diff --git a/tests/acceptance/bootstrap/OcisConfigContext.php b/tests/acceptance/bootstrap/OcisConfigContext.php index 4a7a32172c9..85f20c871e6 100644 --- a/tests/acceptance/bootstrap/OcisConfigContext.php +++ b/tests/acceptance/bootstrap/OcisConfigContext.php @@ -31,6 +31,24 @@ * steps needed to re-configure oCIS server */ class OcisConfigContext implements Context { + private array $enabledPermissionsRoles = []; + + /** + * @return array + */ + public function getEnabledPermissionsRoles(): array { + return $this->enabledPermissionsRoles; + } + + /** + * @param array $enabledPermissionsRoles + * + * @return void + */ + public function setEnabledPermissionsRoles(array $enabledPermissionsRoles): void { + $this->enabledPermissionsRoles = $enabledPermissionsRoles; + } + /** * @Given async upload has been enabled with post-processing delayed to :delayTime seconds * @@ -99,6 +117,33 @@ public function theAdministratorHasEnabledTheRole(string $role): void { $response->getStatusCode(), "Failed to enable role $role" ); + $this->setEnabledPermissionsRoles($defaultRoles); + } + + /** + * @Given the administrator has disabled the permissions role :role + * + * @param string $role + * + * @return void + */ + public function theAdministratorHasDisabledThePermissionsRole(string $role): void { + $roleId = GraphHelper::getPermissionsRoleIdByName($role); + $availableRoles = $this->getEnabledPermissionsRoles(); + + if ($key = array_search($roleId, $availableRoles)) { + unset($availableRoles[$key]); + } + $envs = [ + "GRAPH_AVAILABLE_ROLES" => implode(',', $availableRoles), + ]; + $response = OcisConfigHelper::reConfigureOcis($envs); + Assert::assertEquals( + 200, + $response->getStatusCode(), + "Failed to disable role $role" + ); + $this->setEnabledPermissionsRoles($availableRoles); } /** diff --git a/tests/acceptance/features/apiSharingNg1/sharedByMe.feature b/tests/acceptance/features/apiSharingNg1/sharedByMe.feature index 71c85b51e6e..e4947882929 100644 --- a/tests/acceptance/features/apiSharingNg1/sharedByMe.feature +++ b/tests/acceptance/features/apiSharingNg1/sharedByMe.feature @@ -3863,3 +3863,221 @@ Feature: resources shared by user } } """ + + @env-config + Scenario Outline: sharer lists share with role Secure Viewer after share role is disabled (Personal Space) + Given the administrator has enabled the permissions role "Secure Viewer" + And user "Alice" has uploaded file with content "some content" to "textfile.txt" + And user "Alice" has created folder "folderToShare" + And user "Alice" has sent the following resource share invitation: + | resource | | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And user "Brian" has a share "" synced + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "type": "array", + "enum": [[ + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/basic/read" + ]] + }, + "roles": { "const": null } + } + } + } + } + } + """ + Examples: + | resource | + | textfile.txt | + | folderToShare | + + @env-config + Scenario: sharer lists folder share with role Denied after share role is disabled (Personal Space) + Given the administrator has enabled the permissions role "Denied" + And user "Alice" has created folder "folderToShare" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Denied | + And the administrator has disabled the permissions role "Denied" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "folderToShare" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "type": "array", + "enum": [["none"]] + }, + "roles": { "const": null } + } + } + } + } + } + """ + + @env-config + Scenario Outline: sharer lists share with role Secure Viewer after share role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the permissions role "Secure Viewer" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has uploaded a file inside space "new-space" with content "some content" to "textfile.txt" + And user "Alice" has created a folder "folderToShare" in space "new-space" + And user "Alice" has sent the following resource share invitation: + | resource | | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And user "Brian" has a share "" synced + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "type": "array", + "enum": [[ + "libre.graph/driveItem/path/read", + "libre.graph/driveItem/children/read", + "libre.graph/driveItem/basic/read" + ]] + }, + "roles": { "const": null } + } + } + } + } + } + """ + Examples: + | resource | + | textfile.txt | + | folderToShare | + + @env-config + Scenario: sharer lists folder share with role Denied after share role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the permissions role "Denied" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has created a folder "folderToShare" in space "new-space" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Denied | + And the administrator has disabled the permissions role "Denied" + When user "Alice" lists the shares shared by her using the Graph API + Then the HTTP status code should be "200" + And the JSON data of the response should contain resource "folderToShare" with the following data: + """ + { + "type": "object", + "required": [ + "parentReference", + "permissions", + "name" + ], + "properties": { + "permissions": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "type": "object", + "required": [ + "@libre.graph.permissions.actions", + "grantedToV2", + "id", + "invitation" + ], + "properties": { + "@libre.graph.permissions.actions": { + "type": "array", + "enum": [["none"]] + }, + "roles": { "const": null } + } + } + } + } + } + """