mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-13 07:35:08 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10348 from owncloud/run-roles-with-wrapper

Browse Source 
[tests-only][full-ci] running secure viewer role with ocis wrapper instead of running ocis with GRAPH_AVAILABLE_ROLES
This commit is contained in:
Sawjan Gurung
2024-10-28 10:05:37 +05:45
committed by GitHub
parent 3b73b56db9 a780da88d1
commit 703a5264bf
17 changed files with 286 additions and 273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.drone.star
View File

@@ -2112,7 +2112,6 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
"NATS_NATS_PORT": 9233,
"OCIS_JWT_SECRET": "some-ocis-jwt-secret",
"EVENTHISTORY_STORE": "memory",
"GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6",
"OCIS_TRANSLATION_PATH": "%s/tests/config/translations" % dirs["base"],
}

2
tests/acceptance/TestHelpers/GraphHelper.php
View File

@@ -41,7 +41,7 @@ class GraphHelper {
];
public const ADDITIONAL_PERMISSIONS_ROLES = [
'Secure viewer' => 'aa97fe03-7980-45ac-9e50-b325749fd7e6',
'Secure Viewer' => 'aa97fe03-7980-45ac-9e50-b325749fd7e6',
'Space Editor Without Versions' => '3284f2d5-0070-4ad8-ac40-c247f7c1fb27',
];

4
tests/acceptance/config/behat.yml
View File

@@ -89,6 +89,7 @@ default:
- SpacesTUSContext:
- GraphContext:
- SharingNgContext:
- OcisConfigContext:
apiArchiver:
paths:
@@ -328,6 +329,7 @@ default:
- WebDavLockingContext:
- PublicWebDavContext:
- SharingNgContext:
- OcisConfigContext:
apiSharingNg1:
paths:
@@ -515,6 +517,7 @@ default:
- FilesVersionsContext:
- SettingsContext:
- SharingNgContext:
- OcisConfigContext:
coreApiShareManagementBasicToShares:
paths:
@@ -699,6 +702,7 @@ default:
- FeatureContext: *common_feature_context_params
- SharingNgContext:
- WebDavPropertiesContext:
- OcisConfigContext:
coreApiWebdavUpload:
paths:

6
tests/acceptance/expected-failures-API-on-OCIS-storage.md
View File

@@ -164,9 +164,9 @@ _ocdav: api compatibility, return correct status code_
#### [COPY file/folder to same name is possible (but 500 code error for folder with spaces path)](https://github.com/owncloud/ocis/issues/8711)
- [coreApiSharePublicLink2/copyFromPublicLink.feature:198](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink2/copyFromPublicLink.feature#L198)
- [coreApiWebdavProperties/copyFile.feature:1067](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1067)
- [coreApiWebdavProperties/copyFile.feature:1068](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1068)
- [coreApiWebdavProperties/copyFile.feature:1069](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1069)
- [coreApiWebdavProperties/copyFile.feature:1070](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1070)
- [coreApiWebdavProperties/copyFile.feature:1071](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1071)
- [coreApiWebdavProperties/copyFile.feature:1072](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavProperties/copyFile.feature#L1072)
#### [same href in REPORT request for all dav-path-version](https://github.com/owncloud/ocis/issues/7060)

14
tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
View File

@@ -87,21 +87,21 @@ The expected failures in this file are from features in the owncloud/ocis repo.
- [apiLocks/lockFiles.feature:185](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L185)
- [apiLocks/lockFiles.feature:186](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L186)
- [apiLocks/lockFiles.feature:187](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L187)
- [apiLocks/lockFiles.feature:308](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L308)
- [apiLocks/lockFiles.feature:309](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L309)
- [apiLocks/lockFiles.feature:310](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L310)
- [apiLocks/lockFiles.feature:363](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L363)
- [apiLocks/lockFiles.feature:311](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L311)
- [apiLocks/lockFiles.feature:364](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L364)
- [apiLocks/lockFiles.feature:365](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L365)
- [apiLocks/lockFiles.feature:366](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L366)
- [apiLocks/lockFiles.feature:367](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L367)
- [apiLocks/lockFiles.feature:368](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L368)
- [apiLocks/lockFiles.feature:398](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L398)
- [apiLocks/lockFiles.feature:369](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L369)
- [apiLocks/lockFiles.feature:399](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L399)
- [apiLocks/lockFiles.feature:400](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L400)
- [apiLocks/lockFiles.feature:401](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L401)
- [apiLocks/lockFiles.feature:402](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L402)
- [apiLocks/lockFiles.feature:403](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L403)
- [apiLocks/lockFiles.feature:404](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L404)
- [apiLocks/unlockFiles.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/unlockFiles.feature#L62)
- [apiLocks/unlockFiles.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/unlockFiles.feature#L63)
- [apiLocks/unlockFiles.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/unlockFiles.feature#L64)
@@ -126,18 +126,18 @@ The expected failures in this file are from features in the owncloud/ocis repo.
#### [Folders can be locked and locking works partially](https://github.com/owncloud/ocis/issues/7641)
- [apiLocks/lockFiles.feature:442](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L442)
- [apiLocks/lockFiles.feature:443](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L443)
- [apiLocks/lockFiles.feature:444](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L444)
- [apiLocks/lockFiles.feature:445](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L445)
- [apiLocks/lockFiles.feature:446](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L446)
- [apiLocks/lockFiles.feature:447](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L447)
- [apiLocks/lockFiles.feature:416](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L416)
- [apiLocks/lockFiles.feature:448](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L448)
- [apiLocks/lockFiles.feature:417](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L417)
- [apiLocks/lockFiles.feature:418](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L418)
- [apiLocks/lockFiles.feature:419](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L419)
- [apiLocks/lockFiles.feature:420](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L420)
- [apiLocks/lockFiles.feature:421](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L421)
- [apiLocks/lockFiles.feature:422](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L422)
#### [Anonymous users can unlock a file shared to them through a public link if they get the lock token](https://github.com/owncloud/ocis/issues/7761)
@@ -165,14 +165,14 @@ The expected failures in this file are from features in the owncloud/ocis repo.
#### [Anonymous user trying lock a file shared to them through a public link gives 405](https://github.com/owncloud/ocis/issues/7790)
- [apiLocks/lockFiles.feature:531](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L531)
- [apiLocks/lockFiles.feature:532](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L532)
- [apiLocks/lockFiles.feature:533](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L533)
- [apiLocks/lockFiles.feature:534](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L534)
- [apiLocks/lockFiles.feature:553](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L553)
- [apiLocks/lockFiles.feature:535](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L535)
- [apiLocks/lockFiles.feature:554](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L554)
- [apiLocks/lockFiles.feature:555](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L555)
- [apiLocks/lockFiles.feature:556](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L556)
- [apiLocks/lockFiles.feature:557](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiLocks/lockFiles.feature#L557)
#### [blocksDownload link type is not implemented yet (sharing-ng)](https://github.com/owncloud/ocis/issues/7879)

10
tests/acceptance/features/apiContract/sharesReport.feature
View File

@@ -84,9 +84,10 @@ Feature: REPORT request to Shares space
| old |
| new |
@issue-9607 @issue-10329
@issue-9607 @issue-10329 @env-config
Scenario Outline: check the REPORT response of a folder shared with secure viewer role
Given using <dav-path-version> DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has created folder "/secureFolder"
And user "Alice" has uploaded file with content "secure content" to "/secureFolder/secure.txt"
And user "Alice" has sent the following resource share invitation:
@@ -94,7 +95,7 @@ Feature: REPORT request to Shares space
| space | Personal |
| sharee | Brian |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
And user "Brian" has a share "secureFolder" synced
When user "Brian" searches for "secureFolder" using the WebDAV API
Then the HTTP status code should be "207"
@@ -125,16 +126,17 @@ Feature: REPORT request to Shares space
| new |
| spaces |
@issue-9607 @issue-10329
@issue-9607 @issue-10329 @env-config
Scenario Outline: check the REPORT response of a file shared with secure viewer role
Given using <dav-path-version> DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has uploaded file with content "secure content" to "/secure.txt"
And user "Alice" has sent the following resource share invitation:
| resource | secure.txt |
| space | Personal |
| sharee | Brian |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
And user "Brian" has a share "secure.txt" synced
When user "Brian" searches for "secure.txt" using the WebDAV API
Then the HTTP status code should be "207"

157
tests/acceptance/features/apiGraph/roleManagementEndpoint.feature
View File

@@ -14,8 +14,8 @@ Feature: permissions role definitions
"""
{
"type": "array",
"maxItems": 8,
"minItems": 8,
"maxItems": 7,
"minItems": 7,
"uniqueItems": true,
"items": {
"oneOf": [
@@ -541,78 +541,6 @@ Feature: permissions role definitions
}
}
}
},
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id",
"rolePermissions"
],
"properties": {
"@libre.graph.weight": {
"const": 0
},
"description": {
"const": "View only documents, images and PDFs. Watermarks will be applied."
},
"displayName": {
"const": "Can view (secure)"
},
"id": {
"const": "aa97fe03-7980-45ac-9e50-b325749fd7e6"
},
"rolePermissions": {
"type": "array",
"maxItems": 2,
"minItems": 2,
"uniqueItems": true,
"items": {
"oneOf": [
{
"type": "object",
"required": [
"allowedResourceActions",
"condition"
],
"properties": {
"allowedResourceActions": {
"const": [
"libre.graph/driveItem/path/read",
"libre.graph/driveItem/children/read",
"libre.graph/driveItem/basic/read"
]
},
"condition": {
"const": "exists @Resource.File"
}
}
},
{
"type": "object",
"required": [
"allowedResourceActions",
"condition"
],
"properties": {
"allowedResourceActions": {
"const": [
"libre.graph/driveItem/path/read",
"libre.graph/driveItem/children/read",
"libre.graph/driveItem/basic/read"
]
},
"condition": {
"const": "exists @Resource.Folder"
}
}
}
]
}
}
}
}
]
}
@@ -748,3 +676,84 @@ Feature: permissions role definitions
}
}
"""
@env-config
Scenario: get details of a secure viewer role definition
Given the administrator has enabled the permissions role "Secure Viewer"
When user "Alice" gets the "Secure Viewer" role definition using the Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id",
"rolePermissions"
],
"properties": {
"@libre.graph.weight": {
"const": 0
},
"description": {
"const": "View only documents, images and PDFs. Watermarks will be applied."
},
"displayName": {
"const": "Can view (secure)"
},
"id": {
"const": "aa97fe03-7980-45ac-9e50-b325749fd7e6"
},
"rolePermissions": {
"type": "array",
"maxItems": 2,
"minItems": 2,
"uniqueItems": true,
"items": {
"oneOf": [
{
"type": "object",
"required": [
"allowedResourceActions",
"condition"
],
"properties": {
"allowedResourceActions": {
"const": [
"libre.graph/driveItem/path/read",
"libre.graph/driveItem/children/read",
"libre.graph/driveItem/basic/read"
]
},
"condition": {
"const": "exists @Resource.File"
}
}
},
{
"type": "object",
"required": [
"allowedResourceActions",
"condition"
],
"properties": {
"allowedResourceActions": {
"const": [
"libre.graph/driveItem/path/read",
"libre.graph/driveItem/children/read",
"libre.graph/driveItem/basic/read"
]
},
"condition": {
"const": "exists @Resource.Folder"
}
}
}
]
}
}
}
}
"""

5
tests/acceptance/features/apiLocks/lockFiles.feature
View File

@@ -209,9 +209,10 @@ Feature: lock files
| d:lockdiscovery/d:activelock/d:lockscope/d:exclusive | |
| d:lockdiscovery/d:activelock/oc:ownername | Brian Murphy |
@env-config
Scenario Outline: viewer cannot lock a file in the shares using file-id
Given using spaces DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has uploaded a file inside space "Alice Hansen" with content "some content" to "textfile.txt"
And we save it into "FILEID"
And user "Alice" has sent the following resource share invitation:
@@ -227,7 +228,7 @@ Feature: lock files
Examples:
| permissions-role |
| Viewer |
| Secure viewer |
| Secure Viewer |
Scenario: sharee cannot lock a resource exclusively locked by a sharer

228
tests/acceptance/features/apiSharingNg1/listPermissions.feature
View File

@@ -48,8 +48,8 @@ Feature: List a sharing permissions
},
"@libre.graph.permissions.roles.allowedValues": {
"type": "array",
"minItems": 4,
"maxItems": 4,
"minItems": 3,
"maxItems": 3,
"uniqueItems": true,
"items": {
"oneOf": [
@@ -68,41 +68,6 @@ Feature: List a sharing permissions
1
]
},
"description": {
"type": "string",
"enum": [
"View only documents, images and PDFs. Watermarks will be applied."
]
},
"displayName": {
"type": "string",
"enum": [
"Can view (secure)"
]
},
"id": {
"type": "string",
"enum": [
"aa97fe03-7980-45ac-9e50-b325749fd7e6"
]
}
}
},
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"@libre.graph.weight": {
"type": "integer",
"enum": [
2
]
},
"description": {
"type": "string",
"enum": [
@@ -135,7 +100,7 @@ Feature: List a sharing permissions
"@libre.graph.weight": {
"type": "integer",
"enum": [
3
2
]
},
"description": {
@@ -170,7 +135,7 @@ Feature: List a sharing permissions
"@libre.graph.weight": {
"type": "integer",
"enum": [
4
3
]
},
"description": {
@@ -642,8 +607,8 @@ Feature: List a sharing permissions
},
"@libre.graph.permissions.roles.allowedValues": {
"type": "array",
"minItems": 3,
"maxItems": 3,
"minItems": 2,
"maxItems": 2,
"uniqueItems": true,
"items": {
"oneOf":[
@@ -659,29 +624,6 @@ Feature: List a sharing permissions
"@libre.graph.weight": {
"const": 1
},
"description": {
"const": "View only documents, images and PDFs. Watermarks will be applied."
},
"displayName": {
"const": "Can view (secure)"
},
"id": {
"const": "aa97fe03-7980-45ac-9e50-b325749fd7e6"
}
}
},
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"@libre.graph.weight": {
"const": 2
},
"description": {
"const": "View and download."
},
@@ -703,7 +645,7 @@ Feature: List a sharing permissions
],
"properties": {
"@libre.graph.weight": {
"const": 3
"const": 2
},
"description": {
"const": "View, download and edit."
@@ -768,34 +710,11 @@ Feature: List a sharing permissions
},
"@libre.graph.permissions.roles.allowedValues": {
"type": "array",
"minItems": 4,
"maxItems": 4,
"minItems": 3,
"maxItems": 3,
"uniqueItems": true,
"items": {
"oneOf":[
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"@libre.graph.weight": {
"const": 1
},
"description": {
"const": "View only documents, images and PDFs. Watermarks will be applied."
},
"displayName": {
"const": "Can view (secure)"
},
"id": {
"const": "aa97fe03-7980-45ac-9e50-b325749fd7e6"
}
}
},
{
"type": "object",
"required": [
@@ -806,7 +725,7 @@ Feature: List a sharing permissions
],
"properties": {
"@libre.graph.weight": {
"const": 2
"const": 1
},
"description": {
"const": "View and download."
@@ -829,7 +748,7 @@ Feature: List a sharing permissions
],
"properties": {
"@libre.graph.weight": {
"const": 3
"const": 2
},
"description": {
"const": "View, download and upload."
@@ -852,7 +771,7 @@ Feature: List a sharing permissions
],
"properties": {
"@libre.graph.weight": {
"const": 4
"const": 3
},
"description": {
"const": "View, download, upload, edit, add and delete."
@@ -917,8 +836,8 @@ Feature: List a sharing permissions
},
"@libre.graph.permissions.roles.allowedValues": {
"type": "array",
"minItems": 3,
"maxItems": 3,
"minItems": 2,
"maxItems": 2,
"uniqueItems": true,
"items": {
"oneOf":[
@@ -934,29 +853,6 @@ Feature: List a sharing permissions
"@libre.graph.weight": {
"const": 1
},
"description": {
"const": "View only documents, images and PDFs. Watermarks will be applied."
},
"displayName": {
"const": "Can view (secure)"
},
"id": {
"const": "aa97fe03-7980-45ac-9e50-b325749fd7e6"
}
}
},
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"@libre.graph.weight": {
"const": 2
},
"description": {
"const": "View and download."
},
@@ -978,7 +874,7 @@ Feature: List a sharing permissions
],
"properties": {
"@libre.graph.weight": {
"const": 3
"const": 2
},
"description": {
"const": "View, download and edit."
@@ -2307,3 +2203,97 @@ Feature: List a sharing permissions
}
}
"""
@env-config
Scenario: user lists permissions of a folder in personal space after enabling secure viewer role
Given user "Alice" has created folder "folder"
And the administrator has enabled the permissions role "Secure Viewer"
When user "Alice" gets permissions list for folder "folder" of the space "Personal" using the Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"@libre.graph.permissions.actions.allowedValues",
"@libre.graph.permissions.roles.allowedValues"
],
"properties": {
"@libre.graph.permissions.roles.allowedValues": {
"type": "array",
"minItems": 4,
"maxItems": 4,
"uniqueItems": true,
"items": {
"oneOf": [
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"@libre.graph.weight": {
"const": 1
},
"description": {
"const": "View only documents, images and PDFs. Watermarks will be applied."
},
"displayName": {
"const": "Can view (secure)"
},
"id": {
"const": "aa97fe03-7980-45ac-9e50-b325749fd7e6"
}
}
},
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"displayName": {
"const": "Can view"
}
}
},
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"displayName": {
"const": "Can upload"
}
}
},
{
"type": "object",
"required": [
"@libre.graph.weight",
"description",
"displayName",
"id"
],
"properties": {
"displayName": {
"const": "Can edit"
}
}
}
]
}
}
}
}
"""

4
tests/acceptance/features/apiSharingNg1/sharedByMe.feature
View File

@@ -137,7 +137,6 @@ Feature: resources shared by user
| permissions-role |
| File Editor |
| Viewer |
| Secure viewer |
Scenario: sharer lists the file share shared from inside a folder (Personal space)
@@ -382,7 +381,6 @@ Feature: resources shared by user
| permissions-role |
| Editor |
| Viewer |
| Secure viewer |
Scenario: sharer lists the file and folder shares (Personal space)
@@ -958,7 +956,6 @@ Feature: resources shared by user
| permissions-role |
| File Editor |
| Viewer |
| Secure viewer |
Scenario: sharer lists the file share shared from inside a folder (Project space)
@@ -1209,7 +1206,6 @@ Feature: resources shared by user
| permissions-role |
| Editor |
| Viewer |
| Secure viewer |
Scenario: sharer lists the file and folder shares (Project space)

4
tests/acceptance/features/apiSharingNg1/sharedWithMe.feature
View File

@@ -313,7 +313,6 @@ Feature: an user gets the resources shared to them
| permissions-role |
| File Editor |
| Viewer |
| Secure viewer |
Scenario Outline: sharee lists the folder share (Personal space)
@@ -606,7 +605,6 @@ Feature: an user gets the resources shared to them
| permissions-role |
| Editor |
| Viewer |
| Secure viewer |
Scenario: sharee lists the file share received via group invitation (Personal space)
@@ -2739,7 +2737,6 @@ Feature: an user gets the resources shared to them
| permissions-role |
| File Editor |
| Viewer |
| Secure viewer |
@issue-8027 @issue-8314
Scenario Outline: sharee lists the folder share (Project space)
@@ -2953,7 +2950,6 @@ Feature: an user gets the resources shared to them
| permissions-role |
| Editor |
| Viewer |
| Secure viewer |
Scenario: sharee lists the file share received via group invitation (Project space)

5
tests/acceptance/features/apiSpaces/filePreviews.feature
View File

@@ -61,16 +61,17 @@ Feature: Preview file in project space
| filesForUpload/testavatar.png | testavatar.png |
| filesForUpload/lorem.txt | lorem.txt |
@env-config
Scenario Outline: download preview of shared file shared via Secure viewer permission role
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has uploaded a file from "<source>" to "<destination>" via TUS inside of the space "Alice Hansen" using the WebDAV API
And user "Alice" has sent the following resource share invitation:
| resource | <destination> |
| space | Personal |
| sharee | Brian |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
And user "Brian" has a share "<destination>" synced
When user "Brian" downloads the preview of shared resource "/Shares/<destination>" with width "32" and height "32" using the WebDAV API
Then the HTTP status code should be "403"

38
tests/acceptance/features/apiSpacesDavOperation/copyByFileId.feature
View File

@@ -204,6 +204,7 @@ Feature: copying file using file id
Scenario: sharee tries to copy a file from shares space with secure viewer to personal space
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has created folder "/folder"
And user "Alice" has uploaded file with content "some data" to "/folder/test.txt"
And we save it into "FILEID"
@@ -212,7 +213,7 @@ Feature: copying file using file id
| space | Personal |
| sharee | Brian |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
And user "Brian" has a share "folder" synced
When user "Brian" copies a file "/test.txt" into "/" inside space "Personal" using file-id "<<FILEID>>"
Then the HTTP status code should be "403"
@@ -258,9 +259,10 @@ Feature: copying file using file id
| Uploader | Manager |
| Uploader | Space Editor |
@env-config
Scenario Outline: sharee tries to copy a file from shares to project space
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has enabled the permissions role "Secure Viewer"
And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API
And user "Alice" has created folder "/folder"
And user "Alice" has uploaded file with content "some data" to "/folder/test.txt"
@@ -288,9 +290,9 @@ Feature: copying file using file id
| test.txt |
Examples:
| permission-role | space-role |
| Secure viewer | Manager |
| Secure viewer | Space Viewer |
| Secure viewer | Space Editor |
| Secure Viewer | Manager |
| Secure Viewer | Space Viewer |
| Secure Viewer | Space Editor |
| Editor | Space Viewer |
| Viewer | Space Viewer |
| Uploader | Space Viewer |
@@ -335,9 +337,10 @@ Feature: copying file using file id
| Uploader | Editor |
| Uploader | Uploader |
@env-config
Scenario Outline: sharee tries to copy a file between shares space
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has created folder "/share1"
And user "Alice" has created folder "/share2"
And user "Alice" has uploaded file with content "some data" to "/share1/test.txt"
@@ -368,16 +371,16 @@ Feature: copying file using file id
| test.txt |
Examples:
| from-share-role | to-share-role |
| Secure viewer | Viewer |
| Secure viewer | Editor |
| Secure viewer | Uploader |
| Secure viewer | Secure viewer |
| Secure Viewer | Viewer |
| Secure Viewer | Editor |
| Secure Viewer | Uploader |
| Secure Viewer | Secure Viewer |
| Viewer | Viewer |
| Editor | Viewer |
| Uploader | Viewer |
| Viewer | Secure viewer |
| Editor | Secure viewer |
| Uploader | Secure viewer |
| Viewer | Secure Viewer |
| Editor | Secure Viewer |
| Uploader | Secure Viewer |
Scenario Outline: copy a file from project to personal space
@@ -507,9 +510,10 @@ Feature: copying file using file id
| Space Viewer | Editor |
| Space Viewer | Uploader |
@env-config
Scenario Outline: try to copy a file from project to shares space with read permission
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has enabled the permissions role "Secure Viewer"
And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API
And user "Alice" has created a space "project-space" with the default quota using the Graph API
And user "Alice" has uploaded a file inside space "project-space" with content "some data" to "textfile.txt"
@@ -538,8 +542,8 @@ Feature: copying file using file id
Examples:
| space-role | permissions |
| Manager | Viewer |
| Manager | Secure viewer |
| Manager | Secure Viewer |
| Space Editor | Viewer |
| Space Editor | Secure viewer |
| Space Editor | Secure Viewer |
| Space Viewer | Viewer |
| Space Viewer | Secure viewer |
| Space Viewer | Secure Viewer |

23
tests/acceptance/features/apiSpacesShares/copySpaces.feature
View File

@@ -268,9 +268,10 @@ Feature: copy file
| Editor |
| Viewer |
@issue-9482
@issue-9482 @env-config
Scenario: user copies a file from share space with secure viewer role to personal space
Given the administrator has assigned the role "Space Admin" to user "Brian" using the Graph API
And the administrator has enabled the permissions role "Secure Viewer"
And user "Brian" has created folder "/testshare"
And user "Brian" has uploaded file with content "testshare content" to "/testshare/testshare.txt"
And user "Brian" has sent the following resource share invitation:
@@ -278,7 +279,7 @@ Feature: copy file
| space | Personal |
| sharee | Alice |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
When user "Alice" copies file "/testshare/testshare.txt" from space "Shares" to "/testshare.txt" inside space "Personal" using the WebDAV API
Then the HTTP status code should be "403"
And for user "Alice" the space "Personal" should not contain these entries:
@@ -314,9 +315,10 @@ Feature: copy file
| Space Editor | Editor |
| Space Editor | Viewer |
@issue-9482
@issue-9482 @env-config
Scenario Outline: user copies a file from share space with secure viewer role to project space with different role
Given the administrator has assigned the role "Space Admin" to user "Brian" using the Graph API
And the administrator has enabled the permissions role "Secure Viewer"
And user "Brian" has created a space "Project" with the default quota using the Graph API
And user "Brian" has sent the following space share invitation:
| space | Project |
@@ -330,7 +332,7 @@ Feature: copy file
| space | Personal |
| sharee | Alice |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
When user "Alice" copies file "/testshare/testshare.txt" from space "Shares" to "/testshare.txt" inside space "Project" using the WebDAV API
Then the HTTP status code should be "403"
And for user "Alice" the space "Project" should not contain these entries:
@@ -399,10 +401,11 @@ Feature: copy file
| Editor |
| Viewer |
@issue-9482
Scenario Outline: user copies a file from share space with different role to share space with role viewer or Secure viewer
@issue-9482 @env-config
Scenario Outline: user copies a file from share space with different role to share space with role viewer or Secure Viewer
Given user "Brian" has created folder "/testshare1"
And user "Brian" has created folder "/testshare2"
And the administrator has enabled the permissions role "Secure Viewer"
And user "Brian" has uploaded file with content "testshare1 content" to "/testshare1/testshare1.txt"
And user "Brian" has sent the following resource share invitation:
| resource | testshare1 |
@@ -425,11 +428,11 @@ Feature: copy file
Examples:
| permissions-role-1 | permissions-role-2 |
| Editor | Viewer |
| Editor | Secure viewer |
| Editor | Secure Viewer |
| Viewer | Viewer |
| Viewer | Secure viewer |
| Secure viewer | Viewer |
| Secure viewer | Secure viewer |
| Viewer | Secure Viewer |
| Secure Viewer | Viewer |
| Secure Viewer | Secure Viewer |
Scenario Outline: copying a folder within the same project space with different role

10
tests/acceptance/features/apiSpacesShares/shareOperations.feature
View File

@@ -404,23 +404,25 @@ Feature: sharing
| Editor |
| Uploader |
@env-config
Scenario: sharee cannot download file shared with Secure viewer permission by sharee
Given using old DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has uploaded file with content "hello world" to "textfile.txt"
And user "Alice" has sent the following resource share invitation:
| resource | textfile.txt |
| space | Personal |
| sharee | Brian |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
And user "Brian" has a share "textfile.txt" synced
And user "Brian" downloads file "/Shares/textfile.txt" using the WebDAV API
Then the HTTP status code should be "403"
@env-config
Scenario: sharee cannot download file inside folder shared with Secure viewer permission by sharee
Given using old DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has created folder "FolderToShare"
And user "Alice" has uploaded file with content "hello world" to "FolderToShare/textfile.txt"
And user "Alice" has sent the following resource share invitation:
@@ -428,7 +430,7 @@ Feature: sharing
| space | Personal |
| sharee | Brian |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
And user "Brian" has a share "FolderToShare" synced
And user "Brian" downloads file "/Shares/FolderToShare/textfile.txt" using the WebDAV API
Then the HTTP status code should be "403"

17
tests/acceptance/features/coreApiShareManagementToShares/moveReceivedShare.feature
View File

@@ -88,9 +88,10 @@ Feature: sharing
| dav-path | dav-path-personal |
| /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% |
@issue-8242 @issue-10334
@issue-8242 @issue-10334 @env-config
Scenario Outline: share receiver renames the shared item (old/new webdav)
Given user "Alice" has uploaded file with content "foo" to "/sharefile.txt"
And the administrator has enabled the permissions role "Secure Viewer"
And using <dav-path-version> DAV path
And user "Alice" has sent the following resource share invitation:
| resource | sharefile.txt |
@@ -126,13 +127,14 @@ Feature: sharing
Examples:
| dav-path-version | dav-path | permissions-role |
| old | /webdav | Viewer |
| old | /webdav | Secure viewer |
| old | /webdav | Secure Viewer |
| new | /dav/files/%username% | Viewer |
| new | /dav/files/%username% | Secure viewer |
| new | /dav/files/%username% | Secure Viewer |
@issue-8242
@issue-8242 @env-config
Scenario Outline: share receiver renames the shared item (spaces webdav)
Given user "Alice" has uploaded file with content "foo" to "/sharefile.txt"
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has sent the following resource share invitation:
| resource | sharefile.txt |
| space | Personal |
@@ -168,7 +170,7 @@ Feature: sharing
Examples:
| dav-path | dav-path-personal | permissions-role |
| /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% | Viewer |
| /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% | Secure viewer |
| /dav/spaces/%shares_drive_id% | /dav/spaces/%spaceid% | Secure Viewer |
Scenario: keep group share when the one user renames the share and the user is deleted
@@ -209,9 +211,10 @@ Feature: sharing
And as "Alice" file "/folderToShare/renamedFile" should exist
But as "Alice" file "/folderToShare/fileInside" should not exist
@env-config
Scenario Outline: receiver tries to rename a received share with read permissions inside the Shares folder
Given user "Alice" has created folder "folderToShare"
And the administrator has enabled the permissions role "Secure Viewer"
And user "Alice" has created folder "folderToShare/folderInside"
And user "Alice" has uploaded file with content "thisIsAFileInsideTheSharedFolder" to "/folderToShare/fileInside"
And user "Alice" has sent the following resource share invitation:
@@ -236,7 +239,7 @@ Feature: sharing
Examples:
| permissions-role |
| Viewer |
| Secure viewer |
| Secure Viewer |
Scenario: receiver renames a received folder share to a different name on the same folder

31
tests/acceptance/features/coreApiWebdavProperties/copyFile.feature
View File

@@ -48,9 +48,10 @@ Feature: copy file
| new |
| spaces |
@skipOnReva
@skipOnReva @env-config
Scenario Outline: copying a file to a folder with no permissions
Given using <dav-path-version> DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Brian" has been created with default attributes and without skeleton files
And user "Brian" has created folder "/testshare"
And user "Brian" has sent the following resource share invitation:
@@ -67,8 +68,8 @@ Feature: copy file
| dav-path-version | permissions-role |
| old | Viewer |
| new | Viewer |
| old | Secure viewer |
| new | Secure viewer |
| old | Secure Viewer |
| new | Secure Viewer |
@skipOnReva
Scenario Outline: copying a file to overwrite a file into a folder with no permissions
@@ -761,9 +762,10 @@ Feature: copy file
| old |
| new |
@skipOnReva
@skipOnReva @env-config
Scenario Outline: sharee copies a file from a shared folder, shared with secure viewer permission
Given using <dav-path-version> DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Brian" has been created with default attributes and without skeleton files
And user "Brian" has created folder "/testshare"
And user "Brian" has uploaded file with content "hello world" to "testshare/fileInsideShare.txt"
@@ -772,7 +774,7 @@ Feature: copy file
| space | Personal |
| sharee | Alice |
| shareType | user |
| permissionsRole | Secure viewer |
| permissionsRole | Secure Viewer |
And user "Alice" has a share "testshare" synced
When user "Alice" copies file "/Shares/testshare/fileInsideShare.txt" to "/fileInsideShare.txt" using the WebDAV API
Then the HTTP status code should be "403"
@@ -861,9 +863,10 @@ Feature: copy file
| old |
| new |
@skipOnReva
@skipOnReva @env-config
Scenario Outline: copying a file between shares received from different users when one share is shared via Viewer and Secure viewer permission
Given using <dav-path-version> DAV path
And the administrator has enabled the permissions role "Secure Viewer"
And user "Brian" has been created with default attributes and without skeleton files
And user "Carol" has been created with default attributes and without skeleton files
And user "Brian" has created folder "/testshare0"
@@ -893,14 +896,14 @@ Feature: copy file
Examples:
| dav-path-version | permissions-role-1 | permissions-role-2 |
| old | Secure viewer | Secure viewer |
| new | Secure viewer | Secure viewer |
| old | Secure viewer | Viewer |
| new | Secure viewer | Viewer |
| old | Editor | Secure viewer |
| new | Editor | Secure viewer |
| old | Viewer | Secure viewer |
| new | Viewer | Secure viewer |
| old | Secure Viewer | Secure Viewer |
| new | Secure Viewer | Secure Viewer |
| old | Secure Viewer | Viewer |
| new | Secure Viewer | Viewer |
| old | Editor | Secure Viewer |
| new | Editor | Secure Viewer |
| old | Viewer | Secure Viewer |
| new | Viewer | Secure Viewer |
@skipOnReva
Scenario Outline: copying a folder between shares received from different users