mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-23 05:59:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

[tests-only][full-ci]Extend tests coverage for different role capability for spaces (#5853)

Browse Source 
* Add tests related to different user role manipulating space

* Review addressed

* Refactor existing scenario
This commit is contained in:
Amrita
2023-03-28 09:10:21 +05:45
committed by GitHub
parent 63ba5613c0
commit 382aa58c8b
8 changed files with 426 additions and 285 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
View File

@@ -176,5 +176,12 @@ The expected failures in this file are from features in the owncloud/ocis repo.
- [apiGraph/addUserToGroup.feature:316](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L316)
- [apiGraph/addUserToGroup.feature:330](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/addUserToGroup.feature#L330)
#### [Admin user can't restore other user spaces](https://github.com/owncloud/ocis/issues/5872)
- [apiSpaces/restoreSpaces.feature:94](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/restoreSpaces.feature#L94)
#### [https://github.com/owncloud/ocis/issues/5938](https://github.com/owncloud/ocis/issues/5938)
- [apiSpaces/createSpace.feature:18](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/createSpace.feature#L18)
- [apiSpaces/createSpace.feature:19](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpaces/createSpace.feature#L19)
Note: always have an empty line at the end of this file.
The bash script that processes this file requires that the last line has a newline on the end.

156
tests/acceptance/features/apiSpaces/createSpace.feature Normal file
View File

@@ -0,0 +1,156 @@
@api
Feature: create space
As an admin and space admin
I want to create new spaces
So that I can organize a set of resources in a hierarchical tree
Background:
Given user "Alice" has been created with default attributes and without skeleton files
Scenario Outline: user with role user and guest can't create Space via Graph API
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" tries to create a space "Project Mars" of type "project" with the default quota using the Graph API
Then the HTTP status code should be "403"
And the user "Alice" should not have a space called "share space"
Examples:
| role |
| User |
| Guest |
Scenario Outline: an admin or space admin user can create a Space via the Graph API with a default quota
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the Graph API
Then the HTTP status code should be "201"
And the JSON response should contain space called "Project Mars" and match
"""
{
"type": "object",
"required": [
"driveType",
"driveAlias",
"name",
"id",
"quota",
"root",
"webUrl"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Mars"]
},
"driveType": {
"type": "string",
"enum": ["project"]
},
"driveAlias": {
"type": "string",
"enum": ["project/project-mars"]
},
"id": {
"type": "string",
"enum": ["%space_id%"]
},
"quota": {
"type": "object",
"required": [
"total"
],
"properties": {
"state": {
"type": "number",
"enum": [1000000000]
}
}
},
"root": {
"type": "object",
"required": [
"webDavUrl"
],
"properties": {
"webDavUrl": {
"type": "string",
"enum": ["%base_url%/dav/spaces/%space_id%"]
}
}
},
"webUrl": {
"type": "string",
"enum": ["%base_url%/f/%space_id%"]
}
}
}
"""
Examples:
| role |
| Admin |
| Space Admin |
Scenario Outline: an admin or space admin user can create a Space via the Graph API with certain quota
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the Graph API
Then the HTTP status code should be "201"
And the JSON response should contain space called "Project Venus" and match
"""
{
"type": "object",
"required": [
"driveType",
"name",
"id",
"quota",
"root",
"webUrl"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Venus"]
},
"driveType": {
"type": "string",
"enum": ["project"]
},
"id": {
"type": "string",
"enum": ["%space_id%"]
},
"quota": {
"type": "object",
"required": [
"total"
],
"properties": {
"state": {
"type": "number",
"enum": [2000]
}
}
},
"root": {
"type": "object",
"required": [
"webDavUrl"
],
"properties": {
"webDavUrl": {
"type": "string",
"enum": ["%base_url%/dav/spaces/%space_id%"]
}
}
},
"webUrl": {
"type": "string",
"enum": ["%base_url%/f/%space_id%"]
}
}
}
"""
Examples:
| role |
| Admin |
| Space Admin |

130
tests/acceptance/features/apiSpaces/deleteSpaces.feature
View File

@@ -1,130 +0,0 @@
@api @skipOnOcV10
Feature: Disabling and deleting space
As a manager of space
I want to be able to disable the space first, then delete it.
I want to make sure that a disabled spaces isn't accessible by shared users.
Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production
See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839
Background:
Given these users have been created with default attributes and without skeleton files:
| username |
| Alice |
| Brian |
| Bob |
And the administrator has given "Alice" the role "Space Admin" using the settings api
And user "Alice" has created a space "Project Moon" with the default quota using the GraphApi
And user "Alice" has shared a space "Project Moon" with settings:
| shareWith | Brian |
| role | editor |
And user "Alice" has shared a space "Project Moon" with settings:
| shareWith | Bob |
| role | viewer |
Scenario Outline: A space admin user can disable a Space via the Graph API
When user "Alice" disables a space "Project Moon"
Then the HTTP status code should be "204"
And for user "Alice" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name",
"root"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
},
"root": {
"type": "object",
"required": [
"deleted"
],
"properties": {
"deleted": {
"type": "object",
"required": [
"state"
],
"properties": {
"state": {
"type": "string",
"enum": ["trashed"]
}
}
}
}
}
}
}
"""
And the user "<user>" should not have a space called "Project Moon"
Examples:
| user |
| Brian |
| Bob |
Scenario Outline: An user without space admin role cannot disable a Space via the Graph API
When user "<user>" disables a space "Project Moon"
Then the HTTP status code should be "403"
And for user "<user>" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
}
}
}
"""
Examples:
| user |
| Brian |
| Bob |
Scenario: A space manager can delete a disabled Space via the webDav API
Given user "Alice" has disabled a space "Project Moon"
When user "Alice" deletes a space "Project Moon"
Then the HTTP status code should be "204"
And the user "Alice" should not have a space called "Project Moon"
Scenario: An space manager can disable and delete Space in which files and folders exist via the webDav API
Given user "Alice" has uploaded a file inside space "Project Moon" with content "test" to "test.txt"
And user "Alice" has created a folder "MainFolder" in space "Project Moon"
When user "Alice" disables a space "Project Moon"
Then the HTTP status code should be "204"
When user "Alice" deletes a space "Project Moon"
Then the HTTP status code should be "204"
And the user "Alice" should not have a space called "Project Moon"
Scenario: An space manager cannot delete a space via the webDav API without first disabling it
When user "Alice" deletes a space "Project Moon"
Then the HTTP status code should be "400"
And for user "Alice" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
}
}
}
"""

234
tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature Normal file
View File

@@ -0,0 +1,234 @@
@api @skipOnOcV10
Feature: Disabling and deleting space
As a manager of space
I want to be able to disable the space first, then delete it.
So that a disabled spaces isn't accessible by shared users.
Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production
See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839
Background:
Given these users have been created with default attributes and without skeleton files:
| username |
| Alice |
| Brian |
| Bob |
| Carol |
And the administrator has given "Alice" the role "Space Admin" using the settings api
And user "Alice" has created a space "Project Moon" with the default quota using the GraphApi
And user "Alice" has shared a space "Project Moon" with settings:
| shareWith | Brian |
| role | editor |
And user "Alice" has shared a space "Project Moon" with settings:
| shareWith | Bob |
| role | viewer |
Scenario Outline: user can disable their own space via the Graph API
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" disables a space "Project Moon"
Then the HTTP status code should be "204"
And for user "Alice" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name",
"root"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
},
"root": {
"type": "object",
"required": [
"deleted"
],
"properties": {
"deleted": {
"type": "object",
"required": [
"state"
],
"properties": {
"state": {
"type": "string",
"enum": ["trashed"]
}
}
}
}
}
}
}
"""
And the user "Brian" should not have a space called "Project Moon"
And the user "Bob" should not have a space called "Project Moon"
Examples:
| role |
| Admin |
| Space Admin |
| User |
| Guest |
Scenario Outline: user with role user and guest cannot disable other space via the Graph API
Given the administrator has given "Carol" the role "<role>" using the settings api
When user "Carol" tries to disable a space "Project Moon" owned by user "Alice"
Then the HTTP status code should be "403"
And for user "Brian" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
}
}
}
"""
And for user "Bob" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
}
}
}
"""
Examples:
| role |
| User |
| Guest |
Scenario: a space manager can disable and delete space in which files and folders exist via the webDav API
Given user "Alice" has uploaded a file inside space "Project Moon" with content "test" to "test.txt"
And user "Alice" has created a folder "MainFolder" in space "Project Moon"
When user "Alice" disables a space "Project Moon"
Then the HTTP status code should be "204"
When user "Alice" deletes a space "Project Moon"
Then the HTTP status code should be "204"
And the user "Alice" should not have a space called "Project Moon"
Scenario Outline: user cannot delete their own space without first disabling it
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" deletes a space "Project Moon"
Then the HTTP status code should be "400"
And for user "Alice" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
}
}
}
"""
Examples:
| role |
| Admin |
| Space Admin |
| User |
| Guest |
Scenario Outline: user can delete their own disabled space via the Graph API
Given the administrator has given "Alice" the role "<role>" using the settings api
And user "Alice" has disabled a space "Project Moon"
When user "Alice" deletes a space "Project Moon"
Then the HTTP status code should be "204"
And the user "Alice" should not have a space called "Project Moon"
Examples:
| role |
| Admin |
| Space Admin |
| User |
| Guest |
Scenario Outline: an admin and space manager can disable other space via the Graph API
Given the administrator has given "Carol" the role "<role>" using the settings api
When user "Carol" tries to disable a space "Project Moon" owned by user "Alice"
Then the HTTP status code should be "204"
And for user "Alice" the JSON response should contain space called "Project Moon" and match
"""
{
"type": "object",
"required": [
"name",
"root"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Moon"]
},
"root": {
"type": "object",
"required": [
"deleted"
],
"properties": {
"deleted": {
"type": "object",
"required": [
"state"
],
"properties": {
"state": {
"type": "string",
"enum": ["trashed"]
}
}
}
}
}
}
}
"""
Examples:
| role |
| Admin |
| Space Admin |
Scenario Outline: an admin and space manager can delete other disabled Space
Given the administrator has given "Carol" the role "<role>" using the settings api
And user "Alice" has disabled a space "Project Moon"
When user "Carol" tries to delete a space "Project Moon" owned by user "Alice"
Then the HTTP status code should be "204"
And the user "Alice" should not have a space called "Project Moon"
Examples:
| role |
| Admin |
| Space Admin |
Scenario Outline: user with role user and guest cannot delete others disabled Space via the Graph API
Given the administrator has given "Carol" the role "<role>" using the settings api
And user "Alice" has disabled a space "Project Moon"
When user "Carol" tries to delete a space "Project Moon" owned by user "Alice"
Then the HTTP status code should be "403"
Examples:
| role |
| User |
| Guest |

150
tests/acceptance/features/apiSpaces/listSpaces.feature
View File

@@ -212,154 +212,6 @@ Feature: List and create spaces
Then the HTTP status code should be "207"
Scenario Outline: The user without permissions to create space cannot create a Space via Graph API
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the GraphApi
Then the HTTP status code should be "401"
And the user "Alice" should not have a space called "share space"
Examples:
| role |
| User |
| Guest |
Scenario Outline: An admin or space admin user can create a Space via the Graph API with default quota
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" creates a space "Project Mars" of type "project" with the default quota using the GraphApi
Then the HTTP status code should be "201"
And the JSON response should contain space called "Project Mars" and match
"""
{
"type": "object",
"required": [
"driveType",
"driveAlias",
"name",
"id",
"quota",
"root",
"webUrl"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Mars"]
},
"driveType": {
"type": "string",
"enum": ["project"]
},
"driveAlias": {
"type": "string",
"enum": ["project/project-mars"]
},
"id": {
"type": "string",
"enum": ["%space_id%"]
},
"quota": {
"type": "object",
"required": [
"total"
],
"properties": {
"state": {
"type": "number",
"enum": [1000000000]
}
}
},
"root": {
"type": "object",
"required": [
"webDavUrl"
],
"properties": {
"webDavUrl": {
"type": "string",
"enum": ["%base_url%/dav/spaces/%space_id%"]
}
}
},
"webUrl": {
"type": "string",
"enum": ["%base_url%/f/%space_id%"]
}
}
}
"""
Examples:
| role |
| Admin |
| Space Admin |
Scenario Outline: An admin or space admin user can create a Space via the Graph API with certain quota
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the GraphApi
Then the HTTP status code should be "201"
And the JSON response should contain space called "Project Venus" and match
"""
{
"type": "object",
"required": [
"driveType",
"name",
"id",
"quota",
"root",
"webUrl"
],
"properties": {
"name": {
"type": "string",
"enum": ["Project Venus"]
},
"driveType": {
"type": "string",
"enum": ["project"]
},
"id": {
"type": "string",
"enum": ["%space_id%"]
},
"quota": {
"type": "object",
"required": [
"total"
],
"properties": {
"state": {
"type": "number",
"enum": [2000]
}
}
},
"root": {
"type": "object",
"required": [
"webDavUrl"
],
"properties": {
"webDavUrl": {
"type": "string",
"enum": ["%base_url%/dav/spaces/%space_id%"]
}
}
},
"webUrl": {
"type": "string",
"enum": ["%base_url%/f/%space_id%"]
}
}
}
"""
Examples:
| role |
| Admin |
| Space Admin |
Scenario: A user can list his personal space via multiple endpoints
When user "Alice" lists all available spaces via the GraphApi with query "$filter=driveType eq 'personal'"
Then the HTTP status code should be "200"
@@ -462,7 +314,7 @@ Feature: List and create spaces
Scenario Outline: A user can list his created spaces via multiple endpoints
Given the administrator has given "Alice" the role "<role>" using the settings api
When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the GraphApi
When user "Alice" creates a space "Project Venus" of type "project" with quota "2000" using the Graph API
Then the HTTP status code should be "201"
And the JSON response should contain space called "Project Venus" and match
"""

2
tests/acceptance/features/apiSpaces/restoreSpaceObjects.feature
View File

@@ -16,7 +16,7 @@ Feature: Restore files, folder
| Carol |
And using spaces DAV path
And the administrator has given "Alice" the role "Space Admin" using the settings api
And user "Alice" creates a space "restore objects" of type "project" with the default quota using the GraphApi
And user "Alice" has created a space "restore objects" with the default quota using the GraphApi
And user "Alice" has created a folder "newFolder" in space "restore objects"
And user "Alice" has uploaded a file inside space "restore objects" with content "test" to "newFolder/file.txt"

28
tests/acceptance/features/apiSpaces/restoreSpaces.feature
View File

@@ -47,7 +47,7 @@ Feature: Restoring space
| mainFolder |
Scenario: Participant can create data in the space after restoring
Scenario: participant can create data in the space after restoring
Given user "Alice" has shared a space "restore a space" with settings:
| shareWith | Brian |
| role | editor |
@@ -60,14 +60,36 @@ Feature: Restoring space
| mainFolder |
Scenario Outline: User without space manager role cannot restore space
Scenario Outline: user without space manager role cannot restore space
Given user "Alice" has shared a space "restore a space" with settings:
| shareWith | Brian |
| role | <role> |
And user "Alice" has disabled a space "restore a space"
When user "Brian" restores a disabled space "restore a space" owned by user "Alice"
When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice"
Then the HTTP status code should be "404"
Examples:
| role |
| viewer |
| editor |
Scenario Outline: user with role user and guest cannot restore space
Given the administrator has given "Brian" the role "<role>" using the settings api
And user "Alice" has disabled a space "restore a space"
When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice"
Then the HTTP status code should be "404"
Examples:
| role |
| User |
| Guest |
@issue-5872
Scenario Outline: admin and space admin can restore other space
Given the administrator has given "Brian" the role "<role>" using the settings api
And user "Alice" has disabled a space "restore a space"
When user "Brian" restores a disabled space "restore a space" owned by user "Alice"
Then the HTTP status code should be "200"
Examples:
| role |
| Admin |
| Space Admin |

4
tests/acceptance/features/bootstrap/SpacesContext.php
View File

@@ -627,7 +627,7 @@ class SpacesContext implements Context {
}
/**
* @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with the default quota using the GraphApi$/
* @When /^user "([^"]*)" (?:creates|tries to create) a space "([^"]*)" of type "([^"]*)" with the default quota using the Graph API$/
*
* @param string $user
* @param string $spaceName
@@ -658,7 +658,7 @@ class SpacesContext implements Context {
}
/**
* @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with quota "([^"]*)" using the GraphApi$/
* @When /^user "([^"]*)" creates a space "([^"]*)" of type "([^"]*)" with quota "([^"]*)" using the Graph API$/
*
* @param string $user
* @param string $spaceName