Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[full-ci][tests-only]Refactor share permission in coreApiSharePublicLinkShare #5494

Merged
merged 2 commits into from
Feb 14, 2023
Merged

[full-ci][tests-only]Refactor share permission in coreApiSharePublicLinkShare #5494

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
618f3da
Refactor share permission related scenario
amrita-shrestha Feb 3, 2023
4ca95a3
Address review
amrita-shrestha Feb 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 2 additions & 8 deletions tests/acceptance/expected-failures-API-on-OCIS-storage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,8 +222,7 @@ cannot share a folder with create permission
- [coreApiShareOperationsToShares1/gettingShares.feature:222](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareOperationsToShares1/gettingShares.feature#L222)

#### [Public link enforce permissions](https://github.com/owncloud/ocis/issues/1269)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:528](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L528)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:549](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L549)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:353](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L353)

#### [download previews of other users file](https://github.com/owncloud/ocis/issues/2071)

Expand All @@ -246,12 +245,6 @@ cannot share a folder with create permission
- [coreApiWebdavPreviews/previews.feature:176](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavPreviews/previews.feature#L176)
- [coreApiWebdavPreviews/previews.feature:177](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiWebdavPreviews/previews.feature#L177)

#### [creating public links with permissions fails](https://github.com/owncloud/product/issues/252)

- [coreApiSharePublicLink1/changingPublicLinkShare.feature:30](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L30)
- [coreApiSharePublicLink1/changingPublicLinkShare.feature:51](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L51)
- [coreApiSharePublicLink1/changingPublicLinkShare.feature:90](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L90)

#### [copying a folder within a public link folder to folder with same name as an already existing file overwrites the parent file](https://github.com/owncloud/ocis/issues/1232)

- [coreApiSharePublicLink2/copyFromPublicLink.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink2/copyFromPublicLink.feature#L63)
Expand Down Expand Up @@ -503,6 +496,7 @@ API, search, favorites, config, capabilities, not existing endpoints, CORS and o
- [coreApiAuthOcs/ocsGETAuth.feature:121](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiAuthOcs/ocsGETAuth.feature#L121)
- [coreApiAuthOcs/ocsPOSTAuth.feature:8](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiAuthOcs/ocsPOSTAuth.feature#L8)
- [coreApiAuthOcs/ocsPUTAuth.feature:8](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiAuthOcs/ocsPUTAuth.feature#L8)
- [coreApiSharePublicLink1/createPublicLinkShare.feature:343](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/createPublicLinkShare.feature#L343)

#### [sending MKCOL requests to another user's webDav endpoints as normal user gives 404 instead of 403 ](https://github.com/owncloud/ocis/issues/3872)

Expand Down
198 changes: 27 additions & 171 deletions tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@api @files_sharing-app-required @public_link_share-feature-required @issue-ocis-reva-315 @issue-ocis-reva-316
@api @files_sharing-app-required @public_link_share-feature-required @issue-ocis-reva-315 @issue-ocis-reva-316 @issue-ocis-2079 @issue-ocis-reva-292

Feature: changing a public link share

Expand All @@ -14,257 +14,113 @@ Feature: changing a public link share
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | <permissions> |
When the public deletes file "parent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
When the public deletes file "parent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "<http-status-code>"
And as "Alice" file "PARENT/parent.txt" <should-or-not> exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| permissions | http-status-code | should-or-not | public-webdav-api-version |
| read,update,create | 403 | should | old |
| read,update,create,delete | 204 | should not | old |

@issue-ocis-reva-292
Examples:
| permissions | http-status-code | should-or-not | public-webdav-api-version |
| read,update,create | 403 | should | new |
| read,update,create,delete | 204 | should not | new |
| permissions | http-status-code | should-or-not |
| read | 403 | should |
| read,create | 403 | should |
| create | 403 | should |
| read,update,create,delete | 204 | should not |


Scenario Outline: Public link share permissions work correctly for renaming and share permissions read,update,create with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "/PARENT/parent.txt" should exist
And as "Alice" file "/PARENT/newparent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |

@skipOnRansomwareProtection @issue-ransomware-208
Scenario Outline: Public link share permissions work correctly for renaming and share permissions read,update,create,delete using the public WebDAV API
Scenario: Public link share permissions work correctly for renaming and share permissions read,update,create,delete using the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create,delete |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/parent.txt" should not exist
And as "Alice" file "/PARENT/newparent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public link share permissions work correctly for upload with share permissions read,update,create with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create |
When the public uploads file "lorem.txt" with content "test" using the <public-webdav-api-version> public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "/PARENT/lorem.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public link share permissions work correctly for upload with share permissions read,update,create,delete with the public WebDAV API
Scenario: Public link share permissions work correctly for upload with share permissions read,update,create,delete with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create,delete |
When the public uploads file "lorem.txt" with content "test" using the <public-webdav-api-version> public WebDAV API
When the public uploads file "lorem.txt" with content "test" using the new public WebDAV API
Then the HTTP status code should be "201"
And the content of file "PARENT/lorem.txt" for user "Alice" should be "test"

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public cannot delete file through publicly shared link with password using an invalid password with public WebDAV API
Scenario: Public cannot delete file through publicly shared link with password using an invalid password with public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public deletes file "parent.txt" from the last public link share using the password "invalid" and <public-webdav-api-version> public WebDAV API
When the public deletes file "parent.txt" from the last public link share using the password "invalid" and new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "PARENT/parent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public can delete file through publicly shared link with password using the valid password with the public WebDAV API
Scenario: Public can delete file through publicly shared link with password using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public deletes file "parent.txt" from the last public link share using the password "newpasswd" and <public-webdav-api-version> public WebDAV API
When the public deletes file "parent.txt" from the last public link share using the password "newpasswd" and new public WebDAV API
Then the HTTP status code should be "204"
And as "Alice" file "PARENT/parent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public tries to rename a file in a password protected share using an invalid password with the public WebDAV API
Scenario: Public tries to rename a file in a password protected share using an invalid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "invalid" and <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "invalid" and new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "/PARENT/newparent.txt" should not exist
And as "Alice" file "/PARENT/parent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |

@skipOnRansomwareProtection @issue-ransomware-208
Scenario Outline: Public tries to rename a file in a password protected share using the valid password with the public WebDAV API
Scenario: Public tries to rename a file in a password protected share using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "newpasswd" and <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "newpasswd" and new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/newparent.txt" should exist
And as "Alice" file "/PARENT/parent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public tries to upload to a password protected public share using an invalid password with the public WebDAV API
Scenario: Public tries to upload to a password protected public share using an invalid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public uploads file "lorem.txt" with password "invalid" and content "test" using the <public-webdav-api-version> public WebDAV API
When the public uploads file "lorem.txt" with password "invalid" and content "test" using the new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "/PARENT/lorem.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public tries to upload to a password protected public share using the valid password with the public WebDAV API
Scenario: Public tries to upload to a password protected public share using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | newpasswd |
When the public uploads file "lorem.txt" with password "newpasswd" and content "test" using the <public-webdav-api-version> public WebDAV API
When the public uploads file "lorem.txt" with password "newpasswd" and content "test" using the new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/lorem.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |


Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public cannot rename a file in uploadwriteonly public link share with the public WebDAV API
Scenario: Public cannot rename a file in uploadwriteonly public link share with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | uploadwriteonly |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "/PARENT/parent.txt" should exist
And as "Alice" file "/PARENT/newparent.txt" should not exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |


Scenario Outline: Public cannot delete a file in uploadwriteonly public link share with the public WebDAV API
Scenario: Public cannot delete a file in uploadwriteonly public link share with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | uploadwriteonly |
When the public deletes file "parent.txt" from the last public link share using the <public-webdav-api-version> public WebDAV API
When the public deletes file "parent.txt" from the last public link share using the new public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "PARENT/parent.txt" should exist

@notToImplementOnOCIS @issue-ocis-2079
Examples:
| public-webdav-api-version |
| old |

@issue-ocis-reva-292
Examples:
| public-webdav-api-version |
| new |
Loading