From 7baac4f050a2fb57979c291b03acf578720d5bc2 Mon Sep 17 00:00:00 2001 From: Prajwol Amatya <83579989+PrajwolAmatya@users.noreply.github.com> Date: Tue, 4 Apr 2023 12:41:34 +0545 Subject: [PATCH] [tests-only][full-ci] Api test for user trying to set own personal space quota (#5979) * api test for user trying to set their own personal space quota * removed duplicate scenarios for set quota * updated expected scenario * fix wrong status code * updated expected failure scenario after wrong status code fix --------- Co-authored-by: Michael Barz --- services/graph/pkg/service/v0/drives.go | 2 +- .../features/apiSpaces/changeSpaces.feature | 4 +- .../features/apiSpaces/setQuota.feature | 67 ++++++++++- .../apiSpaces/spaceManagement.feature | 112 ------------------ 4 files changed, 68 insertions(+), 117 deletions(-) diff --git a/services/graph/pkg/service/v0/drives.go b/services/graph/pkg/service/v0/drives.go index 4e80fb5cdc..914167f8e9 100644 --- a/services/graph/pkg/service/v0/drives.go +++ b/services/graph/pkg/service/v0/drives.go @@ -433,7 +433,7 @@ func (g Graph) UpdateDrive(w http.ResponseWriter, r *http.Request) { logger.Debug(). Bool("cansetspacequota", canSetSpaceQuota). Msg("could not update drive: user is not allowed to set the space quota") - errorcode.NotAllowed.Render(w, r, http.StatusUnauthorized, "user is not allowed to set the space quota") + errorcode.NotAllowed.Render(w, r, http.StatusForbidden, "user is not allowed to set the space quota") return } updateSpaceRequest.StorageSpace.Quota = &storageprovider.Quota{ diff --git a/tests/acceptance/features/apiSpaces/changeSpaces.feature b/tests/acceptance/features/apiSpaces/changeSpaces.feature index e501722920..6780147949 100644 --- a/tests/acceptance/features/apiSpaces/changeSpaces.feature +++ b/tests/acceptance/features/apiSpaces/changeSpaces.feature @@ -127,8 +127,8 @@ Feature: Change data of space Examples: | user | code | expectedQuataValue | | Alice | 200 | 100 | - | Brian | 401 | 20 | - | Bob | 401 | 20 | + | Brian | 403 | 20 | + | Bob | 403 | 20 | Scenario Outline: An space admin user set no restriction quota of a Space via the Graph API diff --git a/tests/acceptance/features/apiSpaces/setQuota.feature b/tests/acceptance/features/apiSpaces/setQuota.feature index 4bf9aaeebe..aff2933bc0 100644 --- a/tests/acceptance/features/apiSpaces/setQuota.feature +++ b/tests/acceptance/features/apiSpaces/setQuota.feature @@ -51,7 +51,7 @@ Feature: Set quota Given the administrator has given "Alice" the role "" using the settings api And the administrator has given "Brian" the role "" using the settings api When user "Alice" changes the quota of the "Brian Murphy" space to "100" owned by user "Brian" - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And for user "Brian" the JSON response should contain space called "Brian Murphy" and match """ { @@ -139,7 +139,7 @@ Feature: Set quota | shareWith | Brian | | role | | When user "Brian" changes the quota of the "Project Jupiter" space to "100" - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And for user "Alice" the JSON response should contain space called "Project Jupiter" and match """ { @@ -176,3 +176,66 @@ Feature: Set quota | Guest | viewer | | Guest | editor | | Guest | manager | + + + Scenario: admin user can set their own personal space quota + Given the administrator has given "Alice" the role "Admin" using the settings api + When user "Alice" changes the quota of the "Alice Hansen" space to "100" owned by user "Alice" + Then the HTTP status code should be "200" + And for user "Alice" the JSON response should contain space called "Alice Hansen" and match + """ + { + "type": "object", + "required": [ + "quota" + ], + "properties": { + "quota": { + "type": "object", + "required": [ + "total" + ], + "properties": { + "total" : { + "type": "number", + "enum": [100] + } + } + } + } + } + """ + + + Scenario Outline: non-admin user tries to set their own personal space quota + Given the administrator has given "Alice" the role "" using the settings api + When user "Alice" changes the quota of the "Alice Hansen" space to "100" owned by user "Alice" + Then the HTTP status code should be "403" + And for user "Alice" the JSON response should contain space called "Alice Hansen" and match + """ + { + "type": "object", + "required": [ + "quota" + ], + "properties": { + "quota": { + "type": "object", + "required": [ + "total" + ], + "properties": { + "total" : { + "type": "number", + "enum": [0] + } + } + } + } + } + """ + Examples: + | userRole | + | Space Admin | + | User | + | Guest | diff --git a/tests/acceptance/features/apiSpaces/spaceManagement.feature b/tests/acceptance/features/apiSpaces/spaceManagement.feature index f15089bd1e..b51ffd16d8 100644 --- a/tests/acceptance/features/apiSpaces/spaceManagement.feature +++ b/tests/acceptance/features/apiSpaces/spaceManagement.feature @@ -89,118 +89,6 @@ Feature: Space management And the json responded should not contain a space with name "Project" And the json responded should not contain a space with name "Alice Hansen" - - Scenario: The space admin user changes the quota of the project space - When user "Brian" changes the quota of the "Project" space to "20" owned by user "Alice" - Then the HTTP status code should be "200" - And for user "Alice" the JSON response should contain space called "Project" and match - """ - { - "type": "object", - "required": [ - "quota" - ], - "properties": { - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "total": { - "type": "number", - "enum": [20] - } - } - } - } - } - """ - - - Scenario: The user without space admin permissions tries to change the quota of the project space - When user "Carol" tries to change the quota of the "Project" space to "20" owned by user "Alice" - Then the HTTP status code should be "401" - And for user "Alice" the JSON response should contain space called "Project" and match - """ - { - "type": "object", - "required": [ - "quota" - ], - "properties": { - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "total": { - "type": "number", - "enum": [10] - } - } - } - } - } - """ - - - Scenario: The space admin user tries to change the quota of the personal space - When user "Brian" tries to change the quota of the "Alice Hansen" space to "20" owned by user "Alice" - Then the HTTP status code should be "401" - And for user "Alice" the JSON response should contain space called "Project" and match - """ - { - "type": "object", - "required": [ - "quota" - ], - "properties": { - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "total": { - "type": "number", - "enum": [10] - } - } - } - } - } - """ - - - Scenario: The user without space admin permissions tries to change the quota of the personal space - When user "Carol" tries to change the quota of the "Alice Hansen" space to "20" owned by user "Alice" - Then the HTTP status code should be "401" - And for user "Alice" the JSON response should contain space called "Project" and match - """ - { - "type": "object", - "required": [ - "quota" - ], - "properties": { - "quota": { - "type": "object", - "required": [ - "total" - ], - "properties": { - "total": { - "type": "number", - "enum": [10] - } - } - } - } - } - """ - @skipOnStable2.0 Scenario: The space admin user changes the name of the project space When user "Brian" changes the name of the "Project" space to "New Name" owned by user "Alice"