Skip to content

Commit

Permalink
Refactor share permission related scenario
Browse files Browse the repository at this point in the history
  • Loading branch information
@amrita-shrestha
amrita-shrestha committed Feb 1, 2023
1 parent 486453b commit b3be7c4
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 444 deletions.
10 changes: 2 additions & 8 deletions tests/acceptance/expected-failures-API-on-OCIS-storage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,8 +227,7 @@ cannot share a folder with create permission
- [coreApiSharePublicLink1/accessToPublicLinkShare.feature:21](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/accessToPublicLinkShare.feature#L21)
- [coreApiSharePublicLink1/accessToPublicLinkShare.feature:31](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/accessToPublicLinkShare.feature#L31)
- [coreApiSharePublicLink1/accessToPublicLinkShare.feature:47](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/accessToPublicLinkShare.feature#L47)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:528](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L528)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:549](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L549)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:354](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L354)

#### [download previews of other users file](https://github.com/owncloud/ocis/issues/2071)

Expand All @@ -251,12 +250,6 @@ cannot share a folder with create permission
- [coreApiWebdavPreviews/previews.feature:176](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavPreviews/previews.feature#L176)
- [coreApiWebdavPreviews/previews.feature:177](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavPreviews/previews.feature#L177)

#### [creating public links with permissions fails](https://github.com/owncloud/product/issues/252)

- [coreApiSharePublicLink1/changingPublicLinkShare.feature:30](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L30)
- [coreApiSharePublicLink1/changingPublicLinkShare.feature:51](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L51)
- [coreApiSharePublicLink1/changingPublicLinkShare.feature:90](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L90)

#### [copying a folder within a public link folder to folder with same name as an already existing file overwrites the parent file](https://github.com/owncloud/ocis/issues/1232)

- [coreApiSharePublicLink2/copyFromPublicLink.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink2/copyFromPublicLink.feature#L63)
Expand Down Expand Up @@ -433,6 +426,7 @@ API, search, favorites, config, capabilities, not existing endpoints, CORS and o
- [coreApiAuthOcs/ocsGETAuth.feature:121](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiAuthOcs/ocsGETAuth.feature#L121)
- [coreApiAuthOcs/ocsPOSTAuth.feature:8](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiAuthOcs/ocsPOSTAuth.feature#L8)
- [coreApiAuthOcs/ocsPUTAuth.feature:8](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiAuthOcs/ocsPUTAuth.feature#L8)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:344](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L344)

#### [sending MKCOL requests to another user's webDav endpoints as normal user gives 404 instead of 403 ](https://github.com/owncloud/ocis/issues/3872)

Expand Down
2 changes: 1 addition & 1 deletion tests/acceptance/features/coreApiSharePublicLink1/accessToPublicLinkShare.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,5 +55,5 @@ Feature: accessing a public link share
When the public accesses the preview of the following files from the last shared public link using the sharing API
| path |
| testavatar.jpg |
| textfile0.txt |
# | textfile0.txt |
Then the HTTP status code of responses on all endpoints should be "200"
205 changes: 27 additions & 178 deletions tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@api @files_sharing-app-required @public_link_share-feature-required @issue-ocis-reva-315 @issue-ocis-reva-316
@api @files_sharing-app-required @public_link_share-feature-required @issue-ocis-reva-315 @issue-ocis-reva-316 @issue-ocis-2079 @issue-ocis-reva-292

Feature: changing a public link share

Expand All @@ -10,261 +10,110 @@ Feature: changing a public link share
And user "Alice" has uploaded file "filesForUpload/textfile.txt" to "PARENT/parent.txt"


Scenario Outline: Public can or can-not delete file through publicly shared link depending on having delete permissions using the public WebDAV API
Scenario: Public can or can-not delete file through publicly shared link depending on having delete permissions using the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | <permissions> |
When the public deletes file "parent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
Then the HTTP status code should be "<http-status-code>"
And as "Alice" file "PARENT/parent.txt" <should-or-not> exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| permissions | http-status-code | should-or-not | public-webdav-api-version |
| read,update,create | 403 | should | old |
| read,update,create,delete | 204 | should not | old |

@issue-ocis-reva-292
Examples:
| permissions | http-status-code | should-or-not | public-webdav-api-version |
| read,update,create | 403 | should | new |
| read,update,create,delete | 204 | should not | new |


Scenario Outline: Public link share permissions work correctly for renaming and share permissions read,update,create with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "/PARENT/parent.txt" should exist
And as "Alice" file "/PARENT/newparent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |
| path | /PARENT |
| permissions | read,update,create,delete |
When the public deletes file "parent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "204"
And as "Alice" file "PARENT/parent.txt" should not exist

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |

@skipOnRansomwareProtection @issue-ransomware-208
Scenario Outline: Public link share permissions work correctly for renaming and share permissions read,update,create,delete using the public WebDAV API
Scenario: Public link share permissions work correctly for renaming and share permissions read,update,create,delete using the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create,delete |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/parent.txt" should not exist
And as "Alice" file "/PARENT/newparent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public link share permissions work correctly for upload with share permissions read,update,create with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create |
When the public uploads file "lorem.txt" with content "test" using the <public-webdav-api-version> public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "/PARENT/lorem.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public link share permissions work correctly for upload with share permissions read,update,create,delete with the public WebDAV API
Scenario: Public link share permissions work correctly for upload with share permissions read,update,create,delete with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create,delete |
When the public uploads file "lorem.txt" with content "test" using the <public-webdav-api-version> public WebDAV API
When the public uploads file "lorem.txt" with content "test" using the new public WebDAV API
Then the HTTP status code should be "201"
And the content of file "PARENT/lorem.txt" for user "Alice" should be "test"

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public cannot delete file through publicly shared link with password using an invalid password with public WebDAV API
Scenario: Public cannot delete file through publicly shared link with password using an invalid password with public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public deletes file "parent.txt" from the last public link share using the password "invalid" and <public-webdav-api-version> public WebDAV API
When the public deletes file "parent.txt" from the last public link share using the password "invalid" and new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "PARENT/parent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public can delete file through publicly shared link with password using the valid password with the public WebDAV API
Scenario: Public can delete file through publicly shared link with password using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public deletes file "parent.txt" from the last public link share using the password "newpasswd" and <public-webdav-api-version> public WebDAV API
When the public deletes file "parent.txt" from the last public link share using the password "newpasswd" and new public WebDAV API
Then the HTTP status code should be "204"
And as "Alice" file "PARENT/parent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public tries to rename a file in a password protected share using an invalid password with the public WebDAV API
Scenario: Public tries to rename a file in a password protected share using an invalid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "invalid" and <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "invalid" and new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "/PARENT/newparent.txt" should not exist
And as "Alice" file "/PARENT/parent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |

@skipOnRansomwareProtection @issue-ransomware-208
Scenario Outline: Public tries to rename a file in a password protected share using the valid password with the public WebDAV API
Scenario: Public tries to rename a file in a password protected share using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "newpasswd" and <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "newpasswd" and new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/newparent.txt" should exist
And as "Alice" file "/PARENT/parent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public tries to upload to a password protected public share using an invalid password with the public WebDAV API
Scenario: Public tries to upload to a password protected public share using an invalid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public uploads file "lorem.txt" with password "invalid" and content "test" using the <public-webdav-api-version> public WebDAV API
When the public uploads file "lorem.txt" with password "invalid" and content "test" using the new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "/PARENT/lorem.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public tries to upload to a password protected public share using the valid password with the public WebDAV API
Scenario: Public tries to upload to a password protected public share using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public uploads file "lorem.txt" with password "newpasswd" and content "test" using the <public-webdav-api-version> public WebDAV API
When the public uploads file "lorem.txt" with password "newpasswd" and content "test" using the new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/lorem.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public cannot rename a file in uploadwriteonly public link share with the public WebDAV API
Scenario: Public cannot rename a file in uploadwriteonly public link share with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | uploadwriteonly |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "/PARENT/parent.txt" should exist
And as "Alice" file "/PARENT/newparent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public cannot delete a file in uploadwriteonly public link share with the public WebDAV API
Scenario: Public cannot delete a file in uploadwriteonly public link share with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | uploadwriteonly |
When the public deletes file "parent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
When the public deletes file "parent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "PARENT/parent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |
Loading

0 comments on commit b3be7c4

Please sign in to comment.