diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2015-02-27 13:15:56 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2015-03-01 17:13:17 +0100 |
| commit | 4436a9ce35c2b6ddb5eda4900e9f95e05ee9a5a6 (patch) | |
| tree | c90ab3c022943bdf36b22592e45be106808294c7 /apps/files_sharing/tests/api.php | |
| parent | ff85d38c2a96ae5d03555e8289911fec73976a68 (diff) | |
| download | nextcloud-server-4436a9ce35c2b6ddb5eda4900e9f95e05ee9a5a6.tar.gz nextcloud-server-4436a9ce35c2b6ddb5eda4900e9f95e05ee9a5a6.zip | |
Shares should have a least read permission
* Throw 400 when a share is created or updated without read permissions
* Added unit tests
Diffstat (limited to 'apps/files_sharing/tests/api.php')
| -rw-r--r-- | apps/files_sharing/tests/api.php | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/apps/files_sharing/tests/api.php b/apps/files_sharing/tests/api.php index 278e7130199..9256f9bcc85 100644 --- a/apps/files_sharing/tests/api.php +++ b/apps/files_sharing/tests/api.php @@ -119,6 +119,32 @@ class Test_Files_Sharing_Api extends TestCase { \OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null); } + /** + * @medium + */ + public function testCreateShareInvalidPermissions() { + + // simulate a post request + $_POST['path'] = $this->filename; + $_POST['shareWith'] = \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2; + $_POST['shareType'] = \OCP\Share::SHARE_TYPE_USER; + $_POST['permissions'] = \OCP\Constants::PERMISSION_SHARE; + + $result = \OCA\Files_Sharing\API\Local::createShare([]); + + // share was successful? + $this->assertFalse($result->succeeded()); + $this->assertEquals(400, $result->getStatusCode()); + + $shares = \OCP\Share::getItemShared('file', null); + $this->assertCount(0, $shares); + + $fileinfo = $this->view->getFileInfo($this->filename); + \OCP\Share::unshare('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_USER, + \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2); + } + + function testEnfoceLinkPassword() { $appConfig = \OC::$server->getAppConfig(); @@ -885,6 +911,51 @@ class Test_Files_Sharing_Api extends TestCase { /** * @medium + * @depends testCreateShare + */ + public function testUpdateShareInvalidPermissions() { + + $fileInfo = $this->view->getFileInfo($this->filename); + + $result = \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, + \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2, \OCP\Constants::PERMISSION_ALL); + + // share was successful? + $this->assertTrue($result); + + $share = \OCP\Share::getItemShared('file', null); + $this->assertCount(1, $share); + $share = reset($share); + + // check if share have expected permissions, single shared files never have + // delete permissions + $this->assertEquals(\OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_DELETE, $share['permissions']); + + // update permissions + $params = []; + $params['id'] = $share['id']; + $params['_put'] = []; + $params['_put']['permissions'] = \OCP\Constants::PERMISSION_SHARE; + + $result = \OCA\Files_Sharing\API\Local::updateShare($params); + + //Updating should fail with 400 + $this->assertFalse($result->succeeded()); + $this->assertEquals(400, $result->getStatusCode()); + + $share = \OCP\Share::getItemShared('file', $share['file_source']); + $share = reset($share); + + //Permissions should not have changed! + $this->assertEquals(\OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_DELETE, $share['permissions']); + + \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, + \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2); + } + + + /** + * @medium */ function testUpdateShareUpload() { |