diff --git a/tests/acceptance/TestHelpers/GraphHelper.php b/tests/acceptance/TestHelpers/GraphHelper.php index acde3dca4..b00377c9f 100644 --- a/tests/acceptance/TestHelpers/GraphHelper.php +++ b/tests/acceptance/TestHelpers/GraphHelper.php @@ -1700,6 +1700,7 @@ class GraphHelper { * @param string $password * @param string $spaceId * @param string $itemId + * @param string|null $query * * @return ResponseInterface * @throws GuzzleException @@ -1710,9 +1711,14 @@ class GraphHelper { string $user, string $password, string $spaceId, - string $itemId + string $itemId, + ?string $query = null ): ResponseInterface { $url = self::getBetaFullUrl($baseUrl, "drives/$spaceId/items/$itemId/permissions"); + if (!empty($query)) { + $url .= "?$query"; + } + return HttpRequestHelper::get( $url, $xRequestId, diff --git a/tests/acceptance/TestHelpers/HttpRequestHelper.php b/tests/acceptance/TestHelpers/HttpRequestHelper.php index d6b42c5f5..39b92136f 100644 --- a/tests/acceptance/TestHelpers/HttpRequestHelper.php +++ b/tests/acceptance/TestHelpers/HttpRequestHelper.php @@ -251,7 +251,6 @@ class HttpRequestHelper { \sleep(1); } } while ($loopAgain); - return $response; } diff --git a/tests/acceptance/bootstrap/SharingNgContext.php b/tests/acceptance/bootstrap/SharingNgContext.php index 9396a30f8..d18d6abc6 100644 --- a/tests/acceptance/bootstrap/SharingNgContext.php +++ b/tests/acceptance/bootstrap/SharingNgContext.php @@ -151,6 +151,7 @@ class SharingNgContext implements Context { * @param string $fileOrFolder (file|folder) * @param string $space * @param string|null $resource + * @param string|null $query * * @return ResponseInterface * @throws GuzzleException @@ -159,7 +160,8 @@ class SharingNgContext implements Context { string $user, string $fileOrFolder, string $space, - ?string $resource = '' + ?string $resource = '', + ?string $query = null ): ResponseInterface { $spaceId = ($this->spacesContext->getSpaceByName($user, $space))["id"]; @@ -175,7 +177,8 @@ class SharingNgContext implements Context { $user, $this->featureContext->getPasswordForUser($user), $spaceId, - $itemId + $itemId, + $query ); } @@ -2091,4 +2094,29 @@ class SharingNgContext implements Context { ); } } + + /** + * @When /^user "([^"]*)" gets the allowed roles for federated user of (folder|file) "([^"]*)" from the space "([^"]*)" using the Graph API$/ + * + * @param string $user + * @param string $fileOrFolder (file|folder) + * @param string $resource + * @param string $space + * + * @return void + * @throws Exception + */ + public function userGetsFederatedPermissionsListForFileOfTheSpaceUsingTheGraphApi( + string $user, + string $fileOrFolder, + string $resource, + string $space + ): void { + $query = '$filter=@libre.graph.permissions.roles.allowedValues' + . '/rolePermissions/any(p:contains(p/condition,+\'@Subject.UserType=="Federated"\'))' + . '&$select=@libre.graph.permissions.roles.allowedValues'; + $this->featureContext->setResponse( + $this->getPermissionsList($user, $fileOrFolder, $space, $resource, $query) + ); + } } diff --git a/tests/acceptance/features/apiOcm/listPermissions.feature b/tests/acceptance/features/apiOcm/listPermissions.feature new file mode 100644 index 000000000..7f383dae9 --- /dev/null +++ b/tests/acceptance/features/apiOcm/listPermissions.feature @@ -0,0 +1,272 @@ +@ocm +Feature: List a federated sharing permissions + As a user + I want to list the permissions for federated share + So that the federated share is assigned the correct permissions + + Background: + Given user "Alice" has been created with default attributes + + @issue-9898 + Scenario: user lists permissions of a resource shared to a federated user + Given using server "LOCAL" + And "Alice" has created the federation share invitation + And using server "REMOTE" + And user "Brian" has been created with default attributes + And "Brian" has accepted invitation + And using server "LOCAL" + And user "Alice" has uploaded file with content "ocm test" to "/textfile.txt" + And user "Alice" has sent the following resource share invitation to federated user: + | resource | textfile.txt | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Viewer | + When user "Alice" gets permissions list for file "textfile.txt" of the space "Personal" using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "@libre.graph.permissions.actions.allowedValues", + "@libre.graph.permissions.roles.allowedValues", + "value" + ], + "properties": { + "value": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "uniqueItems": true, + "items": { + "oneOf":[ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties": { + "user": { + "type": "object", + "required": ["@libre.graph.userType","displayName","id"], + "properties": { + "@libre.graph.userType": { + "const": "Federated" + }, + "id": { + "type": "string", + "pattern": "^%federated_user_id_pattern%$" + }, + "displayName": { + "const": "Brian Murphy" + } + } + } + } + }, + "id": { + "type": "string", + "pattern": "^%user_id_pattern%$" + }, + "invitation": { + "type": "object", + "required": ["invitedBy"], + "properties": { + "invitedBy": { + "type": "object", + "required": ["user"], + "properties": { + "user": { + "type": "object", + "required": ["@libre.graph.userType", "displayName", "id"], + "properties": { + "@libre.graph.userType": { + "const": "Member" + }, + "id": { + "type": "string", + "pattern": "^%user_id_pattern%$" + }, + "displayName": { + "const": "Alice Hansen" + } + } + } + } + } + } + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "string", + "pattern": "^%role_id_pattern%$" + } + } + } + } + ] + } + } + } + } + """ + + @issue-9745 @env-config + Scenario: user lists allowed file permissions for federated user + Given using server "LOCAL" + And the administrator has enabled the permissions role "Secure Viewer" + And user "Alice" has uploaded file with content "ocm test" to "/textfile.txt" + When user "Alice" gets the allowed roles for federated user of file "textfile.txt" from the space "Personal" using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "@libre.graph.permissions.roles.allowedValues" + ], + "properties": { + "@libre.graph.permissions.roles.allowedValues": { + "type": "array", + "minItems": 2, + "maxItems": 2, + "uniqueItems": true, + "items": { + "oneOf":[ + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "@libre.graph.weight": { + "const": 1 + }, + "description": { + "const": "View and download." + }, + "displayName": { + "const": "Can view" + }, + "id": { + "const": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" + } + } + }, + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "@libre.graph.weight": { + "const": 2 + }, + "description": { + "const": "View, download and edit." + }, + "displayName": { + "const": "Can edit" + }, + "id": { + "const": "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a" + } + } + } + ] + } + } + } + } + """ + + @issue-9745 + Scenario: user lists allowed folder permissions for federated user + Given using server "LOCAL" + And the administrator has enabled the permissions role "Secure Viewer" + And user "Alice" has created folder "folderToShare" + When user "Alice" gets the allowed roles for federated user of folder "folderToShare" from the space "Personal" using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "@libre.graph.permissions.roles.allowedValues" + ], + "properties": { + "@libre.graph.permissions.roles.allowedValues": { + "type": "array", + "minItems": 2, + "maxItems": 2, + "uniqueItems": true, + "items": { + "oneOf":[ + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "@libre.graph.weight": { + "const": 1 + }, + "description": { + "const": "View and download." + }, + "displayName": { + "const": "Can view" + }, + "id": { + "const": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" + } + } + }, + { + "type": "object", + "required": [ + "@libre.graph.weight", + "description", + "displayName", + "id" + ], + "properties": { + "@libre.graph.weight": { + "const": 2 + }, + "description": { + "const": "View, download, upload, edit, add and delete." + }, + "displayName": { + "const": "Can edit" + }, + "id": { + "const": "fb6c3e19-e378-47e5-b277-9732f9de6e21" + } + } + } + ] + } + } + } + } + """ diff --git a/tests/acceptance/features/apiOcm/share.feature b/tests/acceptance/features/apiOcm/share.feature index 43266cd77..7107339ff 100755 --- a/tests/acceptance/features/apiOcm/share.feature +++ b/tests/acceptance/features/apiOcm/share.feature @@ -796,122 +796,6 @@ Feature: an user shares resources using ScienceMesh application } """ - @issue-9898 - Scenario: user lists permissions of a resource shared to a federated user - Given using server "LOCAL" - And "Alice" has created the federation share invitation - And using server "REMOTE" - And "Brian" has accepted invitation - And using server "LOCAL" - And user "Alice" has uploaded file with content "ocm test" to "/textfile.txt" - And user "Alice" has sent the following resource share invitation to federated user: - | resource | textfile.txt | - | space | Personal | - | sharee | Brian | - | shareType | user | - | permissionsRole | Viewer | - And using server "LOCAL" - When user "Alice" gets permissions list for file "textfile.txt" of the space "Personal" using the Graph API - Then the HTTP status code should be "200" - And the JSON data of the response should match - """ - { - "type": "object", - "required": [ - "@libre.graph.permissions.actions.allowedValues", - "@libre.graph.permissions.roles.allowedValues", - "value" - ], - "properties": { - "value": { - "type": "array", - "minItems": 1, - "maxItems": 1, - "uniqueItems": true, - "items": { - "oneOf":[ - { - "type": "object", - "required": [ - "grantedToV2", - "id", - "roles" - ], - "properties": { - "grantedToV2": { - "type": "object", - "required": ["user"], - "properties": { - "user": { - "type": "object", - "required": ["@libre.graph.userType","displayName","id"], - "properties": { - "@libre.graph.userType": { - "type": "string", - "const": "Federated" - }, - "id": { - "type": "string", - "pattern": "^%federated_user_id_pattern%$" - }, - "displayName": { - "const": "Brian Murphy" - } - } - } - } - }, - "id": { - "type": "string", - "pattern": "^%user_id_pattern%$" - }, - "invitation": { - "type": "object", - "required": ["invitedBy"], - "properties": { - "invitedBy": { - "type": "object", - "required": ["user"], - "properties": { - "user": { - "type": "object", - "required": ["@libre.graph.userType", "displayName", "id"], - "properties": { - "@libre.graph.userType": { - "type": "string", - "const": "Member" - }, - "id": { - "type": "string", - "pattern": "^%user_id_pattern%$" - }, - "displayName": { - "const": "Alice Hansen" - } - } - } - } - } - } - }, - "roles": { - "type": "array", - "minItems": 1, - "maxItems": 1, - "items": { - "type": "string", - "pattern": "^%role_id_pattern%$" - } - } - } - } - ] - } - } - } - } - """ - @issue-10222 @issue-10495 Scenario: local user lists multiple federation shares Given using server "LOCAL" diff --git a/tests/acceptance/features/apiSharingNg1/listPermissions.feature b/tests/acceptance/features/apiSharingNg1/listPermissions.feature index 7b78789ff..27f14d0d6 100644 --- a/tests/acceptance/features/apiSharingNg1/listPermissions.feature +++ b/tests/acceptance/features/apiSharingNg1/listPermissions.feature @@ -21,29 +21,26 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.permissions.actions.allowedValues": { - "type": "array", - "enum": [ - [ - "libre.graph/driveItem/permissions/create", - "libre.graph/driveItem/children/create", - "libre.graph/driveItem/standard/delete", - "libre.graph/driveItem/path/read", - "libre.graph/driveItem/quota/read", - "libre.graph/driveItem/content/read", - "libre.graph/driveItem/upload/create", - "libre.graph/driveItem/permissions/read", - "libre.graph/driveItem/children/read", - "libre.graph/driveItem/versions/read", - "libre.graph/driveItem/deleted/read", - "libre.graph/driveItem/path/update", - "libre.graph/driveItem/permissions/delete", - "libre.graph/driveItem/deleted/delete", - "libre.graph/driveItem/versions/update", - "libre.graph/driveItem/deleted/update", - "libre.graph/driveItem/basic/read", - "libre.graph/driveItem/permissions/update", - "libre.graph/driveItem/permissions/deny" - ] + "const": [ + "libre.graph/driveItem/permissions/create", + "libre.graph/driveItem/children/create", + "libre.graph/driveItem/standard/delete", + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/quota/read", + "libre.graph/driveItem/content/read", + "libre.graph/driveItem/upload/create", + "libre.graph/driveItem/permissions/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/versions/read", + "libre.graph/driveItem/deleted/read", + "libre.graph/driveItem/path/update", + "libre.graph/driveItem/permissions/delete", + "libre.graph/driveItem/deleted/delete", + "libre.graph/driveItem/versions/update", + "libre.graph/driveItem/deleted/update", + "libre.graph/driveItem/basic/read", + "libre.graph/driveItem/permissions/update", + "libre.graph/driveItem/permissions/deny" ] }, "@libre.graph.permissions.roles.allowedValues": { @@ -63,28 +60,16 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "type": "integer", - "enum": [ - 1 - ] + "const": 1 }, "description": { - "type": "string", - "enum": [ - "View and download." - ] + "const": "View and download." }, "displayName": { - "type": "string", - "enum": [ - "Can view" - ] + "const": "Can view" }, "id": { - "type": "string", - "enum": [ - "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" - ] + "const": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" } } }, @@ -98,28 +83,16 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "type": "integer", - "enum": [ - 2 - ] + "const": 2 }, "description": { - "type": "string", - "enum": [ - "View, download and upload." - ] + "const": "View, download and upload." }, "displayName": { - "type": "string", - "enum": [ - "Can upload" - ] + "const": "Can upload" }, "id": { - "type": "string", - "enum": [ - "1c996275-f1c9-4e71-abdf-a42f6495e960" - ] + "const": "1c996275-f1c9-4e71-abdf-a42f6495e960" } } }, @@ -133,28 +106,16 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.weight": { - "type": "integer", - "enum": [ - 3 - ] + "const": 3 }, "description": { - "type": "string", - "enum": [ - "View, download, upload, edit, add and delete." - ] + "const": "View, download, upload, edit, add and delete." }, "displayName": { - "type": "string", - "enum": [ - "Can edit" - ] + "const": "Can edit" }, "id": { - "type": "string", - "enum": [ - "fb6c3e19-e378-47e5-b277-9732f9de6e21" - ] + "const": "fb6c3e19-e378-47e5-b277-9732f9de6e21" } } } @@ -580,29 +541,26 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.permissions.actions.allowedValues": { - "type": "array", - "enum": [ - [ - "libre.graph/driveItem/permissions/create", - "libre.graph/driveItem/children/create", - "libre.graph/driveItem/standard/delete", - "libre.graph/driveItem/path/read", - "libre.graph/driveItem/quota/read", - "libre.graph/driveItem/content/read", - "libre.graph/driveItem/upload/create", - "libre.graph/driveItem/permissions/read", - "libre.graph/driveItem/children/read", - "libre.graph/driveItem/versions/read", - "libre.graph/driveItem/deleted/read", - "libre.graph/driveItem/path/update", - "libre.graph/driveItem/permissions/delete", - "libre.graph/driveItem/deleted/delete", - "libre.graph/driveItem/versions/update", - "libre.graph/driveItem/deleted/update", - "libre.graph/driveItem/basic/read", - "libre.graph/driveItem/permissions/update", - "libre.graph/driveItem/permissions/deny" - ] + "const": [ + "libre.graph/driveItem/permissions/create", + "libre.graph/driveItem/children/create", + "libre.graph/driveItem/standard/delete", + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/quota/read", + "libre.graph/driveItem/content/read", + "libre.graph/driveItem/upload/create", + "libre.graph/driveItem/permissions/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/versions/read", + "libre.graph/driveItem/deleted/read", + "libre.graph/driveItem/path/update", + "libre.graph/driveItem/permissions/delete", + "libre.graph/driveItem/deleted/delete", + "libre.graph/driveItem/versions/update", + "libre.graph/driveItem/deleted/update", + "libre.graph/driveItem/basic/read", + "libre.graph/driveItem/permissions/update", + "libre.graph/driveItem/permissions/deny" ] }, "@libre.graph.permissions.roles.allowedValues": { @@ -683,30 +641,27 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.permissions.actions.allowedValues": { - "type": "array", - "enum": [ - [ - "libre.graph/driveItem/permissions/create", - "libre.graph/driveItem/children/create", - "libre.graph/driveItem/standard/delete", - "libre.graph/driveItem/path/read", - "libre.graph/driveItem/quota/read", - "libre.graph/driveItem/content/read", - "libre.graph/driveItem/upload/create", - "libre.graph/driveItem/permissions/read", - "libre.graph/driveItem/children/read", - "libre.graph/driveItem/versions/read", - "libre.graph/driveItem/deleted/read", - "libre.graph/driveItem/path/update", - "libre.graph/driveItem/permissions/delete", - "libre.graph/driveItem/deleted/delete", - "libre.graph/driveItem/versions/update", - "libre.graph/driveItem/deleted/update", - "libre.graph/driveItem/basic/read", - "libre.graph/driveItem/permissions/update", - "libre.graph/driveItem/permissions/deny" - ] - ] + "const": [ + "libre.graph/driveItem/permissions/create", + "libre.graph/driveItem/children/create", + "libre.graph/driveItem/standard/delete", + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/quota/read", + "libre.graph/driveItem/content/read", + "libre.graph/driveItem/upload/create", + "libre.graph/driveItem/permissions/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/versions/read", + "libre.graph/driveItem/deleted/read", + "libre.graph/driveItem/path/update", + "libre.graph/driveItem/permissions/delete", + "libre.graph/driveItem/deleted/delete", + "libre.graph/driveItem/versions/update", + "libre.graph/driveItem/deleted/update", + "libre.graph/driveItem/basic/read", + "libre.graph/driveItem/permissions/update", + "libre.graph/driveItem/permissions/deny" + ] }, "@libre.graph.permissions.roles.allowedValues": { "type": "array", @@ -809,30 +764,27 @@ Feature: List a sharing permissions ], "properties": { "@libre.graph.permissions.actions.allowedValues": { - "type": "array", - "enum": [ - [ - "libre.graph/driveItem/permissions/create", - "libre.graph/driveItem/children/create", - "libre.graph/driveItem/standard/delete", - "libre.graph/driveItem/path/read", - "libre.graph/driveItem/quota/read", - "libre.graph/driveItem/content/read", - "libre.graph/driveItem/upload/create", - "libre.graph/driveItem/permissions/read", - "libre.graph/driveItem/children/read", - "libre.graph/driveItem/versions/read", - "libre.graph/driveItem/deleted/read", - "libre.graph/driveItem/path/update", - "libre.graph/driveItem/permissions/delete", - "libre.graph/driveItem/deleted/delete", - "libre.graph/driveItem/versions/update", - "libre.graph/driveItem/deleted/update", - "libre.graph/driveItem/basic/read", - "libre.graph/driveItem/permissions/update", - "libre.graph/driveItem/permissions/deny" - ] - ] + "const": [ + "libre.graph/driveItem/permissions/create", + "libre.graph/driveItem/children/create", + "libre.graph/driveItem/standard/delete", + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/quota/read", + "libre.graph/driveItem/content/read", + "libre.graph/driveItem/upload/create", + "libre.graph/driveItem/permissions/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/versions/read", + "libre.graph/driveItem/deleted/read", + "libre.graph/driveItem/path/update", + "libre.graph/driveItem/permissions/delete", + "libre.graph/driveItem/deleted/delete", + "libre.graph/driveItem/versions/update", + "libre.graph/driveItem/deleted/update", + "libre.graph/driveItem/basic/read", + "libre.graph/driveItem/permissions/update", + "libre.graph/driveItem/permissions/deny" + ] }, "@libre.graph.permissions.roles.allowedValues": { "type": "array", @@ -2582,4 +2534,4 @@ Feature: List a sharing permissions } } } - """ \ No newline at end of file + """