Merge pull request #5579 from owncloud/add-assignRole-using-graph-api

[tests-only][full-ci]Add api tests to assign role using graph api

tests/TestHelpers/GraphHelper.php

@@ -1129,4 +1129,67 @@ class GraphHelper {
 			self::getRequestHeaders()
 		);
 	}
+
+	/**
+	 * @param string $baseUrl
+	 * @param string $xRequestId
+	 * @param string $user
+	 * @param string $password
+	 * @param string $appRoleId
+	 * @param string $applicationId
+	 * @param string $userId
+	 *
+	 * @return ResponseInterface
+	 * @throws GuzzleException
+	 */
+	public static function assignRole(
+		string $baseUrl,
+		string $xRequestId,
+		string $user,
+		string $password,
+		string $appRoleId,
+		string $applicationId,
+		string $userId
+	): ResponseInterface {
+		$url = self::getFullUrl($baseUrl, 'users/' . $userId . '/appRoleAssignments');
+		$payload['principalId'] = $userId;
+		$payload['appRoleId'] = $appRoleId;
+		$payload['resourceId'] = $applicationId;
+		return HttpRequestHelper::sendRequest(
+			$url,
+			$xRequestId,
+			"POST",
+			$user,
+			$password,
+			self::getRequestHeaders(),
+			\json_encode($payload)
+		);
+	}
+
+	/**
+	 * @param string $baseUrl
+	 * @param string $xRequestId
+	 * @param string $user
+	 * @param string $password
+	 * @param string $userId
+	 *
+	 * @return ResponseInterface
+	 * @throws GuzzleException
+	 */
+	public static function getAssignedRole(
+		string $baseUrl,
+		string $xRequestId,
+		string $user,
+		string $password,
+		string $userId
+	): ResponseInterface {
+		$url = self::getFullUrl($baseUrl, 'users/' . $userId . '/appRoleAssignments');
+		return HttpRequestHelper::get(
+			$url,
+			$xRequestId,
+			$user,
+			$password,
+			self::getRequestHeaders()
+		);
+	}
 }

tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md

@@ -48,6 +48,9 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 ### [Settings service user can list other peoples assignments](https://github.com/owncloud/ocis/issues/5032)
 - [apiAccountsHashDifficulty/assignRole.feature:27](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L27)
 - [apiAccountsHashDifficulty/assignRole.feature:28](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L28)
+- [apiGraph/assignRole.feature:31](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/assignRole.feature#L31)
+- [apiGraph/assignRole.feature:32](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/assignRole.feature#L32)
+- [apiGraph/assignRole.feature:33](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/assignRole.feature#L33)
 
 ### [Group having percentage (%) can be created but cannot be GET](https://github.com/owncloud/ocis/issues/5083)
 - [apiGraph/deleteGroup.feature:49](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L49)

tests/acceptance/features/apiGraph/assignRole.feature

@@ -0,0 +1,33 @@
+@api
+Feature: assign role
+  As an admin,
+  I want to assign roles to users.
+  So that users without an admin role cannot get the list of roles, assignments list and assign roles to users
+
+
+  Scenario Outline: assign role to the user using graph api
+    Given user "Alice" has been created with default attributes and without skeleton files
+    And the administrator has assigned the role "<userRole>" to user "Alice" using the Graph API
+    When the administrator retrieves the assigned role of user "Alice" using the Graph API
+    Then the HTTP status code should be "200"
+    And the Graph API response should have the role "<userRole>"
+    Examples:
+      | userRole    |
+      | Admin       |
+      | Space Admin |
+      | User        |
+      | Guest       |
+
+  @issue-5032
+  Scenario Outline: assign role to the user with graph api and list role with setting api
+    Given user "Alice" has been created with default attributes and without skeleton files
+    And the administrator has assigned the role "<userRole>" to user "Alice" using the Graph API
+    When user "Alice" tries to get list of assignment
+    Then the HTTP status code should be "<statusCode>"
+    And the setting API response should have the role "<userRole>"
+    Examples:
+      | userRole    | statusCode |
+      | Admin       | 201        |
+      | Space Admin | 401        |
+      | User        | 401        |
+      | Guest       | 401        |

tests/acceptance/features/bootstrap/GraphContext.php

@@ -28,6 +28,13 @@ class GraphContext implements Context {
 	 */
 	private FeatureContext $featureContext;
 
+	/**
+	 * application Entity
+	 *
+	 * @var array
+	 */
+	private $appEntity = [];
+
 	/**
 	 * This will run before EVERY scenario.
 	 * It will set the properties for this object.
@@ -1631,4 +1638,92 @@ class GraphContext implements Context {
 		);
 		$this->featureContext->setResponse($response);
 	}
+
+	/**
+	 * @Given /^the administrator has assigned the role "([^"]*)" to user "([^"]*)" using the Graph API$/
+	 *
+	 * @param string $role
+	 * @param string $user
+	 *
+	 * @return void
+	 *
+	 * @throws GuzzleException
+	 * @throws Exception
+	 */
+	public function theAdministratorHasGivenTheRoleUsingTheGraphApi(string $role, string $user): void {
+		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $user;
+
+		if (empty($this->appEntity)) {
+			$applicationEntity = (
+				$this->featureContext->getJsonDecodedResponse(
+					GraphHelper::getApplications(
+						$this->featureContext->getBaseUrl(),
+						$this->featureContext->getStepLineRef(),
+						$this->featureContext->getAdminUsername(),
+						$this->featureContext->getAdminPassword(),
+					)
+				)
+			)['value'][0];
+			$this->appEntity["id"] = $applicationEntity["id"];
+			foreach ($applicationEntity["appRoles"] as $value) {
+				$this->appEntity["appRoles"][$value['displayName']] = $value['id'];
+			}
+		}
+
+		$response = GraphHelper::assignRole(
+			$this->featureContext->getBaseUrl(),
+			$this->featureContext->getStepLineRef(),
+			$this->featureContext->getAdminUsername(),
+			$this->featureContext->getAdminPassword(),
+			$this->appEntity["appRoles"][$role],
+			$this->appEntity["id"],
+			$userId
+		);
+		Assert::assertEquals(
+			201,
+			$response->getStatusCode(),
+			__METHOD__
+			. "\nExpected status code '200' but got '" . $response->getStatusCode() . "'"
+		);
+	}
+
+	/**
+	 * @When /^the administrator retrieves the assigned role of user "([^"]*)" using the Graph API$/
+	 *
+	 * @param string $user
+	 *
+	 * @return void
+	 * @throws GuzzleException
+	 */
+	public function userRetrievesAssignedRoleUsingTheGraphApi(string $user): void {
+		$admin = $this->featureContext->getAdminUserName();
+		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $user;
+		$this->featureContext->setResponse(
+			GraphHelper::getAssignedRole(
+				$this->featureContext->getBaseUrl(),
+				$this->featureContext->getStepLineRef(),
+				$admin,
+				$this->featureContext->getPasswordForUser($admin),
+				$userId
+			)
+		);
+	}
+
+	/**
+	 * @Then /^the Graph API response should have the role "([^"]*)"$/
+	 *
+	 * @param string $role
+	 *
+	 * @return void
+	 * @throws Exception
+	 */
+	public function theGraphApiResponseShouldHaveTheRole(string $role): void {
+		$response = $this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse())['value'][0];
+		Assert::assertEquals(
+			$this->appEntity["appRoles"][$role],
+			$response['appRoleId'],
+			__METHOD__
+			. "\nExpected rolId for role '$role'' to be '" . $this->appEntity["appRoles"][$role] . "' but got '" . $response['appRoleId'] . "'"
+		);
+	}
 }

tests/acceptance/features/bootstrap/RoleAssignmentContext.php

@@ -127,8 +127,7 @@ class RoleAssignmentContext implements Context {
 	public function theAdministratorHasGivenUserTheRole(string $user, string $role): void {
 		$admin = $this->featureContext->getAdminUserName();
 		$roleId = $this->userGetRoleIdByRoleName($admin, $role);
-		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id');
+		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $user;
-		$userId = $userId ?? $user;
 		$this->setRoleToUser($admin, $userId, $roleId);
 	}
 
@@ -239,7 +238,7 @@ class RoleAssignmentContext implements Context {
 	}
 
 	/**
-	 * @When /^user "([^"]*)" should have the role "([^"]*)"$/
+	 * @Then /^user "([^"]*)" should have the role "([^"]*)"$/
 	 *
 	 * @param string $user
 	 * @param string $role
@@ -256,4 +255,18 @@ class RoleAssignmentContext implements Context {
 		$assignmentRoleId = \json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR)["assignments"][0]["roleId"];
 		Assert::assertEquals($this->userGetRoleIdByRoleName($this->featureContext->getAdminUserName(), $role), $assignmentRoleId, "user $user has no role $role");
 	}
+
+	/**
+	 * @Then /^the setting API response should have the role "([^"]*)"$/
+	 *
+	 * @param string $role
+	 *
+	 * @return void
+	 *
+	 * @throws Exception
+	 */
+	public function theSettingApiResponseShouldHaveTheRole(string $role): void {
+		$assignmentRoleId = $this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse())["assignments"][0]["roleId"];
+		Assert::assertEquals($this->userGetRoleIdByRoleName($this->featureContext->getAdminUserName(), $role), $assignmentRoleId, "user has no role $role");
+	}
 }