Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Stable10] api test sharing restrict sharing outside the group #31736

Merged
merged 1 commit into from
Jun 12, 2018
Merged

[Stable10] api test sharing restrict sharing outside the group #31736

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 49 additions & 14 deletions tests/acceptance/features/apiSharing-v1/disableSharing.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,7 @@ So that ownCloud users cannot share file or folder
And using old DAV path

Scenario: user tries to share a file with another user when the sharing api has been disabled
Given as user "admin"
And user "user0" has been created
Given user "user0" has been created
And user "user1" has been created
And as user "admin"
When parameter "shareapi_enabled" of app "core" has been set to "no"
Expand All @@ -19,8 +18,7 @@ So that ownCloud users cannot share file or folder
And the HTTP status code should be "200"

Scenario: user tries to share a folder with another user when the sharing api has been disabled
Given as user "admin"
And user "user0" has been created
Given user "user0" has been created
And user "user1" has been created
And as user "admin"
When parameter "shareapi_enabled" of app "core" has been set to "no"
Expand All @@ -29,41 +27,78 @@ So that ownCloud users cannot share file or folder
And the HTTP status code should be "200"

Scenario: user tries to share a file with group when the sharing api has been disabled
Given as user "admin"
And user "user0" has been created
Given user "user0" has been created
And user "user1" has been created
And group "sharinggroup" has been created
And user "user1" has been added to group "sharinggroup"
And as user "admin"
When parameter "shareapi_enabled" of app "core" has been set to "no"
Then user "user0" should not be able to share file "welcome.txt" with group "sharinggroup" using the API
And the OCS status code should be "404"
And the HTTP status code should be "200"

Scenario: user tries to share a folder with group when the sharing api has been disabled
Given as user "admin"
And user "user0" has been created
Given user "user0" has been created
And user "user1" has been created
And group "sharinggroup" has been created
And user "user1" has been added to group "sharinggroup"
And as user "admin"
When parameter "shareapi_enabled" of app "core" has been set to "no"
Then user "user0" should not be able to share folder "/FOLDER" with group "sharinggroup" using the API
And the OCS status code should be "404"
And the HTTP status code should be "200"

Scenario: user tries to create public share of a file when the sharing api has been disabled
Given user "user0" has been created
And as user "admin"
When parameter "shareapi_enabled" of app "core" has been set to "no"
Then user "user0" should not be able to create public share of file "welcome.txt" using the API
Then the OCS status code should be "404"
And the OCS status code should be "404"
And the HTTP status code should be "200"

Scenario: user tries to create public share of a folder when the sharing api has been disabled
Given user "user0" has been created
And as user "admin"
When parameter "shareapi_enabled" of app "core" has been set to "no"
Then user "user0" should not be able to create public share of folder "/FOLDER" using the API
Then the OCS status code should be "404"
And the OCS status code should be "404"
And the HTTP status code should be "200"

Scenario: user tries to share a file with user who is not in his group when sharing outside the group has been restricted
Given user "user0" has been created
And user "user1" has been created
And group "sharinggroup" has been created
And user "user0" has been added to group "sharinggroup"
When parameter "shareapi_only_share_with_group_members" of app "core" has been set to "yes"
Then user "user0" should not be able to share file "welcome.txt" with user "user1" using the API
And the OCS status code should be "403"
And the HTTP status code should be "200"

Scenario: user shares a file with user who is in his group when sharing outside the group has been restricted
Given user "user0" has been created
And user "user1" has been created
And group "sharinggroup" has been created
And user "user0" has been added to group "sharinggroup"
And user "user1" has been added to group "sharinggroup"
When parameter "shareapi_only_share_with_group_members" of app "core" has been set to "yes"
Then user "user0" should be able to share file "welcome.txt" with user "user1" using the API
And the OCS status code should be "100"
And the HTTP status code should be "200"

Scenario: user shares a file with the group he is not member of when sharing outside the group has been restricted
Given user "user0" has been created
And user "user1" has been created
And group "sharinggroup" has been created
And group "anothersharinggroup" has been created
And user "user0" has been added to group "sharinggroup"
And user "user1" has been added to group "anothersharinggroup"
When parameter "shareapi_only_share_with_group_members" of app "core" has been set to "yes"
Then user "user0" should be able to share file "welcome.txt" with group "anothersharinggroup" using the API
And the OCS status code should be "100"
And the HTTP status code should be "200"

Scenario: user shares a file with the group he is member of when sharing outside the group has been restricted
Given user "user0" has been created
And user "user1" has been created
And group "sharinggroup" has been created
And user "user0" has been added to group "sharinggroup"
When parameter "shareapi_only_share_with_group_members" of app "core" has been set to "yes"
Then user "user0" should be able to share file "welcome.txt" with group "sharinggroup" using the API
And the OCS status code should be "100"
And the HTTP status code should be "200"
41 changes: 37 additions & 4 deletions tests/acceptance/features/bootstrap/Sharing.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -865,16 +865,49 @@ public function userSharesFileWithGroupUsingTheAPI(
}

/**
* @Then /^user "([^"]*)" should not be able to share (?:file|folder|entry) "([^"]*)" with (?:user|group) "([^"]*)"(?: with permissions ([\d]*))? using the API$/
* @Then /^user "([^"]*)" should not be able to share (?:file|folder|entry) "([^"]*)" with (user|group) "([^"]*)"(?: with permissions ([\d]*))? using the API$/
*
* @param string $sharer
* @param string $filepath
* @param string $userOrGroup
* @param string $sharee
* @param int $permissions
*
* @return void
*/
public function userTriesToShareFileUsingTheApi($sharer, $filepath, $userOrGroup, $sharee, $permissions = null) {
$shareType = ($userOrGroup === "user" ? 0 : 1);
$time = \time();
if ($this->lastShareTime !== null && $time - $this->lastShareTime < 1) {
// prevent creating two shares with the same "stime" which is
// based on seconds, this affects share merging order and could
// affect expected test result order
\sleep(1);
}
$this->lastShareTime = $time;
$this->createShare(
$sharer, $filepath, $shareType, $sharee, null, null, $permissions
);
$statusCode = $this->getOCSResponseStatusCode($this->response);
PHPUnit_Framework_Assert::assertTrue(
($statusCode == 404) || ($statusCode == 403),
"Sharing should have failed but passed with status code " . $statusCode
);
}

/**
* @Then /^user "([^"]*)" should be able to share (?:file|folder|entry) "([^"]*)" with (user|group) "([^"]*)"(?: with permissions ([\d]*))? using the API$/
*
* @param string $sharer
* @param string $filepath
* @param string $userOrGroup
* @param string $sharee
* @param int $permissions
*
* @return void
*/
public function userTriesToShareFileWithUserUsingTheApi($sharer, $filepath, $sharee, $permissions = null) {
public function userShouldBeAbleToShareUsingTheApi($sharer, $filepath, $userOrGroup, $sharee, $permissions = null) {
$shareType = ($userOrGroup === "user" ? 0 : 1);
$time = \time();
if ($this->lastShareTime !== null && $time - $this->lastShareTime < 1) {
// prevent creating two shares with the same "stime" which is
Expand All @@ -884,10 +917,10 @@ public function userTriesToShareFileWithUserUsingTheApi($sharer, $filepath, $sha
}
$this->lastShareTime = $time;
$this->createShare(
$sharer, $filepath, 0, $sharee, null, null, $permissions
$sharer, $filepath, $shareType, $sharee, null, null, $permissions
);
PHPUnit_Framework_Assert::assertEquals(
404,
100,
$this->getOCSResponseStatusCode($this->response)
);
}
Expand Down