diff --git a/tests/acceptance/features/apiSharing-v1/disableSharing.feature b/tests/acceptance/features/apiSharing-v1/disableSharing.feature new file mode 100644 index 000000000000..ef60a5a6f7eb --- /dev/null +++ b/tests/acceptance/features/apiSharing-v1/disableSharing.feature @@ -0,0 +1,69 @@ +@api +Feature: sharing +As an admin +I want to be able to disable sharing functionality +So that ownCloud users cannot share file or folder + + Background: + Given using API version "1" + And using old DAV path + + Scenario: user tries to share a file with another user when the sharing api has been disabled + Given as user "admin" + And user "user0" has been created + And user "user1" has been created + And as user "admin" + When parameter "shareapi_enabled" of app "core" has been set to "no" + Then user "user0" should not be able to share file "welcome.txt" with user "user1" using the API + And the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: user tries to share a folder with another user when the sharing api has been disabled + Given as user "admin" + And user "user0" has been created + And user "user1" has been created + And as user "admin" + When parameter "shareapi_enabled" of app "core" has been set to "no" + Then user "user0" should not be able to share folder "/FOLDER" with user "user1" using the API + And the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: user tries to share a file with group when the sharing api has been disabled + Given as user "admin" + And user "user0" has been created + And user "user1" has been created + And group "sharinggroup" has been created + And user "user1" has been added to group "sharinggroup" + And as user "admin" + When parameter "shareapi_enabled" of app "core" has been set to "no" + Then user "user0" should not be able to share file "welcome.txt" with group "sharinggroup" using the API + And the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: user tries to share a folder with group when the sharing api has been disabled + Given as user "admin" + And user "user0" has been created + And user "user1" has been created + And group "sharinggroup" has been created + And user "user1" has been added to group "sharinggroup" + And as user "admin" + When parameter "shareapi_enabled" of app "core" has been set to "no" + Then user "user0" should not be able to share folder "/FOLDER" with group "sharinggroup" using the API + And the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: user tries to create public share of a file when the sharing api has been disabled + Given user "user0" has been created + And as user "admin" + When parameter "shareapi_enabled" of app "core" has been set to "no" + Then user "user0" should not be able to create public share of file "welcome.txt" using the API + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: user tries to create public share of a folder when the sharing api has been disabled + Given user "user0" has been created + And as user "admin" + When parameter "shareapi_enabled" of app "core" has been set to "no" + Then user "user0" should not be able to create public share of folder "/FOLDER" using the API + Then the OCS status code should be "404" + And the HTTP status code should be "200" \ No newline at end of file diff --git a/tests/acceptance/features/bootstrap/Sharing.php b/tests/acceptance/features/bootstrap/Sharing.php index 80940a6280c3..e2c3c3dccd88 100644 --- a/tests/acceptance/features/bootstrap/Sharing.php +++ b/tests/acceptance/features/bootstrap/Sharing.php @@ -423,6 +423,22 @@ public function publiclyUploadingContentAutorename($filename, $body = 'test') { $this->publicUploadContent($filename, '', $body, true); } + /** + * @Then /^user "([^"]*)" should not be able to create public share of (?:file|folder) "([^"]*)" using the API$/ + * + * @param string $sharer + * @param string $filepath + * + * @return void + */ + public function shouldNotBeAbleToCreatePublicShare($sharer, $filepath) { + $this->createAPublicShare($sharer, $filepath); + PHPUnit_Framework_Assert::assertEquals( + 404, + $this->getOCSResponseStatusCode($this->response) + ); + } + /** * @Then publicly uploading a file should not work * @@ -847,6 +863,35 @@ public function userSharesFileWithGroupUsingTheAPI( ); } + /** + * @Then /^user "([^"]*)" should not be able to share (?:file|folder|entry) "([^"]*)" with (?:user|group) "([^"]*)"(?: with permissions ([\d]*))? using the API$/ + * + * @param string $sharer + * @param string $filepath + * @param string $sharee + * @param int $permissions + * + * @return void + */ + public function userTriesToShareFileWithUserUsingTheApi($sharer, $filepath, $sharee, $permissions = null) { + $time = \time(); + if ($this->lastShareTime !== null && $time - $this->lastShareTime < 1) { + // prevent creating two shares with the same "stime" which is + // based on seconds, this affects share merging order and could + // affect expected test result order + \sleep(1); + } + $this->lastShareTime = $time; + $this->createShare( + $sharer, $filepath, 0, $sharee, null, null, $permissions + ); + $responseMessage = \json_decode(\json_encode($this->response->xml()->meta->message), 1); + PHPUnit_Framework_Assert::assertEquals( + 404, + $this->getOCSResponseStatusCode($this->response) + ); + } + /** * @When /^the user deletes the last share using the API$/ * @Given /^the user has deleted the last share$/