[tests-only][full-ci] Api test for user trying to set own personal space quota (#5979)

* api test for user trying to set their own personal space quota * removed duplicate scenarios for set quota * updated expected scenario * fix wrong status code * updated expected failure scenario after wrong status code fix --------- Co-authored-by: Michael Barz <mbarz@owncloud.com>
2026-01-08 21:30:07 -06:00 · 2023-04-04 12:41:34 +05:45
parent aec511a4e6
commit 7baac4f050
4 changed files with 68 additions and 117 deletions
--- a/services/graph/pkg/service/v0/drives.go
+++ b/services/graph/pkg/service/v0/drives.go
@@ -433,7 +433,7 @@ func (g Graph) UpdateDrive(w http.ResponseWriter, r *http.Request) {
 			logger.Debug().
 				Bool("cansetspacequota", canSetSpaceQuota).
 				Msg("could not update drive: user is not allowed to set the space quota")
-			errorcode.NotAllowed.Render(w, r, http.StatusUnauthorized, "user is not allowed to set the space quota")
+			errorcode.NotAllowed.Render(w, r, http.StatusForbidden, "user is not allowed to set the space quota")
 			return
 		}
 		updateSpaceRequest.StorageSpace.Quota = &storageprovider.Quota{
--- a/tests/acceptance/features/apiSpaces/changeSpaces.feature
+++ b/tests/acceptance/features/apiSpaces/changeSpaces.feature
@@ -127,8 +127,8 @@ Feature: Change data of space
    Examples:
      | user  | code | expectedQuataValue |
      | Alice | 200  | 100                |
-      | Brian | 401  | 20                 |
-      | Bob   | 401  | 20                 |
+      | Brian | 403  | 20                 |
+      | Bob   | 403  | 20                 |


  Scenario Outline: An space admin user set no restriction quota of a Space via the Graph API
--- a/tests/acceptance/features/apiSpaces/setQuota.feature
+++ b/tests/acceptance/features/apiSpaces/setQuota.feature
@@ -51,7 +51,7 @@ Feature: Set quota
    Given the administrator has given "Alice" the role "<role>" using the settings api
    And the administrator has given "Brian" the role "<userRole>" using the settings api
    When user "Alice" changes the quota of the "Brian Murphy" space to "100" owned by user "Brian"
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
    And for user "Brian" the JSON response should contain space called "Brian Murphy" and match
    """
    {
@@ -139,7 +139,7 @@ Feature: Set quota
      | shareWith | Brian       |
      | role      | <spaceRole> |
    When user "Brian" changes the quota of the "Project Jupiter" space to "100"
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
    And for user "Alice" the JSON response should contain space called "Project Jupiter" and match
    """
    {
@@ -176,3 +176,66 @@ Feature: Set quota
      | Guest    | viewer    |
      | Guest    | editor    |
      | Guest    | manager   |
+
+
+  Scenario: admin user can set their own personal space quota
+    Given the administrator has given "Alice" the role "Admin" using the settings api
+    When user "Alice" changes the quota of the "Alice Hansen" space to "100" owned by user "Alice"
+    Then the HTTP status code should be "200"
+    And for user "Alice" the JSON response should contain space called "Alice Hansen" and match
+    """
+    {
+      "type": "object",
+      "required": [
+        "quota"
+      ],
+      "properties": {
+        "quota": {
+          "type": "object",
+          "required": [
+            "total"
+          ],
+          "properties": {
+            "total" : {
+              "type": "number",
+              "enum": [100]
+            }
+          }
+        }
+      }
+    }
+    """
+
+
+  Scenario Outline: non-admin user tries to set their own personal space quota
+    Given the administrator has given "Alice" the role "<userRole>" using the settings api
+    When user "Alice" changes the quota of the "Alice Hansen" space to "100" owned by user "Alice"
+    Then the HTTP status code should be "403"
+    And for user "Alice" the JSON response should contain space called "Alice Hansen" and match
+    """
+    {
+      "type": "object",
+      "required": [
+        "quota"
+      ],
+      "properties": {
+        "quota": {
+          "type": "object",
+          "required": [
+            "total"
+          ],
+          "properties": {
+            "total" : {
+              "type": "number",
+              "enum": [0]
+            }
+          }
+        }
+      }
+    }
+    """
+    Examples:
+      | userRole    |
+      | Space Admin |
+      | User        |
+      | Guest       |
--- a/tests/acceptance/features/apiSpaces/spaceManagement.feature
+++ b/tests/acceptance/features/apiSpaces/spaceManagement.feature
@@ -89,118 +89,6 @@ Feature: Space management
    And the json responded should not contain a space with name "Project"
    And the json responded should not contain a space with name "Alice Hansen"

-
-  Scenario: The space admin user changes the quota of the project space
-    When user "Brian" changes the quota of the "Project" space to "20" owned by user "Alice"
-    Then the HTTP status code should be "200"
-    And for user "Alice" the JSON response should contain space called "Project" and match
-    """
-    {
-      "type": "object",
-      "required": [
-        "quota"
-      ],
-      "properties": {
-        "quota": {
-           "type": "object",
-           "required": [
-            "total"
-           ],
-           "properties": {
-              "total": {
-                "type": "number",
-                "enum": [20]
-              }
-           }
-        }
-      }
-    }
-    """
-
-
-  Scenario: The user without space admin permissions tries to change the quota of the project space
-    When user "Carol" tries to change the quota of the "Project" space to "20" owned by user "Alice"
-    Then the HTTP status code should be "401"
-    And for user "Alice" the JSON response should contain space called "Project" and match
-    """
-    {
-      "type": "object",
-      "required": [
-        "quota"
-      ],
-      "properties": {
-        "quota": {
-           "type": "object",
-           "required": [
-            "total"
-           ],
-           "properties": {
-              "total": {
-                "type": "number",
-                "enum": [10]
-              }
-           }
-        }
-      }
-    }
-    """
-
-
-  Scenario: The space admin user tries to change the quota of the personal space
-    When user "Brian" tries to change the quota of the "Alice Hansen" space to "20" owned by user "Alice"
-    Then the HTTP status code should be "401"
-    And for user "Alice" the JSON response should contain space called "Project" and match
-    """
-    {
-      "type": "object",
-      "required": [
-        "quota"
-      ],
-      "properties": {
-        "quota": {
-           "type": "object",
-           "required": [
-            "total"
-           ],
-           "properties": {
-              "total": {
-                "type": "number",
-                "enum": [10]
-              }
-           }
-        }
-      }
-    }
-    """
-
-
-  Scenario: The user without space admin permissions tries to change the quota of the personal space
-    When user "Carol" tries to change the quota of the "Alice Hansen" space to "20" owned by user "Alice"
-    Then the HTTP status code should be "401"
-    And for user "Alice" the JSON response should contain space called "Project" and match
-    """
-    {
-      "type": "object",
-      "required": [
-        "quota"
-      ],
-      "properties": {
-        "quota": {
-           "type": "object",
-           "required": [
-            "total"
-           ],
-           "properties": {
-              "total": {
-                "type": "number",
-                "enum": [10]
-              }
-           }
-        }
-      }
-    }
-    """
-
  @skipOnStable2.0
  Scenario: The space admin user changes the name of the project space
    When user "Brian" changes the name of the "Project" space to "New Name" owned by user "Alice"