diff --git a/tests/acceptance/bootstrap/OcisConfigContext.php b/tests/acceptance/bootstrap/OcisConfigContext.php index 85f20c871e6..8b40442b3e8 100644 --- a/tests/acceptance/bootstrap/OcisConfigContext.php +++ b/tests/acceptance/bootstrap/OcisConfigContext.php @@ -120,6 +120,33 @@ public function theAdministratorHasEnabledTheRole(string $role): void { $this->setEnabledPermissionsRoles($defaultRoles); } + /** + * @Given the administrator has enabled the following permissions roles: + * + * @param TableNode $table + * + * @return void + */ + public function theAdministratorHasEnabledTheFollowingPermissionsRoles(TableNode $table): void { + $defaultRoles = array_values(GraphHelper::DEFAULT_PERMISSIONS_ROLES); + foreach ($table->getRows() as $row) { + $roleId = GraphHelper::getPermissionsRoleIdByName($row[0]); + if (!\in_array($row[0], $defaultRoles)) { + $defaultRoles[] = $roleId; + } + } + $envs = [ + "GRAPH_AVAILABLE_ROLES" => implode(',', $defaultRoles) + ]; + $response = OcisConfigHelper::reConfigureOcis($envs); + Assert::assertEquals( + 200, + $response->getStatusCode(), + "Failed to enable role" + ); + $this->setEnabledPermissionsRoles($defaultRoles); + } + /** * @Given the administrator has disabled the permissions role :role * diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 04a57217c77..cca3853518d 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -359,6 +359,7 @@ default: - FeatureContext: *common_feature_context_params - SpacesContext: - SharingNgContext: + - OcisConfigContext: apiSharingNgLinkSharePermission: paths: diff --git a/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature b/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature index a16350bd6d3..4436d7c3cca 100644 --- a/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature +++ b/tests/acceptance/features/apiSharingNgShareInvitation/updateShareInvitations.feature @@ -1181,3 +1181,358 @@ Feature: Update permission of a share | Space Editor | Manager | | Manager | Space Viewer | | Manager | Space Editor | + + @env-config + Scenario Outline: update share role of file to an existing role after assigned share role is disabled (Personal Space) + Given the administrator has enabled the permissions role "Secure Viewer" + And user "Alice" has uploaded file with content "hello world" to "textfile.txt" + And user "Alice" has sent the following resource share invitation: + | resource | textfile.txt | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | Personal | + | resource | textfile.txt | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | new-permissions-role | + | File Editor | + | Viewer | + + @env-config + Scenario Outline: update share role of folder to an existing role after assigned share role is disabled (Personal Space) + Given the administrator has enabled the following permissions roles: + | Secure Viewer | + | Denied | + And user "Alice" has created folder "folderToShare" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | Personal | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And the administrator has disabled the permissions role "" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | Personal | + | resource | folderToShare | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | permissions-role | new-permissions-role | + | Secure Viewer | Uploader | + | Secure Viewer | Editor | + | Secure Viewer | Viewer | + | Secure Viewer | Denied | + | Denied | Uploader | + | Denied | Editor | + | Denied | Viewer | + | Denied | Secure Viewer | + + @env-config + Scenario Outline: update share role of file to an existing role after assigned share role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the permissions role "Secure Viewer" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has uploaded a file inside space "new-space" with content "some content" to "textfile.txt" + And user "Alice" has sent the following resource share invitation: + | resource | textfile.txt | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Secure Viewer | + And the administrator has disabled the permissions role "Secure Viewer" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | new-space | + | resource | textfile.txt | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | new-permissions-role | + | File Editor | + | Viewer | + + @env-config + Scenario Outline: update share role of folder to an existing role after assigned share role is disabled (Project Space) + Given using spaces DAV path + And the administrator has enabled the following permissions roles: + | Secure Viewer | + | Denied | + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has created a folder "folderToShare" in space "new-space" + And user "Alice" has sent the following resource share invitation: + | resource | folderToShare | + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And the administrator has disabled the permissions role "" + When user "Alice" updates the last resource share with the following properties using the Graph API: + | permissionsRole | | + | space | new-space | + | resource | folderToShare | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^%permissions_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | permissions-role | new-permissions-role | + | Secure Viewer | Uploader | + | Secure Viewer | Editor | + | Secure Viewer | Viewer | + | Secure Viewer | Denied | + | Denied | Uploader | + | Denied | Editor | + | Denied | Viewer | + | Denied | Secure Viewer | + + @env-config + Scenario Outline: update share role of project space to an existing role after assigned share role is disabled + Given using spaces DAV path + And the administrator has enabled the permissions role "Space Editor Without Versions" + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "new-space" with the default quota using the Graph API + And user "Alice" has sent the following space share invitation: + | space | new-space | + | sharee | Brian | + | shareType | user | + | permissionsRole | Space Editor Without Versions | + And the administrator has disabled the permissions role "Space Editor Without Versions" + When user "Alice" updates the last drive share with the following using root endpoint of the Graph API: + | permissionsRole | | + | space | new-space | + | shareType | user | + | sharee | Brian | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "grantedToV2", + "id", + "roles" + ], + "properties": { + "grantedToV2": { + "type": "object", + "required": ["user"], + "properties":{ + "user": { + "type": "object", + "required": [ + "displayName", + "id" + ], + "properties": { + "displayName": { + "const": "Brian Murphy" + }, + "id": { + "pattern": "^%user_id_pattern%$" + } + } + } + } + }, + "id": { + "pattern": "^u:%user_id_pattern%$" + }, + "roles": { + "type": "array", + "minItems": 1, + "maxItems": 1, + "items": { + "pattern": "^%role_id_pattern%$" + } + } + } + } + """ + Examples: + | new-permissions-role | + | Space Viewer | + | Space Editor | + | Manager |