[tests-only][full-ci] tests: add api tests for deleting public link password (#7828)

2026-02-20 20:49:10 -06:00 · 2023-12-02 08:24:56 +05:45
parent 829e0341af
commit d37cea3a5e
4 changed files with 170 additions and 0 deletions
--- a/tests/acceptance/expected-failures-API-on-OCIS-storage.md
+++ b/tests/acceptance/expected-failures-API-on-OCIS-storage.md
@@ -515,5 +515,9 @@ Not everything needs to be implemented for ocis. While the oc10 testsuite covers
 - [coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature:22](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature#L22)
 - [coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature#L23)

+#### [Normal users can update the public link to delete its password if permission is not sent in data](https://github.com/owncloud/ocis/issues/7821)
+
+- [coreApiSharePublicLink1/changingPublicLinkShare.feature:154](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L154)
+
 Note: always have an empty line at the end of this file.
 The bash script that processes this file requires that the last line has a newline on the end.
--- a/tests/acceptance/features/apiSpacesShares/shareOperations.feature
+++ b/tests/acceptance/features/apiSpacesShares/shareOperations.feature
@@ -351,3 +351,40 @@ Feature: sharing
      | permissions |
      | change      |
      | create      |
+
+
+  Scenario Outline: space admin tries to remove password of a public link share (change/create permission)
+    Given using spaces DAV path
+    And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API
+    And user "Alice" has created folder "FOLDER"
+    And user "Alice" has created a public link share with settings
+      | path        | /FOLDER       |
+      | permissions | <permissions> |
+      | password    | %public%      |
+    When user "Alice" updates the last public link share using the sharing API with
+      | path        | /FOLDER       |
+      | permissions | <permissions> |
+      | password    |               |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "400"
+    And the OCS status message should be "missing required password"
+    Examples:
+      | permissions |
+      | change      |
+      | create      |
+
+
+  Scenario: space admin removes password of a public link share (read permission)
+    Given using spaces DAV path
+    And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API
+    And user "Alice" has created folder "FOLDER"
+    And user "Alice" has created a public link share with settings
+      | path        | /FOLDER  |
+      | permissions | read     |
+      | password    | %public% |
+    When user "Alice" updates the last public link share using the sharing API with
+      | path        | /FOLDER |
+      | permissions | read    |
+      | password    |         |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "100"
--- a/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature
+++ b/tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature
@@ -128,3 +128,66 @@ Feature: Share spaces via link
    Then the HTTP status code should be "400"
    And the OCS status message should be "Can not share space root"
    And for user "Alice" the space "Alice Hansen" should not contain the last created public link
+
+
+  Scenario: space admin removes password of a public link share of a space
+    Given user "Alice" has created a public link share of the space "share space" with settings:
+      | permissions | 1        |
+      | password    | %public% |
+    When user "Alice" updates the last public link share using the sharing API with
+      | permissions | 1 |
+      | password    |   |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "100"
+
+
+  Scenario Outline: space admin tries to remove password of a public link share of a space (various permission)
+    Given user "Alice" has created a public link share of the space "share space" with settings:
+      | permissions | <permissions> |
+      | password    | %public%      |
+    When user "Alice" updates the last public link share using the sharing API with
+      | permissions | <permissions> |
+      | password    |               |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "400"
+    And the OCS status message should be "missing required password"
+    Examples:
+      | permissions |
+      | 5           |
+      | 15          |
+      | 4           |
+
+
+  Scenario: space manager tries to remove password of a public link share of a space (read permission)
+    Given user "Alice" has shared a space "share space" with settings:
+      | shareWith | Brian   |
+      | role      | manager |
+    And user "Brian" has created a public link share of the space "share space" with settings:
+      | permissions | 1        |
+      | password    | %public% |
+    When user "Brian" updates the last public link share using the sharing API with
+      | permissions | 1 |
+      | password    |   |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "104"
+    And the OCS status message should be "user is not allowed to delete the password from the public link"
+
+
+  Scenario Outline: space manager tries to remove password of a public link share of a space (various permission)
+    Given user "Alice" has shared a space "share space" with settings:
+      | shareWith | Brian   |
+      | role      | manager |
+    And user "Brian" has created a public link share of the space "share space" with settings:
+      | permissions | <permissions> |
+      | password    | %public%      |
+    When user "Brian" updates the last public link share using the sharing API with
+      | permissions | <permissions> |
+      | password    |               |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "400"
+    And the OCS status message should be "missing required password"
+    Examples:
+      | permissions |
+      | 5           |
+      | 15          |
+      | 4           |
--- a/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature
+++ b/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature
@@ -131,3 +131,69 @@ Feature: changing a public link share
    When the public deletes file "parent.txt" from the last public link share using the password "%public%" and new public WebDAV API
    Then the HTTP status code should be "403"
    And as "Alice" file "PARENT/parent.txt" should exist
+
+
+  Scenario Outline: normal user tries to remove password of a public link share (change/create permission)
+    Given user "Alice" has created a public link share with settings
+      | path        | /PARENT       |
+      | permissions | <permissions> |
+      | password    | %public%      |
+    When user "Alice" updates the last public link share using the sharing API with
+      | path        | /PARENT       |
+      | permissions | <permissions> |
+      | password    |               |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "400"
+    And the OCS status message should be "missing required password"
+    Examples:
+      | permissions |
+      | change      |
+      | create      |
+
+  @issue-7821
+  Scenario: normal user tries to remove password of a public link (update without sending permissions)
+    Given user "Alice" has created a public link share with settings
+      | path        | /PARENT  |
+      | permissions | change   |
+      | password    | %public% |
+    When user "Alice" updates the last public link share using the sharing API with
+      | path     | /PARENT |
+      | password |         |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "400"
+    And the OCS status message should be "missing required password"
+
+
+  Scenario: administrator removes password of a read-only public link
+    Given admin has created folder "/PARENT"
+    And user "admin" has uploaded file "filesForUpload/textfile.txt" to "PARENT/parent.txt"
+    And user "admin" has created a public link share with settings
+      | path        | /PARENT  |
+      | permissions | read     |
+      | password    | %public% |
+    When user "admin" updates the last public link share using the sharing API with
+      | path        | /PARENT |
+      | permissions | read    |
+      | password    |         |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "100"
+    And the public should be able to download file "/parent.txt" from inside the last public link shared folder using the new public WebDAV API with password ""
+
+
+  Scenario Outline: administrator tries to remove password of a public link share (change/create permission)
+    Given admin has created folder "/PARENT"
+    And user "admin" has created a public link share with settings
+      | path        | /PARENT       |
+      | permissions | <permissions> |
+      | password    | %public%      |
+    When user "admin" updates the last public link share using the sharing API with
+      | path        | /PARENT       |
+      | permissions | <permissions> |
+      | password    |               |
+    Then the HTTP status code should be "200"
+    And the OCS status code should be "400"
+    And the OCS status message should be "missing required password"
+    Examples:
+      | permissions |
+      | change      |
+      | create      |