downloading file shared via secure view role

2026-01-02 18:30:14 -06:00 · 2024-06-19 14:36:35 +05:45
parent 6176b4c00c
commit dc0401e25e
2 changed files with 44 additions and 0 deletions
--- a/tests/acceptance/features/apiSpaces/filePreviews.feature
+++ b/tests/acceptance/features/apiSpaces/filePreviews.feature
@@ -61,6 +61,23 @@ Feature: Preview file in project space
      | filesForUpload/lorem.txt      | lorem.txt      |


+  Scenario Outline: download preview of shared file shared via Secure viewer permission role
+    Given user "Brian" has been created with default attributes and without skeleton files
+    And user "Alice" has uploaded a file from "<source>" to "<destination>" via TUS inside of the space "Alice Hansen" using the WebDAV API
+    And user "Alice" has sent the following resource share invitation:
+      | resource        | <destination> |
+      | space           | Personal      |
+      | sharee          | Brian         |
+      | shareType       | user          |
+      | permissionsRole | Secure viewer |
+    When user "Brian" downloads the preview of shared resource "/Shares/<destination>" with width "32" and height "32" using the WebDAV API
+    Then the HTTP status code should be "403"
+    Examples:
+      | source                        | destination    |
+      | filesForUpload/testavatar.png | testavatar.png |
+      | filesForUpload/lorem.txt      | lorem.txt      |
+
+
  Scenario: download preview of file inside shared folder in project space
    Given user "Brian" has been created with default attributes and without skeleton files
    And user "Alice" has created a folder "folder" in space "previews of the files"
--- a/tests/acceptance/features/apiSpacesShares/shareOperations.feature
+++ b/tests/acceptance/features/apiSpacesShares/shareOperations.feature
@@ -382,6 +382,33 @@ Feature: sharing
      | Uploader         |


+  Scenario: sharee cannot download file shared with Secure viewer permission by sharee
+    Given using old DAV path
+    And user "Alice" has uploaded file with content "hello world" to "textfile.txt"
+    And user "Alice" has sent the following resource share invitation:
+      | resource        | textfile.txt  |
+      | space           | Personal      |
+      | sharee          | Brian         |
+      | shareType       | user          |
+      | permissionsRole | Secure viewer |
+    And user "Brian" downloads file "/Shares/textfile.txt" using the WebDAV API
+    Then the HTTP status code should be "403"
+
+
+  Scenario: sharee cannot download file inside folder shared with Secure viewer permission by sharee
+    Given using old DAV path
+    And user "Alice" has created folder "FolderToShare"
+    And user "Alice" has uploaded file with content "hello world" to "FolderToShare/textfile.txt"
+    And user "Alice" has sent the following resource share invitation:
+      | resource        | FolderToShare |
+      | space           | Personal      |
+      | sharee          | Brian         |
+      | shareType       | user          |
+      | permissionsRole | Secure viewer |
+    And user "Brian" downloads file "/Shares/FolderToShare/textfile.txt" using the WebDAV API
+    Then the HTTP status code should be "403"
+
+
  Scenario Outline: space admin tries to remove password of a public link share (change/create permission)
    Given using spaces DAV path
    And using OCS API version "<ocs-api-version>"