From 0ac03d8a899700701fc130bc2e41eb81e42241a8 Mon Sep 17 00:00:00 2001 From: Amrita <54478846+amrita-shrestha@users.noreply.github.com> Date: Wed, 15 May 2024 10:51:55 +0545 Subject: [PATCH] extend list permission tests coverage for root endpoint (#9125) --- .../apiSharingNg/listPermissions.feature | 257 +++++++++++++----- .../updateShareInvitations.feature | 3 - .../features/bootstrap/SharingNgContext.php | 71 +++++ 3 files changed, 264 insertions(+), 67 deletions(-) diff --git a/tests/acceptance/features/apiSharingNg/listPermissions.feature b/tests/acceptance/features/apiSharingNg/listPermissions.feature index e00eff74a..e1c1e662b 100644 --- a/tests/acceptance/features/apiSharingNg/listPermissions.feature +++ b/tests/acceptance/features/apiSharingNg/listPermissions.feature @@ -347,21 +347,20 @@ Feature: List a sharing permissions """ @issues-8352 - Scenario: sharer lists permissions of a shared project space + Scenario Outline: sharer lists permissions of a shared project space Given using spaces DAV path And user "Brian" has been created with default attributes and without skeleton files And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API And user "Alice" has created a space "new-space" with the default quota using the Graph API And user "Alice" has sent the following space share invitation: - | space | new-space | - | sharee | Brian | - | shareType | user | - | permissionsRole | Space Viewer | - And user "Alice" has created the following resource link share: + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And user "Alice" has created the following space link share: | space | new-space | | permissionsRole | view | | password | %public% | - | resource | new-space | When user "Alice" lists the permissions of space "new-space" using permissions endpoint of the Graph API Then the HTTP status code should be "200" And the JSON data of the response should match @@ -641,6 +640,11 @@ Feature: List a sharing permissions } } """ + Examples: + | permissions-role | + | Space Viewer | + | Space Editor | + | Manager | @issues-8331 Scenario: user lists permissions of a file in personal space @@ -1323,18 +1327,77 @@ Feature: List a sharing permissions } """ + @issues-8331 + Scenario: user sends share invitation with all allowed roles for a folder in project space + Given using spaces DAV path + And the administrator has assigned the role "Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has created a folder "folder" in space "new-space" + And user "Brian" has been created with default attributes and without skeleton files + When user "Alice" gets permissions list for folder "folder" of the space "new-space" using the Graph API + Then the HTTP status code should be "200" + And user "Alice" should be able to send share the following invitation with all allowed permission roles + | resource | folder | + | space | new-space | + | sharee | Brian | + | shareType | user | - Scenario: member with viewer role lists the permissions of a project space using permissions endpoint + + Scenario: try to list the permissions of other user's personal space + Given using spaces DAV path + And user "Brian" has been created with default attributes and without skeleton files + When user "Brian" tries to list the permissions of space "Personal" owned by "Alice" using permissions endpoint of the Graph API + Then the HTTP status code should be "404" + And the JSON data of the response should match + """ + { + "type": "object", + "required": ["error"], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "innererror", + "message" + ], + "properties": { + "code": { + "const": "itemNotFound" + }, + "innererror": { + "type": "object", + "required": [ + "date", + "request-id" + ] + }, + "message": { + "type": "string", + "pattern": "stat: error: not found: %file_id_pattern%$" + } + } + } + } + } + """ + + + Scenario Outline: sharer lists permissions of a shared project space using root endpoint Given using spaces DAV path And user "Brian" has been created with default attributes and without skeleton files And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API And user "Alice" has created a space "new-space" with the default quota using the Graph API And user "Alice" has sent the following space share invitation: - | space | new-space | - | sharee | Brian | - | shareType | user | - | permissionsRole | Space Viewer | - When user "Brian" lists the permissions of space "new-space" using permissions endpoint of the Graph API + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And user "Alice" has created the following space link share: + | space | new-space | + | permissionsRole | view | + | password | %public% | + When user "Alice" lists the permissions of space "new-space" using root endpoint of the Graph API Then the HTTP status code should be "200" And the JSON data of the response should match """ @@ -1348,19 +1411,31 @@ Feature: List a sharing permissions "properties": { "@libre.graph.permissions.actions.allowedValues": { "const": [ + "libre.graph/driveItem/permissions/create", + "libre.graph/driveItem/children/create", + "libre.graph/driveItem/standard/delete", "libre.graph/driveItem/path/read", "libre.graph/driveItem/quota/read", "libre.graph/driveItem/content/read", + "libre.graph/driveItem/upload/create", "libre.graph/driveItem/permissions/read", "libre.graph/driveItem/children/read", + "libre.graph/driveItem/versions/read", "libre.graph/driveItem/deleted/read", - "libre.graph/driveItem/basic/read" + "libre.graph/driveItem/path/update", + "libre.graph/driveItem/permissions/delete", + "libre.graph/driveItem/deleted/delete", + "libre.graph/driveItem/versions/update", + "libre.graph/driveItem/deleted/update", + "libre.graph/driveItem/basic/read", + "libre.graph/driveItem/permissions/update", + "libre.graph/driveItem/permissions/deny" ] }, "@libre.graph.permissions.roles.allowedValues": { "type": "array", - "minItems": 2, - "maxItems": 2, + "minItems": 4, + "maxItems": 4, "uniqueItems": true, "items": { "oneOf": [ @@ -1409,14 +1484,60 @@ Feature: List a sharing permissions "const": "a8d5fe5e-96e3-418d-825b-534dbdf22b99" } } + }, + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "@libre.graph.weight": { + "const": 3 + }, + "description": { + "const": "View, download, upload, edit, add and delete." + }, + "displayName": { + "const": "Can edit" + }, + "id": { + "const": "58c63c02-1d89-4572-916a-870abc5a1b7d" + } + } + }, + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "@libre.graph.weight": { + "const": 4 + }, + "description": { + "const": "View, download, upload, edit, add, delete and manage members." + }, + "displayName": { + "const": "Can manage" + }, + "id": { + "const": "312c0871-5ef7-4b3a-85b6-0e4074c64049" + } + } } ] } }, "value": { "type": "array", - "minItems": 2, - "maxItems": 2, + "minItems": 3, + "maxItems": 3, "uniqueItems": true, "items": { "oneOf":[ @@ -1503,6 +1624,51 @@ Feature: List a sharing permissions } } } + }, + { + "type": "object", + "required": [ + "hasPassword", + "id", + "link" + ], + "properties": { + "hasPassword": { + "const": true + }, + "id": { + "type": "string", + "pattern": "^[a-zA-Z]{15}$" + }, + "link": { + "type": "object", + "required": [ + "@libre.graph.displayName", + "@libre.graph.quickLink", + "preventsDownload", + "type", + "webUrl" + ], + "properties": { + "@libre.graph.displayName": { + "const": "" + }, + "@libre.graph.quickLink": { + "const": false + }, + "preventsDownload": { + "const": false + }, + "type": { + "const": "view" + }, + "webUrl": { + "type": "string", + "pattern": "^%base_url%\/s\/[a-zA-Z]{15}$" + } + } + } + } } ] } @@ -1510,58 +1676,21 @@ Feature: List a sharing permissions } } """ + Examples: + | permissions-role | + | Space Viewer | + | Space Editor | + | Manager | - @issues-8331 - Scenario: user sends share invitation with all allowed roles for a folder in project space + + Scenario: user sends share invitation with all allowed roles for a project space using root endpoint Given using spaces DAV path And the administrator has assigned the role "Admin" to user "Alice" using the Graph API And user "Alice" has created a space "new-space" with the default quota using the Graph API - And user "Alice" has created a folder "folder" in space "new-space" And user "Brian" has been created with default attributes and without skeleton files - When user "Alice" gets permissions list for folder "folder" of the space "new-space" using the Graph API + When user "Alice" lists the permissions of space "new-space" using root endpoint of the Graph API Then the HTTP status code should be "200" - And user "Alice" should be able to send share the following invitation with all allowed permission roles - | resource | folder | + And user "Alice" should be able to send the following space share invitation with all allowed permission roles using root endpoint of the Graph API | space | new-space | | sharee | Brian | | shareType | user | - - - Scenario: try to list the permissions of other user's personal space - Given using spaces DAV path - And user "Brian" has been created with default attributes and without skeleton files - When user "Brian" tries to list the permissions of space "Personal" owned by "Alice" using permissions endpoint of the Graph API - Then the HTTP status code should be "404" - And the JSON data of the response should match - """ - { - "type": "object", - "required": ["error"], - "properties": { - "error": { - "type": "object", - "required": [ - "code", - "innererror", - "message" - ], - "properties": { - "code": { - "const": "itemNotFound" - }, - "innererror": { - "type": "object", - "required": [ - "date", - "request-id" - ] - }, - "message": { - "type": "string", - "pattern": "stat: error: not found: %file_id_pattern%$" - } - } - } - } - } - """ \ No newline at end of file diff --git a/tests/acceptance/features/apiSharingNg/updateShareInvitations.feature b/tests/acceptance/features/apiSharingNg/updateShareInvitations.feature index b82b366ee..04223e7bf 100644 --- a/tests/acceptance/features/apiSharingNg/updateShareInvitations.feature +++ b/tests/acceptance/features/apiSharingNg/updateShareInvitations.feature @@ -619,10 +619,7 @@ Feature: Update permission of a share Examples: | permissions-role | | Space Viewer | - | Space Viewer | | Space Editor | - | Space Editor | - | Manager | | Manager | diff --git a/tests/acceptance/features/bootstrap/SharingNgContext.php b/tests/acceptance/features/bootstrap/SharingNgContext.php index 76e1afd13..a41968791 100644 --- a/tests/acceptance/features/bootstrap/SharingNgContext.php +++ b/tests/acceptance/features/bootstrap/SharingNgContext.php @@ -1376,4 +1376,75 @@ class SharingNgContext implements Context { } } } + + /** + * @Then user :user should be able to send the following space share invitation with all allowed permission roles using root endpoint of the Graph API + * + * @param string $user + * @param TableNode $table + * + * @return void + * @throws GuzzleException + */ + public function userShouldBeAbleToSendTheFollowingSpaceShareInvitationWithAllAllowedPermissionRolesUsingRootEndpointOFTheGraphApi(string $user, TableNode $table): void { + $listPermissionResponse = $this->featureContext->getJsonDecodedResponseBodyContent(); + if (!isset($listPermissionResponse->{'@libre.graph.permissions.roles.allowedValues'})) { + Assert::fail( + "The following response does not contain '@libre.graph.permissions.roles.allowedValues' property:\n" . $listPermissionResponse + ); + } + Assert::assertNotEmpty( + $listPermissionResponse->{'@libre.graph.permissions.roles.allowedValues'}, + "'@libre.graph.permissions.roles.allowedValues' should not be empty" + ); + $allowedPermissionRoles = $listPermissionResponse->{'@libre.graph.permissions.roles.allowedValues'}; + // this info is needed for log to see which roles allowed and which were not when tests fail + $shareInvitationRequestResult = "From the given allowed role lists from the permissions:\n"; + $areAllSendInvitationSuccessFullForAllowedRoles = true; + $rows = $table->getRowsHash(); + + $shareType = $rows['shareType']; + $space = $rows['space']; + $recipient = $rows['sharee']; + + foreach ($allowedPermissionRoles as $role) { + // we should be able to send share invitation for each of the roles allowed which are listed in permissions (allowed) + $roleAllowed = GraphHelper::getPermissionNameByPermissionRoleId($role->id); + $responseSendInvitation = $this->sendDriveShareInvitation($user, new TableNode(array_merge($table->getTable(), [['permissionsRole', $roleAllowed]]))); + $jsonResponseSendInvitation = $this->featureContext->getJsonDecodedResponseBodyContent($responseSendInvitation); + $httpsStatusCode = $responseSendInvitation->getStatusCode(); + if ($httpsStatusCode === 200 && !empty($jsonResponseSendInvitation->value)) { + // remove the share so that the same user can be share for the next allowed roles + $removePermissionsResponse = $this->removeAccessToSpace($user, $shareType, $space, $recipient); + Assert::assertEquals(204, $removePermissionsResponse->getStatusCode()); + } else { + $areAllSendInvitationSuccessFullForAllowedRoles = false; + $shareInvitationRequestResult .= "\tShare invitation for " . $space . "' with role '" . $roleAllowed . "' failed and was not allowed.\n"; + } + } + Assert::assertTrue($areAllSendInvitationSuccessFullForAllowedRoles, $shareInvitationRequestResult); + } + + /** + * @When user :user tries to list the permissions of space :space owned by :spaceOwner using root endpoint of the Graph API + * + * @param string $user + * @param string $space + * @param string $spaceOwner + * + * @return void + * @throws GuzzleException + */ + public function userTriesToListThePermissionsOfSpaceOwnedByUsingRootEndpointOfTheGraphApi(string $user, string $space, string $spaceOwner): void { + $spaceId = ($this->spacesContext->getSpaceByName($spaceOwner, $space))["id"]; + + $response = GraphHelper::getDrivePermissionsList( + $this->featureContext->getBaseUrl(), + $this->featureContext->getStepLineRef(), + $user, + $this->featureContext->getPasswordForUser($user), + $spaceId + ); + $this->featureContext->setResponse($response); + } }