git a/tests/acceptance/bootstrap/OcisConfigContext.php b/tests/acceptance/bootstrap/OcisConfigContext.php index 85f20c871e6..8b40442b3e8 100644 --- a/tests/acceptance/bootstrap/OcisConfigContext.php +++ b/tests/acceptance/bootstrap/OcisConfigContext.php @@ -120,6 +120,33 @@ public function theAdministratorHasEnabledTheRole(string $role): void { $this->setEnabledPermissionsRoles($defaultRoles); } + /** + * @Given the administrator has enabled the following permissions roles: + * + * @param TableNode $table + * + * @return void + */ + public function theAdministratorHasEnabledTheFollowingPermissionsRoles(TableNode $table): void { + $defaultRoles = array_values(GraphHelper::DEFAULT_PERMISSIONS_ROLES); + foreach ($table->getRows() as $row) { + $roleId = GraphHelper::getPermissionsRoleIdByName($row[0]); + if (!\in_array($row[0], $defaultRoles)) { + $defaultRoles[] = $roleId; + } + } + $envs = [ + "GRAPH_AVAILABLE_ROLES" => implode(',', $defaultRoles) + ]; + $response = OcisConfigHelper::reConfigureOcis($envs); + Assert::assertEquals( + 200, + $response->getStatusCode(), + "Failed to enable role" + ); + $this->setEnabledPermissionsRoles($defaultRoles); + } + /** * @Given the administrator has disabled the permissions role :role * diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 04a57217c77..cca3853518d 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -359,6 +359,7 @@ default: - FeatureContext: *common_feature_context_params - SpacesContext: - SharingNgContext: + - OcisConfigContext: apiSharingNgLinkSharePermission: paths: diff --git a/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature b/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature index a16350bd6d3..4436d7c3cca 100644 --- a/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature +++ b/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature @@ -1181,3 +1181,358 @@ Feature: Update permission of a share | Space Editor | Manager | | Manager | Space Viewer | | Manager | Space Editor | + + @env-config + Scenario Outline: update share role of file to an existing role after assigned share role is disabled (Personal Space) + Given the administrator has enabled the permissions role "Secure Viewer" + And user "Alice" has uploaded file with content "hello world" to "textfile.txt" + And user "Alice" has sent the following resource share invitation: + | resource | textfile.txt | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | Personal | + | resource | textfile.txt | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | new-permissions-role | + | File Editor | + | Viewer | + + @env-config + Scenario Outline: update share role of folder to an existing role after assigned share role is disabled (Personal Space) + Given the administrator has enabled the following permissions roles: + | Secure Viewer | + | Denied | + And user "Alice" has created folder "folderToShare" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And the administrator has disabled the permissions role "" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | Personal | + | resource | folderToShare | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | permissions-role | new-permissions-role | + | Secure Viewer | Uploader | + | Secure Viewer | Editor | + | Secure Viewer | Viewer | + | Secure Viewer | Denied | + | Denied | Uploader | + | Denied | Editor | + | Denied | Viewer | + | Denied | Secure Viewer | + + @env-config + Scenario Outline: update share role of file to an existing role after assigned share role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the permissions role "Secure Viewer" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has uploaded a file inside space "new-space" with content "some content" to "textfile.txt" + And user "Alice" has sent the following resource share invitation: + | resource | textfile.txt | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | new-space | + | resource | textfile.txt | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | new-permissions-role | + | File Editor | + | Viewer | + + @env-config + Scenario Outline: update share role of folder to an existing role after assigned share role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the following permissions roles: + | Secure Viewer | + | Denied | + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has created a folder "folderToShare" in space "new-space" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And the administrator has disabled the permissions role "" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | new-space | + | resource | folderToShare | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | permissions-role | new-permissions-role | + | Secure Viewer | Uploader | + | Secure Viewer | Editor | + | Secure Viewer | Viewer | + | Secure Viewer | Denied | + | Denied | Uploader | + | Denied | Editor | + | Denied | Viewer | + | Denied | Secure Viewer | + + @env-config + Scenario Outline: update share role of project space to an existing role after assigned share role is disabled + Given using spaces DAV path + And the administrator has enabled the permissions role "Space Editor Without Versions" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has sent the following space share invitation: + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Space Editor Without Versions | + And the administrator has disabled the permissions role "Space Editor Without Versions" + When user "Alice" updates the last drive share with the following using root endpoint of the Graph API: + | permissionsRole | | + | space | new-space | + | shareType | user | + | sharee | Brian | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^u:%user_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | new-permissions-role | + | Space Viewer | + | Space Editor | + | Manager |