added test for user with no share role trying to reshare a resource (#8147)

2026-05-07 20:15:31 -05:00 · 2024-01-25 12:52:48 +05:45
parent 00717481f7
commit 759b443e4f
1 changed files with 106 additions and 0 deletions
@@ -123,3 +123,109 @@ Feature: Reshare a share invitation
      | Editor           | Viewer                   |
      | Editor           | Editor                   |
      | Editor           | Uploader                 |
+
+
+  Scenario: try to reshare a resource to higher roles
+    Given user "Alice" has uploaded file with content "to share" to "/textfile1.txt"
+    And user "Alice" has sent the following share invitation:
+      | resourceType    | file          |
+      | resource        | textfile1.txt |
+      | space           | Personal      |
+      | sharee          | Brian         |
+      | shareType       | user          |
+      | permissionsRole | Viewer        |
+    When user "Brian" sends the following share invitation using the Graph API:
+      | resourceType    | file          |
+      | resource        | textfile1.txt |
+      | space           | Shares        |
+      | sharee          | Carol         |
+      | shareType       | user          |
+      | permissionsRole | File Editor   |
+    Then the HTTP status code should be "403"
+    And the JSON data of the response should match
+      """
+      {
+        "type": "object",
+        "required": [
+          "error"
+        ],
+        "properties": {
+          "error": {
+            "type": "object",
+            "required": [
+              "code",
+              "message"
+            ],
+            "properties": {
+              "code": {
+                "type": "string",
+                "enum": [
+                  "accessDenied"
+                ]
+              },
+              "message": {
+                "type": "string",
+                "enum": [
+                  "insufficient permissions to create that kind of share"
+                ]
+              }
+            }
+          }
+        }
+      }
+      """
+    And for user "Carol" the space Shares should not contain these entries:
+      | textfile1.txt |
+
+
+  Scenario: user with role Uploader tries to reshare a folder
+    Given user "Alice" has created folder "FolderToShare"
+    And user "Alice" has sent the following share invitation:
+      | resourceType    | folder        |
+      | resource        | FolderToShare |
+      | space           | Personal      |
+      | sharee          | Brian         |
+      | shareType       | user          |
+      | permissionsRole | Uploader      |
+    When user "Brian" sends the following share invitation using the Graph API:
+      | resourceType    | folder        |
+      | resource        | FolderToShare |
+      | space           | Shares        |
+      | sharee          | Carol         |
+      | shareType       | user          |
+      | permissionsRole | Viewer        |
+    Then the HTTP status code should be "403"
+    And the JSON data of the response should match
+      """
+      {
+        "type": "object",
+        "required": [
+          "error"
+        ],
+        "properties": {
+          "error": {
+            "type": "object",
+            "required": [
+              "code",
+              "message"
+            ],
+            "properties": {
+              "code": {
+                "type": "string",
+                "enum": [
+                  "accessDenied"
+                ]
+              },
+              "message": {
+                "type": "string",
+                "enum": [
+                  "no permission to add grants on shared resource"
+                ]
+              }
+            }
+          }
+        }
+      }
+      """
+    And for user "Carol" the space Shares should not contain these entries:
+      | textfile1.txt |