diff --git a/tests/acceptance/features/apiGraph/removeUserFromGroup.feature b/tests/acceptance/features/apiGraph/removeUserFromGroup.feature new file mode 100644 index 000000000..37584b359 --- /dev/null +++ b/tests/acceptance/features/apiGraph/removeUserFromGroup.feature @@ -0,0 +1,168 @@ +@api @skipOnOcV10 +Feature: remove a user from a group + As an admin + I want to be able to remove a user from a group + So that I can manage user access to group resources + + Background: + Given user "Alice" has been created with default attributes and without skeleton files + + + Scenario: admin removes a user from a group + Given these groups have been created: + | groupname | comment | + | brand-new-group | nothing special here | + | España§àôœ€ | special European and other characters | + | नेपाली | Unicode group name | + And the following users have been added to the following groups + | username | groupname | + | Alice | brand-new-group | + | Alice | España§àôœ€ | + | Alice | नेपाली | + When the administrator removes the following users from the following groups using the Graph API + | username | groupname | + | Alice | brand-new-group | + | Alice | España§àôœ€ | + | Alice | नेपाली | + Then the HTTP status code of responses on all endpoints should be "204" + And the following users should not belong to the following groups + | username | groupname | + | Alice | brand-new-group | + | Alice | España§àôœ€ | + | Alice | नेपाली | + + + Scenario: admin removes a user from a group with special characters + Given these groups have been created: + | groupname | comment | + | brand-new-group | dash | + | the.group | dot | + | left,right | comma | + | 0 | The "false" group | + | Finance (NP) | Space and brackets | + | Admin&Finance | Ampersand | + | admin:Pokhara@Nepal | Colon and @ | + | maint+eng | Plus sign | + | $x<=>[y*z^2]! | Maths symbols | + | Mgmt\Middle | Backslash | + | 😁 😂 | emoji | + And the following users have been added to the following groups + | username | groupname | + | Alice | brand-new-group | + | Alice | the.group | + | Alice | left,right | + | Alice | 0 | + | Alice | Finance (NP) | + | Alice | Admin&Finance | + | Alice | admin:Pokhara@Nepal | + | Alice | maint+eng | + | Alice | $x<=>[y*z^2]! | + | Alice | Mgmt\Middle | + | Alice | 😁 😂 | + When the administrator removes the following users from the following groups using the Graph API + | username | groupname | + | Alice | brand-new-group | + | Alice | the.group | + | Alice | left,right | + | Alice | 0 | + | Alice | Finance (NP) | + | Alice | Admin&Finance | + | Alice | admin:Pokhara@Nepal | + | Alice | maint+eng | + | Alice | $x<=>[y*z^2]! | + | Alice | Mgmt\Middle | + | Alice | 😁 😂 | + Then the HTTP status code of responses on all endpoints should be "204" + And the following users should not belong to the following groups + | username | groupname | + | Alice | brand-new-group | + | Alice | the.group | + | Alice | left,right | + | Alice | 0 | + | Alice | Finance (NP) | + | Alice | Admin&Finance | + | Alice | admin:Pokhara@Nepal | + | Alice | maint+eng | + | Alice | $x<=>[y*z^2]! | + | Alice | Mgmt\Middle | + | Alice | 😁 😂 | + + + Scenario: admin removes a user from a group having % and # in their names + Given these groups have been created: + | groupname | comment | + | maintenance#123 | Hash sign | + | 50%25=0 | %25 literal looks like an escaped "%" | + | staff?group | Question mark | + | 50%pass | Percent sign (special escaping happens) | + | 50%2Eagle | %2E literal looks like an escaped "." | + | 50%2Fix | %2F literal looks like an escaped slash | + And the following users have been added to the following groups + | username | groupname | + | Alice | maintenance#123 | + | Alice | 50%25=0 | + | Alice | staff?group | + | Alice | 50%pass | + | Alice | 50%2Eagle | + | Alice | 50%2Fix | + When the administrator removes the following users from the following groups using the Graph API + | username | groupname | + | Alice | maintenance#123 | + | Alice | 50%25=0 | + | Alice | staff?group | + | Alice | 50%pass | + | Alice | 50%2Eagle | + | Alice | 50%2Fix | + Then the HTTP status code of responses on all endpoints should be "204" + And the following users should not belong to the following groups + | username | groupname | + | Alice | maintenance#123 | + | Alice | 50%25=0 | + | Alice | staff?group | + | Alice | 50%pass | + | Alice | 50%2Eagle | + | Alice | 50%2Fix | + + + Scenario: admin removes a user from a group that has forward-slash(s) in the group name + Given these groups have been created: + | groupname | comment | + | Mgmt/Sydney | Slash (special escaping happens) | + | Mgmt//NSW/Sydney | Multiple slash | + | priv/subadmins/1 | Subadmins mentioned not at the end | + | var/../etc | using slash-dot-dot | + And the following users have been added to the following groups + | username | groupname | + | Alice | Mgmt/Sydney | + | Alice | Mgmt//NSW/Sydney | + | Alice | priv/subadmins/1 | + | Alice | var/../etc | + When the administrator removes the following users from the following groups using the Graph API + | username | groupname | + | Alice | Mgmt/Sydney | + | Alice | Mgmt//NSW/Sydney | + | Alice | priv/subadmins/1 | + | Alice | var/../etc | + Then the HTTP status code of responses on all endpoints should be "204" + And the following users should not belong to the following groups + | username | groupname | + | Alice | Mgmt/Sydney | + | Alice | Mgmt//NSW/Sydney | + | Alice | priv/subadmins/1 | + | Alice | var/../etc | + + + Scenario: admin tries to remove a user from a non-existing group + When the administrator tries to remove user "Alice" from group "nonexistentgroup" using the Graph API + Then the HTTP status code should be "404" + + + Scenario: normal user tries to remove a user in their group + Given user "Brian" has been created with default attributes and without skeleton files + And group "grp1" has been created + And user "Alice" has been added to group "grp1" + And user "Brian" has been added to group "grp1" + When user "Alice" tries to remove user "Brian" from group "grp1" using the Graph API + Then the HTTP status code should be "401" + And the last response should be an unauthorized response + And user "Brian" should belong to group "grp1" diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php index 320641266..a65692a95 100644 --- a/tests/acceptance/features/bootstrap/GraphContext.php +++ b/tests/acceptance/features/bootstrap/GraphContext.php @@ -233,6 +233,28 @@ class GraphContext implements Context { ); } + /** + * remove user from group + * + * @param string $groupId + * @param string $userId + * @param string|null $byUser + * + * @return ResponseInterface + * @throws GuzzleException + */ + public function removeUserFromGroup(string $groupId, string $userId, ?string $byUser = null): ResponseInterface { + $credentials = $this->getAdminOrUserCredentials($byUser); + return GraphHelper::removeUserFromGroup( + $this->featureContext->getBaseUrl(), + $this->featureContext->getStepLineRef(), + $credentials['username'], + $credentials['password'], + $userId, + $groupId, + ); + } + /** * @param string $user * @param string $group @@ -243,16 +265,9 @@ class GraphContext implements Context { */ public function adminHasRemovedUserFromGroupUsingTheGraphApi(string $user, string $group): void { $user = $this->featureContext->getActualUsername($user); - $userId = $this->featureContext->getAttributeOfCreatedUser($user, "id"); $groupId = $this->featureContext->getAttributeOfCreatedGroup($group, "id"); - $response = GraphHelper::removeUserFromGroup( - $this->featureContext->getBaseUrl(), - $this->featureContext->getStepLineRef(), - $this->featureContext->getAdminUsername(), - $this->featureContext->getAdminPassword(), - $userId, - $groupId, - ); + $userId = $this->featureContext->getAttributeOfCreatedUser($user, "id"); + $response = $this->removeUserFromGroup($groupId, $userId); $this->featureContext->setResponse($response); $this->featureContext->thenTheHTTPStatusCodeShouldBe(204); } @@ -926,4 +941,61 @@ class GraphContext implements Context { public function userRenamesGroupUsingTheGraphApi(string $user, string $oldGroup, string $newGroup): void { $this->featureContext->setResponse($this->renameGroup($oldGroup, $newGroup, $user)); } + + /** + * @When the administrator removes the following users from the following groups using the Graph API + * + * @param TableNode $table + * + * @return void + */ + public function theAdministratorRemovesTheFollowingUsersFromTheFollowingGroupsUsingTheGraphApi(TableNode $table): void { + $this->featureContext->verifyTableNodeColumns($table, ['username', 'groupname']); + $usersGroups = $table->getColumnsHash(); + + foreach ($usersGroups as $userGroup) { + $groupId = $this->featureContext->getAttributeOfCreatedGroup($userGroup['groupname'], "id"); + $userId = $this->featureContext->getAttributeOfCreatedUser($userGroup['username'], "id"); + $this->featureContext->setResponse($this->removeUserFromGroup($groupId, $userId)); + $this->featureContext->pushToLastHttpStatusCodesArray(); + } + } + + /** + * @When the administrator removes user :user from group :group using the Graph API + * + * @param string $user + * @param string $group + * + * @return void + */ + public function theAdministratorTriesToRemoveUserFromGroupUsingTheGraphAPI(string $user, string $group): void { + $groupId = $this->featureContext->getAttributeOfCreatedGroup($group, "id"); + $userId = $this->featureContext->getAttributeOfCreatedUser($user, "id"); + $this->featureContext->setResponse($this->removeUserFromGroup($groupId, $userId)); + } + + /** + * @When the administrator tries to remove user :user from group :group using the Graph API + * @When user :byUser tries to remove user :user from group :group using the Graph API + * + * @param string $user + * @param string $group + * @param string|null $byUser + * + * @return void + */ + public function theUserTriesToRemoveAnotherUserFromGroupUsingTheGraphAPI(string $user, string $group, ?string $byUser = null): void { + try { + $groupId = $this->featureContext->getAttributeOfCreatedGroup($group, "id"); + } catch (Exception $e) { + $groupId = WebDavHelper::generateUUIDv4(); + } + try { + $userId = $this->featureContext->getAttributeOfCreatedUser($user, "id"); + } catch (Exception $e) { + $userId = WebDavHelper::generateUUIDv4(); + } + $this->featureContext->setResponse($this->removeUserFromGroup($groupId, $userId, $byUser)); + } }