diff options
Diffstat (limited to 'build/integration/sharing_features')
5 files changed, 2850 insertions, 0 deletions
diff --git a/build/integration/sharing_features/sharing-activity.feature b/build/integration/sharing_features/sharing-activity.feature new file mode 100644 index 00000000000..016b376488b --- /dev/null +++ b/build/integration/sharing_features/sharing-activity.feature @@ -0,0 +1,46 @@ +# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +Feature: sharing + Background: + Given using api version "1" + Given using new dav path + Given invoking occ with "app:enable --force activity" + Given the command was successful + Given user "user0" exists + And Logging in using web as "user0" + And Sending a "POST" to "/apps/activity/settings" with requesttoken + | public_links_notification | 1 | + | public_links_upload_notification | 1 | + | notify_setting_batchtime | 0 | + | activity_digest | 0 | + + Scenario: Creating a new mail share and check activity + Given dummy mail server is listening + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 4 | + | shareWith | dumy@test.com | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share can be downloaded + Then last activity should be + | app | files_sharing | + | type | public_links | + | object_type | files | + | object_name | /welcome.txt | + + Scenario: Creating a new public share and check activity + Given user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 3 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last link share can be downloaded + Then last activity should be + | app | files_sharing | + | type | public_links | + | object_type | files | + | object_name | /welcome.txt | diff --git a/build/integration/sharing_features/sharing-v1-part2.feature b/build/integration/sharing_features/sharing-v1-part2.feature new file mode 100644 index 00000000000..a6e4c67165a --- /dev/null +++ b/build/integration/sharing_features/sharing-v1-part2.feature @@ -0,0 +1,1336 @@ +# SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +Feature: sharing + Background: + Given using api version "1" + Given using old dav path + +# See sharing-v1.feature + + Scenario: getting all shares of a file with reshares + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile0 (2).txt" of user "user1" is shared with user "user2" + And As an "user0" + When sending "GET" to "/apps/files_sharing/api/v1/shares?reshares=true&path=textfile0.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user1" should be included in the response + And User "user2" should be included in the response + And User "user3" should not be included in the response + + Scenario: getting all shares of a file with a received share after revoking the resharing rights + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "textfile0.txt" of user "user1" is shared with user "user0" + And user "user0" accepts last share + And Updating last share with + | permissions | 1 | + And file "textfile0.txt" of user "user1" is shared with user "user2" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?reshares=true&path=/textfile0 (2).txt" + Then the list of returned shares has 1 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user1 | + | displayname_owner | user1 | + | path | /textfile0 (2).txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | shared::/textfile0 (2).txt | + | file_target | /textfile0.txt | + | share_with | user2 | + | share_with_displayname | user2 | + + Scenario: getting all shares of a file with a received share also reshared after revoking the resharing rights + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "textfile0.txt" of user "user1" is shared with user "user0" + And user "user0" accepts last share + And save the last share data as "textfile0.txt from user1" + And file "textfile0 (2).txt" of user "user0" is shared with user "user3" + And restore the last share data from "textfile0.txt from user1" + And Updating last share with + | permissions | 1 | + And file "textfile0.txt" of user "user1" is shared with user "user2" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?reshares=true&path=/textfile0 (2).txt" + Then the list of returned shares has 2 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user0 | + | displayname_owner | user0 | + | uid_file_owner | user1 | + | displayname_file_owner | user1 | + | path | /textfile0 (2).txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | shared::/textfile0 (2).txt | + | file_target | /textfile0 (2).txt | + | share_with | user3 | + | share_with_displayname | user3 | + And share 1 is returned with + | share_type | 0 | + | uid_owner | user1 | + | displayname_owner | user1 | + | path | /textfile0 (2).txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | shared::/textfile0 (2).txt | + | file_target | /textfile0.txt | + | share_with | user2 | + | share_with_displayname | user2 | + + Scenario: Reshared files can be still accessed if a user in the middle removes it. + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile0 (2).txt" of user "user1" is shared with user "user2" + And user "user2" accepts last share + And file "textfile0 (2).txt" of user "user2" is shared with user "user3" + And user "user3" accepts last share + And As an "user1" + When User "user1" deletes file "/textfile0 (2).txt" + And As an "user3" + And Downloading file "/textfile0 (2).txt" with range "bytes=1-8" + Then Downloaded content should be "extcloud" + + Scenario: getting share info of a share + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And As an "user0" + When Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | file | + | item_source | A_NUMBER | + | share_type | 0 | + | share_with | user1 | + | file_source | A_NUMBER | + | file_target | /textfile0.txt | + | path | /textfile0.txt | + | permissions | 19 | + | stime | A_NUMBER | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | share_with_displayname | user1 | + | displayname_owner | user0 | + | mimetype | text/plain | + + Scenario: getting share info of a group share + Given user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And file "textfile0.txt" of user "user0" is shared with group "group1" + And As an "user0" + When Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | file | + | item_source | A_NUMBER | + | share_type | 1 | + | share_with | group1 | + | file_source | A_NUMBER | + | file_target | /textfile0.txt | + | path | /textfile0.txt | + | permissions | 19 | + | stime | A_NUMBER | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | share_with_displayname | group1 | + | displayname_owner | user0 | + | mimetype | text/plain | + And As an "user1" + And accepting last share + And Getting info of last share + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | file | + | item_source | A_NUMBER | + | share_type | 1 | + | share_with | group1 | + | file_source | A_NUMBER | + | file_target | /textfile0 (2).txt | + | path | /textfile0 (2).txt | + | permissions | 19 | + | stime | A_NUMBER | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | shared::/textfile0 (2).txt | + | file_parent | A_NUMBER | + | share_with_displayname | group1 | + | displayname_owner | user0 | + | mimetype | text/plain | + + Scenario: getting all shares including subfiles in a directory + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "PARENT/CHILD" of user "user0" is shared with user "user1" + And file "PARENT/parent.txt" of user "user0" is shared with user "user2" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT" + Then the list of returned shares has 2 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user0 | + | displayname_owner | user0 | + | path | /PARENT/CHILD | + | item_type | folder | + | mimetype | httpd/unix-directory | + | storage_id | home::user0 | + | file_target | /CHILD | + | share_with | user1 | + | share_with_displayname | user1 | + | permissions | 31 | + And share 1 is returned with + | share_type | 0 | + | uid_owner | user0 | + | displayname_owner | user0 | + | path | /PARENT/parent.txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | home::user0 | + | file_target | /parent.txt | + | share_with | user2 | + | share_with_displayname | user2 | + + Scenario: getting all shares including subfiles in a directory with received shares + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile0.txt" of user "user1" is shared with user "user0" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=/" + Then the list of returned shares has 1 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user0 | + | displayname_owner | user0 | + | path | /textfile0.txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | home::user0 | + | file_target | /textfile0 (2).txt | + | share_with | user1 | + | share_with_displayname | user1 | + + Scenario: getting all shares including subfiles in a directory with shares in subdirectories + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "PARENT/CHILD" of user "user0" is shared with user "user1" + And file "PARENT/CHILD/child.txt" of user "user0" is shared with user "user2" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT" + Then the list of returned shares has 1 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user0 | + | displayname_owner | user0 | + | path | /PARENT/CHILD | + | item_type | folder | + | mimetype | httpd/unix-directory | + | storage_id | home::user0 | + | file_target | /CHILD | + | share_with | user1 | + | share_with_displayname | user1 | + | permissions | 31 | + + Scenario: getting all shares including subfiles in a shared directory with reshares + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "PARENT" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "PARENT (2)/CHILD" of user "user1" is shared with user "user2" + And user "user2" accepts last share + And file "CHILD" of user "user2" is shared with user "user3" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT" + Then the list of returned shares has 2 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user1 | + | displayname_owner | user1 | + | uid_file_owner | user0 | + | displayname_file_owner | user0 | + | path | /PARENT/CHILD | + | item_type | folder | + | mimetype | httpd/unix-directory | + | storage_id | home::user0 | + | file_target | /CHILD | + | share_with | user2 | + | share_with_displayname | user2 | + | permissions | 31 | + And share 1 is returned with + | share_type | 0 | + | uid_owner | user2 | + | displayname_owner | user2 | + | uid_file_owner | user0 | + | displayname_file_owner | user0 | + | path | /PARENT/CHILD | + | item_type | folder | + | mimetype | httpd/unix-directory | + | storage_id | home::user0 | + | file_target | /CHILD | + | share_with | user3 | + | share_with_displayname | user3 | + | permissions | 31 | + + Scenario: getting all shares including subfiles in a directory by a resharer + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "PARENT" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "PARENT (2)/CHILD" of user "user1" is shared with user "user2" + And user "user2" accepts last share + And file "CHILD" of user "user2" is shared with user "user3" + When As an "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT (2)" + Then the list of returned shares has 2 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user1 | + | displayname_owner | user1 | + | uid_file_owner | user0 | + | displayname_file_owner | user0 | + | path | /PARENT (2)/CHILD | + | item_type | folder | + | mimetype | httpd/unix-directory | + | storage_id | shared::/PARENT (2) | + | file_target | /CHILD | + | share_with | user2 | + | share_with_displayname | user2 | + | permissions | 31 | + And share 1 is returned with + | share_type | 0 | + | uid_owner | user2 | + | displayname_owner | user2 | + | uid_file_owner | user0 | + | displayname_file_owner | user0 | + | path | /PARENT (2)/CHILD | + | item_type | folder | + | mimetype | httpd/unix-directory | + | storage_id | shared::/PARENT (2) | + | file_target | /CHILD | + | share_with | user3 | + | share_with_displayname | user3 | + | permissions | 31 | + + Scenario: getting all shares including subfiles in a directory by a resharer after revoking the resharing rights + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "PARENT" of user "user0" is shared with user "user1" + And save the last share data as "parent folder" + And user "user1" accepts last share + And file "PARENT (2)/CHILD" of user "user1" is shared with user "user2" + And user "user2" accepts last share + And file "CHILD" of user "user2" is shared with user "user3" + And As an "user0" + And restore the last share data from "parent folder" + And Updating last share with + | permissions | 1 | + When As an "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT (2)" + Then the list of returned shares has 1 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user1 | + | displayname_owner | user1 | + | uid_file_owner | user0 | + | displayname_file_owner | user0 | + | path | /PARENT (2)/CHILD | + | item_type | folder | + | mimetype | httpd/unix-directory | + | storage_id | shared::/PARENT (2) | + | file_target | /CHILD | + | share_with | user2 | + | share_with_displayname | user2 | + | permissions | 31 | + + Scenario: getting all shares including subfiles in a directory after moving a received share not reshareable also shared with another user + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "textfile0.txt" of user "user1" is shared with user "user0" + And user "user0" accepts last share + And Updating last share with + | permissions | 1 | + And file "textfile0.txt" of user "user1" is shared with user "user2" + And User "user0" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0.txt" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=/FOLDER" + Then the list of returned shares has 1 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user1 | + | displayname_owner | user1 | + | path | /FOLDER/textfile0.txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | shared::/FOLDER/textfile0.txt | + | file_target | /textfile0.txt | + | share_with | user2 | + | share_with_displayname | user2 | + + Scenario: getting all shares including subfiles in a directory after moving a share and a received share not reshareable also shared with another user + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile0.txt" of user "user1" is shared with user "user0" + And user "user0" accepts last share + And Updating last share with + | permissions | 1 | + And file "textfile0.txt" of user "user1" is shared with user "user2" + And User "user0" moved file "/textfile0.txt" to "/FOLDER/textfile0.txt" + And User "user0" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0 (2).txt" + When As an "user0" + And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=/FOLDER" + Then the list of returned shares has 2 shares + And share 0 is returned with + | share_type | 0 | + | uid_owner | user0 | + | displayname_owner | user0 | + | path | /FOLDER/textfile0.txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | home::user0 | + | file_target | /textfile0 (2).txt | + | share_with | user1 | + | share_with_displayname | user1 | + And share 1 is returned with + | share_type | 0 | + | uid_owner | user1 | + | displayname_owner | user1 | + | path | /FOLDER/textfile0 (2).txt | + | item_type | file | + | mimetype | text/plain | + | storage_id | shared::/FOLDER/textfile0 (2).txt | + | file_target | /textfile0.txt | + | share_with | user2 | + | share_with_displayname | user2 | + + Scenario: keep group permissions in sync + Given As an "admin" + Given user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And file "textfile0.txt" of user "user0" is shared with group "group1" + And user "user1" accepts last share + And User "user1" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0.txt" + And As an "user0" + When Updating last share with + | permissions | 1 | + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | file | + | item_source | A_NUMBER | + | share_type | 1 | + | file_source | A_NUMBER | + | file_target | /textfile0.txt | + | permissions | 1 | + | stime | A_NUMBER | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | displayname_owner | user0 | + | mimetype | text/plain | + And As an "user1" + And Getting info of last share + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | file | + | item_source | A_NUMBER | + | share_type | 1 | + | file_source | A_NUMBER | + | file_target | /FOLDER/textfile0.txt | + | permissions | 1 | + | stime | A_NUMBER | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | shared::/FOLDER/textfile0.txt | + | file_parent | A_NUMBER | + | displayname_owner | user0 | + | mimetype | text/plain | + + Scenario: Sharee can see the share + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is included in the answer + + Scenario: Sharee can see the filtered share + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And file "textfile1.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true&path=textfile1 (2).txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is included in the answer + + Scenario: Sharee can't see the share that is filtered out + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile1.txt" of user "user0" is shared with user "user1" + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true&path=textfile0 (2).txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is not included in the answer + + Scenario: Sharee can see the group share + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group0" exists + And user "user1" belongs to group "group0" + And file "textfile0.txt" of user "user0" is shared with group "group0" + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is included in the answer + + Scenario: Group shares are deleted when the group is deleted + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group0" exists + And user "user0" belongs to group "group0" + And file "textfile0.txt" of user "user1" is shared with group "group0" + And As an "user0" + When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is included in the answer + When group "group0" does not exist + Then sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + And the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is not included in the answer + When group "group0" exists + Then sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + And the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is not included in the answer + + Scenario: User is not allowed to reshare file + As an "admin" + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 8 | + And As an "user1" + And accepting last share + When creating a share with + | path | /textfile0 (2).txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 31 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: User is allowed to reshare file with more permissions if shares of same file to same user have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 1 | + | shareWith | group1 | + | permissions | 15 | + And As an "user1" + And accepting last share + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + And As an "user1" + And accepting last share + When creating a share with + | path | /textfile0 (2).txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 19 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: User is not allowed to reshare file with more permissions + As an "admin" + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 16 | + And As an "user1" + And accepting last share + When creating a share with + | path | /textfile0 (2).txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 31 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: User is not allowed to reshare file with more permissions even if shares of same file to other users have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user3 | + | permissions | 15 | + And As an "user3" + And accepting last share + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + And As an "user1" + And accepting last share + When creating a share with + | path | /textfile0 (2).txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 19 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: User is not allowed to reshare file with more permissions even if shares of other files from same user have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 15 | + And As an "user1" + And accepting last share + And As an "user0" + And creating a share with + | path | /textfile1.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + And As an "user1" + And accepting last share + When creating a share with + | path | /textfile1 (2).txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 19 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: User is not allowed to reshare file with more permissions even if shares of other files from other users have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And As an "user3" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 15 | + And As an "user1" + And accepting last share + And As an "user0" + And creating a share with + | path | /textfile1.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + And As an "user1" + And accepting last share + When creating a share with + | path | /textfile1 (2).txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 19 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: download restrictions can not be dropped + As an "admin" + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And User "user0" uploads file with content "foo" to "/tmp.txt" + And As an "user0" + And creating a share with + | path | /tmp.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + | attributes | [{"scope":"permissions","key":"download","value":false}] | + And As an "user1" + And accepting last share + When Getting info of last share + Then Share fields of last share match with + | uid_owner | user0 | + | uid_file_owner | user0 | + | permissions | 17 | + | attributes | [{"scope":"permissions","key":"download","value":false}] | + When creating a share with + | path | /tmp.txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 1 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + When As an "user2" + And accepting last share + And Getting info of last share + Then Share fields of last share match with + | share_type | 0 | + | permissions | 1 | + | uid_owner | user1 | + | uid_file_owner | user0 | + | attributes | [{"scope":"permissions","key":"download","value":false}] | + + Scenario: download restrictions can not be dropped when re-sharing even on link shares + As an "admin" + Given user "user0" exists + And user "user1" exists + And User "user0" uploads file with content "foo" to "/tmp.txt" + And As an "user0" + And creating a share with + | path | /tmp.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + | attributes | [{"scope":"permissions","key":"download","value":false}] | + And As an "user1" + And accepting last share + When Getting info of last share + Then Share fields of last share match with + | uid_owner | user0 | + | attributes | [{"scope":"permissions","key":"download","value":false}] | + When creating a share with + | path | /tmp.txt | + | shareType | 3 | + | permissions | 1 | + And Getting info of last share + And Updating last share with + | hideDownload | false | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + When Getting info of last share + Then Share fields of last share match with + | share_type | 3 | + | uid_owner | user1 | + | uid_file_owner | user0 | + | hide_download | 1 | + | attributes | [{"scope":"permissions","key":"download","value":false}] | + + Scenario: User is not allowed to reshare file with additional delete permissions + As an "admin" + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And As an "user0" + And creating a share with + | path | /PARENT | + | shareType | 0 | + | shareWith | user1 | + | permissions | 16 | + And As an "user1" + And accepting last share + When creating a share with + | path | /PARENT (2) | + | shareType | 0 | + | shareWith | user2 | + | permissions | 25 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: User is not allowed to reshare file with additional delete permissions for files + As an "admin" + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And As an "user0" + And creating a share with + | path | /textfile0.txt | + | shareType | 0 | + | shareWith | user1 | + | permissions | 16 | + And As an "user1" + And accepting last share + When creating a share with + | path | /textfile0 (2).txt | + | shareType | 0 | + | shareWith | user2 | + | permissions | 25 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + When Getting info of last share + Then Share fields of last share match with + | id | A_NUMBER | + | item_type | file | + | item_source | A_NUMBER | + | share_type | 0 | + | share_with | user2 | + | file_source | A_NUMBER | + | file_target | /textfile0 (2).txt | + | path | /textfile0 (2).txt | + | permissions | 17 | + | stime | A_NUMBER | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user1 | + | storage_id | shared::/textfile0 (2).txt | + | file_parent | A_NUMBER | + | share_with_displayname | user2 | + | displayname_owner | user1 | + | mimetype | text/plain | + + Scenario: Get a share with a user which didn't received the share + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And As an "user2" + When Getting info of last share + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Get a share with a user with resharing rights + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile0.txt" of user "user0" is shared with user "user2" + And As an "user1" + When Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | file | + | item_source | A_NUMBER | + | share_type | 0 | + | share_with | user2 | + | file_source | A_NUMBER | + | file_target | /textfile0.txt | + | path | /textfile0 (2).txt | + | permissions | 19 | + | stime | A_NUMBER | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | shared::/textfile0 (2).txt | + | file_parent | A_NUMBER | + | share_with_displayname | user2 | + | displayname_owner | user0 | + | mimetype | text/plain | + + Scenario: Share of folder and sub-folder to same user - core#20645 + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group0" exists + And user "user1" belongs to group "group0" + And file "/PARENT" of user "user0" is shared with user "user1" + And user "user1" accepts last share + When file "/PARENT/CHILD" of user "user0" is shared with group "group0" + And user "user1" accepts last share + Then user "user1" should see following elements + | /FOLDER/ | + | /PARENT/ | + | /PARENT/CHILD/ | + | /PARENT/parent.txt | + | /PARENT/CHILD/child.txt | + | /PARENT%20(2)/ | + | /PARENT%20(2)/CHILD/ | + | /PARENT%20(2)/parent.txt | + | /PARENT%20(2)/CHILD/child.txt | + | /CHILD/ | + | /CHILD/child.txt | + And the HTTP status code should be "200" + + Scenario: Share a file by multiple channels + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user2" exists + And group "group0" exists + And user "user1" belongs to group "group0" + And user "user2" belongs to group "group0" + And user "user0" created a folder "/common" + And user "user0" created a folder "/common/sub" + And file "common" of user "user0" is shared with group "group0" + And user "user1" accepts last share + And user "user2" accepts last share + And file "textfile0.txt" of user "user1" is shared with user "user2" + And user "user2" accepts last share + And User "user1" moved file "/textfile0.txt" to "/common/textfile0.txt" + And User "user1" moved file "/common/textfile0.txt" to "/common/sub/textfile0.txt" + And As an "user2" + When Downloading file "/common/sub/textfile0.txt" with range "bytes=10-18" + Then Downloaded content should be "test text" + And Downloaded content when downloading file "/textfile0.txt" with range "bytes=10-18" should be "test text" + And user "user2" should see following elements + | /common/sub/textfile0.txt | + + Scenario: Share a file by multiple channels + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user2" exists + And group "group0" exists + And user "user1" belongs to group "group0" + And user "user2" belongs to group "group0" + And user "user0" created a folder "/common" + And user "user0" created a folder "/common/sub" + And file "common" of user "user0" is shared with group "group0" + And user "user1" accepts last share + And user "user2" accepts last share + And file "textfile0.txt" of user "user1" is shared with user "user2" + And user "user2" accepts last share + And User "user1" moved file "/textfile0.txt" to "/common/textfile0.txt" + And User "user1" moved file "/common/textfile0.txt" to "/common/sub/textfile0.txt" + And As an "user2" + When Downloading file "/textfile0 (2).txt" with range "bytes=10-18" + Then Downloaded content should be "test text" + And user "user2" should see following elements + | /common/sub/textfile0.txt | + + Scenario: Delete all group shares + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And file "textfile0.txt" of user "user0" is shared with group "group1" + And user "user1" accepts last share + And User "user1" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0.txt" + And As an "user0" + And Deleting last share + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share_id is not included in the answer + + Scenario: delete a share + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And As an "user0" + When Deleting last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: delete a share with a user that didn't receive the share + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And As an "user2" + When Deleting last share + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: delete a share with a user with resharing rights that didn't receive the share + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile0.txt" of user "user0" is shared with user "user2" + And As an "user1" + When Deleting last share + Then the OCS status code should be "403" + And the HTTP status code should be "200" + + Scenario: Keep usergroup shares (#22143) + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user2" exists + And group "group" exists + And user "user1" belongs to group "group" + And user "user2" belongs to group "group" + And user "user0" created a folder "/TMP" + And file "TMP" of user "user0" is shared with group "group" + And user "user1" accepts last share + And user "user2" accepts last share + And user "user1" created a folder "/myFOLDER" + And User "user1" moves file "/TMP" to "/myFOLDER/myTMP" + And user "user2" does not exist + And user "user1" should see following elements + | /myFOLDER/myTMP/ | + + Scenario: Check quota of owners parent directory of a shared file + Given using old dav path + And As an "admin" + And user "user0" exists + And user "user1" exists + And user "user1" has a quota of "0" + And User "user0" moved file "/welcome.txt" to "/myfile.txt" + And file "myfile.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + When User "user1" uploads file "data/textfile.txt" to "/myfile.txt" + Then the HTTP status code should be "204" + + Scenario: Don't allow sharing of the root + Given user "user0" exists + And As an "user0" + When creating a share with + | path | / | + | shareType | 3 | + Then the OCS status code should be "403" + + Scenario: Allow modification of reshare + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user0" created a folder "/TMP" + And file "TMP" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "TMP" of user "user1" is shared with user "user2" + And As an "user1" + When Updating last share with + | permissions | 1 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: Allow reshare to exceed permissions if shares of same file to same user have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 1 | + | shareWith | group1 | + | permissions | 15 | + And As an "user1" + And accepting last share + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + And As an "user1" + And accepting last share + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user2 | + | permissions | 17 | + When Updating last share with + | permissions | 31 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: Do not allow reshare to exceed permissions + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 21 | + And As an "user1" + And accepting last share + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user2 | + | permissions | 21 | + When Updating last share with + | permissions | 31 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Do not allow reshare to exceed permissions even if shares of same file to other users have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user3 | + | permissions | 15 | + And As an "user3" + And accepting last share + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 21 | + And As an "user1" + And accepting last share + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user2 | + | permissions | 21 | + When Updating last share with + | permissions | 31 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Do not allow reshare to exceed permissions even if shares of other files from same user have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And As an "user0" + And creating a share with + | path | /FOLDER | + | shareType | 0 | + | shareWith | user1 | + | permissions | 15 | + And As an "user1" + And accepting last share + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 21 | + And As an "user1" + And accepting last share + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user2 | + | permissions | 21 | + When Updating last share with + | permissions | 31 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Do not allow reshare to exceed permissions even if shares of other files from other users have them + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And As an "user3" + And creating a share with + | path | /FOLDER | + | shareType | 0 | + | shareWith | user1 | + | permissions | 15 | + And As an "user1" + And accepting last share + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 21 | + And As an "user1" + And accepting last share + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user2 | + | permissions | 21 | + When Updating last share with + | permissions | 31 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Do not allow sub reshare to exceed permissions + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user0" created a folder "/TMP" + And user "user0" created a folder "/TMP/SUB" + And As an "user0" + And creating a share with + | path | /TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 21 | + And As an "user1" + And accepting last share + And creating a share with + | path | /TMP/SUB | + | shareType | 0 | + | shareWith | user2 | + | permissions | 21 | + When Updating last share with + | permissions | 31 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Only allow 1 link share per file/folder + Given user "user0" exists + And As an "user0" + And creating a share with + | path | welcome.txt | + | shareType | 3 | + When save last share id + And creating a share with + | path | welcome.txt | + | shareType | 3 | + Then share ids should match + + Scenario: Correct webdav share-permissions for owned file + Given user "user0" exists + And User "user0" uploads file with content "foo" to "/tmp.txt" + When as "user0" gets properties of folder "/tmp.txt" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "19" + + Scenario: Cannot download a file when it's shared view-only without shareapi_allow_view_without_download + Given As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "no" + Given user "user0" exists + And user "user1" exists + And User "user0" moves file "/textfile0.txt" to "/document.odt" + And file "document.odt" of user "user0" is shared with user "user1" view-only + And user "user1" accepts last share + When As an "user1" + And Downloading file "/document.odt" + Then the HTTP status code should be "403" + Then As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "yes" + Then As an "user1" + And Downloading file "/document.odt" + Then the HTTP status code should be "200" + + Scenario: Cannot download a file when its parent is shared view-only without shareapi_allow_view_without_download + Given As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "no" + Given user "user0" exists + And user "user1" exists + And User "user0" created a folder "/sharedviewonly" + And User "user0" moves file "/textfile0.txt" to "/sharedviewonly/document.odt" + And folder "sharedviewonly" of user "user0" is shared with user "user1" view-only + And user "user1" accepts last share + When As an "user1" + And Downloading file "/sharedviewonly/document.odt" + Then the HTTP status code should be "403" + Then As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "yes" + Then As an "user1" + And Downloading file "/sharedviewonly/document.odt" + Then the HTTP status code should be "200" + + Scenario: Cannot copy a file when it's shared view-only even with shareapi_allow_view_without_download enabled + Given As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "no" + Given user "user0" exists + And user "user1" exists + And User "user0" moves file "/textfile0.txt" to "/document.odt" + And file "document.odt" of user "user0" is shared with user "user1" view-only + And user "user1" accepts last share + When User "user1" copies file "/document.odt" to "/copyforbidden.odt" + Then the HTTP status code should be "403" + Then As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "yes" + Then As an "user1" + And User "user1" copies file "/document.odt" to "/copyforbidden.odt" + Then the HTTP status code should be "403" + + Scenario: Cannot copy a file when its parent is shared view-only + Given As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "no" + Given user "user0" exists + And user "user1" exists + And User "user0" created a folder "/sharedviewonly" + And User "user0" moves file "/textfile0.txt" to "/sharedviewonly/document.odt" + And folder "sharedviewonly" of user "user0" is shared with user "user1" view-only + And user "user1" accepts last share + When User "user1" copies file "/sharedviewonly/document.odt" to "/copyforbidden.odt" + Then the HTTP status code should be "403" + Then As an "admin" + And parameter "shareapi_allow_view_without_download" of app "core" is set to "yes" + Then As an "user1" + And User "user1" copies file "/sharedviewonly/document.odt" to "/copyforbidden.odt" + Then the HTTP status code should be "403" + +# See sharing-v1-part3.feature diff --git a/build/integration/sharing_features/sharing-v1-part3.feature b/build/integration/sharing_features/sharing-v1-part3.feature new file mode 100644 index 00000000000..3c2945e3ad4 --- /dev/null +++ b/build/integration/sharing_features/sharing-v1-part3.feature @@ -0,0 +1,612 @@ +# SPDX-FileCopyrightText: 20198 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +Feature: sharing + Background: + Given using api version "1" + Given using new dav path + +# See sharing-v1-part2.feature + + Scenario: Correct webdav share-permissions for received file with edit and reshare permissions + Given user "user0" exists + And user "user1" exists + And User "user0" uploads file with content "foo" to "/tmp.txt" + And file "/tmp.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + When as "user1" gets properties of folder "/tmp.txt" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "19" + + Scenario: Correct webdav share-permissions for received file with edit permissions but no reshare permissions + Given user "user0" exists + And user "user1" exists + And User "user0" uploads file with content "foo" to "/tmp.txt" + And file "tmp.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user0" + And Updating last share with + | permissions | 3 | + When as "user1" gets properties of folder "/tmp.txt" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "3" + + Scenario: Correct webdav share-permissions for received file with reshare permissions but no edit permissions + Given user "user0" exists + And user "user1" exists + And User "user0" uploads file with content "foo" to "/tmp.txt" + And file "tmp.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user0" + And Updating last share with + | permissions | 17 | + When as "user1" gets properties of folder "/tmp.txt" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "17" + + Scenario: Correct webdav share-permissions for owned folder + Given user "user0" exists + And user "user0" created a folder "/tmp" + When as "user0" gets properties of folder "/" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "31" + + Scenario: Correct webdav share-permissions for received folder with all permissions + Given user "user0" exists + And user "user1" exists + And user "user0" created a folder "/tmp" + And file "/tmp" of user "user0" is shared with user "user1" + And user "user1" accepts last share + When as "user1" gets properties of folder "/tmp" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "31" + + Scenario: Correct webdav share-permissions for received folder with all permissions but edit + Given user "user0" exists + And user "user1" exists + And user "user0" created a folder "/tmp" + And file "/tmp" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user0" + And Updating last share with + | permissions | 29 | + When as "user1" gets properties of folder "/tmp" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "29" + + Scenario: Correct webdav share-permissions for received folder with all permissions but create + Given user "user0" exists + And user "user1" exists + And user "user0" created a folder "/tmp" + And file "/tmp" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user0" + And Updating last share with + | permissions | 27 | + When as "user1" gets properties of folder "/tmp" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "27" + + Scenario: Correct webdav share-permissions for received folder with all permissions but delete + Given user "user0" exists + And user "user1" exists + And user "user0" created a folder "/tmp" + And file "/tmp" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user0" + And Updating last share with + | permissions | 23 | + When as "user1" gets properties of folder "/tmp" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "23" + + Scenario: Correct webdav share-permissions for received folder with all permissions but share + Given user "user0" exists + And user "user1" exists + And user "user0" created a folder "/tmp" + And file "/tmp" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user0" + And Updating last share with + | permissions | 15 | + When as "user1" gets properties of folder "/tmp" with + |{http://open-collaboration-services.org/ns}share-permissions | + Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "15" + + Scenario: unique target names for incoming shares + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user0" created a folder "/foo" + And user "user1" created a folder "/foo" + When file "/foo" of user "user0" is shared with user "user2" + And user "user2" accepts last share + And file "/foo" of user "user1" is shared with user "user2" + And user "user2" accepts last share + Then user "user2" should see following elements + | /foo/ | + | /foo%20(2)/ | + + Scenario: Creating a new share with a disabled user + Given As an "admin" + And user "user0" exists + And user "user1" exists + And assure user "user0" is disabled + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + Then the OCS status code should be "997" + And the HTTP status code should be "401" + + Scenario: Deleting a group share as its owner + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user0" belongs to group "group1" + And user "user1" belongs to group "group1" + And As an "user0" + And creating a share with + | path | welcome.txt | + | shareType | 1 | + | shareWith | group1 | + When As an "user0" + And Deleting last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + And the OCS status code should be "404" + And the HTTP status code should be "200" + And As an "user1" + And Getting info of last share + And the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Deleting a group share as user + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And As an "user0" + And creating a share with + | path | welcome.txt | + | shareType | 1 | + | shareWith | group1 | + When As an "user1" + And Deleting last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: Merging shares for recipient when shared from outside with group and member + Given using old dav path + And As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And user "user0" created a folder "/merge-test-outside" + When folder "/merge-test-outside" of user "user0" is shared with group "group1" + And user "user1" accepts last share + And folder "/merge-test-outside" of user "user0" is shared with user "user1" + And user "user1" accepts last share + Then as "user1" the folder "/merge-test-outside" exists + And as "user1" the folder "/merge-test-outside (2)" does not exist + + Scenario: Merging shares for recipient when shared from outside with group and member with different permissions + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And user "user0" created a folder "/merge-test-outside-perms" + When folder "/merge-test-outside-perms" of user "user0" is shared with group "group1" with permissions 1 + And user "user1" accepts last share + And folder "/merge-test-outside-perms" of user "user0" is shared with user "user1" with permissions 31 + And user "user1" accepts last share + Then as "user1" gets properties of folder "/merge-test-outside-perms" with + |{http://owncloud.org/ns}permissions| + And the single response should contain a property "{http://owncloud.org/ns}permissions" with value "SRGDNVCK" + And as "user1" the folder "/merge-test-outside-perms (2)" does not exist + + Scenario: Merging shares for recipient when shared from outside with two groups + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And group "group2" exists + And user "user1" belongs to group "group1" + And user "user1" belongs to group "group2" + And user "user0" created a folder "/merge-test-outside-twogroups" + When folder "/merge-test-outside-twogroups" of user "user0" is shared with group "group1" + And user "user1" accepts last share + And folder "/merge-test-outside-twogroups" of user "user0" is shared with group "group2" + And user "user1" accepts last share + Then as "user1" the folder "/merge-test-outside-twogroups" exists + And as "user1" the folder "/merge-test-outside-twogroups (2)" does not exist + + Scenario: Merging shares for recipient when shared from outside with two groups with different permissions + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And group "group2" exists + And user "user1" belongs to group "group1" + And user "user1" belongs to group "group2" + And user "user0" created a folder "/merge-test-outside-twogroups-perms" + When folder "/merge-test-outside-twogroups-perms" of user "user0" is shared with group "group1" with permissions 1 + And user "user1" accepts last share + And folder "/merge-test-outside-twogroups-perms" of user "user0" is shared with group "group2" with permissions 31 + And user "user1" accepts last share + Then as "user1" gets properties of folder "/merge-test-outside-twogroups-perms" with + |{http://owncloud.org/ns}permissions| + And the single response should contain a property "{http://owncloud.org/ns}permissions" with value "SRGDNVCK" + And as "user1" the folder "/merge-test-outside-twogroups-perms (2)" does not exist + + Scenario: Merging shares for recipient when shared from outside with two groups and member + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And group "group2" exists + And user "user1" belongs to group "group1" + And user "user1" belongs to group "group2" + And user "user0" created a folder "/merge-test-outside-twogroups-member-perms" + When folder "/merge-test-outside-twogroups-member-perms" of user "user0" is shared with group "group1" with permissions 1 + And user "user1" accepts last share + And folder "/merge-test-outside-twogroups-member-perms" of user "user0" is shared with group "group2" with permissions 31 + And user "user1" accepts last share + And folder "/merge-test-outside-twogroups-member-perms" of user "user0" is shared with user "user1" with permissions 1 + And user "user1" accepts last share + Then as "user1" gets properties of folder "/merge-test-outside-twogroups-member-perms" with + |{http://owncloud.org/ns}permissions| + And the single response should contain a property "{http://owncloud.org/ns}permissions" with value "SRGDNVCK" + And as "user1" the folder "/merge-test-outside-twogroups-member-perms (2)" does not exist + + Scenario: Merging shares for recipient when shared from inside with group + Given As an "admin" + And user "user0" exists + And group "group1" exists + And user "user0" belongs to group "group1" + And user "user0" created a folder "/merge-test-inside-group" + When folder "/merge-test-inside-group" of user "user0" is shared with group "group1" + Then as "user0" the folder "/merge-test-inside-group" exists + And as "user0" the folder "/merge-test-inside-group (2)" does not exist + + Scenario: Merging shares for recipient when shared from inside with two groups + Given As an "admin" + And user "user0" exists + And group "group1" exists + And group "group2" exists + And user "user0" belongs to group "group1" + And user "user0" belongs to group "group2" + And user "user0" created a folder "/merge-test-inside-twogroups" + When folder "/merge-test-inside-twogroups" of user "user0" is shared with group "group1" + And folder "/merge-test-inside-twogroups" of user "user0" is shared with group "group2" + Then as "user0" the folder "/merge-test-inside-twogroups" exists + And as "user0" the folder "/merge-test-inside-twogroups (2)" does not exist + And as "user0" the folder "/merge-test-inside-twogroups (3)" does not exist + + Scenario: Merging shares for recipient when shared from inside with group with less permissions + Given As an "admin" + And user "user0" exists + And group "group1" exists + And group "group2" exists + And user "user0" belongs to group "group1" + And user "user0" belongs to group "group2" + And user "user0" created a folder "/merge-test-inside-twogroups-perms" + When folder "/merge-test-inside-twogroups-perms" of user "user0" is shared with group "group1" + And folder "/merge-test-inside-twogroups-perms" of user "user0" is shared with group "group2" + Then as "user0" gets properties of folder "/merge-test-inside-twogroups-perms" with + |{http://owncloud.org/ns}permissions| + And the single response should contain a property "{http://owncloud.org/ns}permissions" with value "RGDNVCK" + And as "user0" the folder "/merge-test-inside-twogroups-perms (2)" does not exist + And as "user0" the folder "/merge-test-inside-twogroups-perms (3)" does not exist + + Scenario: Merging shares for recipient when shared from outside with group then user and recipient renames in between + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And user "user0" created a folder "/merge-test-outside-groups-renamebeforesecondshare" + When folder "/merge-test-outside-groups-renamebeforesecondshare" of user "user0" is shared with group "group1" + And user "user1" accepts last share + And User "user1" moved folder "/merge-test-outside-groups-renamebeforesecondshare" to "/merge-test-outside-groups-renamebeforesecondshare-renamed" + And Sleep for "1" seconds + And folder "/merge-test-outside-groups-renamebeforesecondshare" of user "user0" is shared with user "user1" + And user "user1" accepts last share + Then as "user1" gets properties of folder "/merge-test-outside-groups-renamebeforesecondshare-renamed" with + |{http://owncloud.org/ns}permissions| + And the single response should contain a property "{http://owncloud.org/ns}permissions" with value "SRGDNVCK" + And as "user1" the folder "/merge-test-outside-groups-renamebeforesecondshare" does not exist + + Scenario: Merging shares for recipient when shared from outside with user then group and recipient renames in between + Given using old dav path + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And user "user0" created a folder "/merge-test-outside-groups-renamebeforesecondshare" + When folder "/merge-test-outside-groups-renamebeforesecondshare" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And User "user1" moved folder "/merge-test-outside-groups-renamebeforesecondshare" to "/merge-test-outside-groups-renamebeforesecondshare-renamed" + And Sleep for "1" seconds + And folder "/merge-test-outside-groups-renamebeforesecondshare" of user "user0" is shared with group "group1" + And user "user1" accepts last share + Then as "user1" gets properties of folder "/merge-test-outside-groups-renamebeforesecondshare-renamed" with + |{http://owncloud.org/ns}permissions| + And the single response should contain a property "{http://owncloud.org/ns}permissions" with value "SRGDNVCK" + And as "user1" the folder "/merge-test-outside-groups-renamebeforesecondshare" does not exist + + Scenario: Empting trashbin + Given As an "admin" + And user "user0" exists + And User "user0" deletes file "/textfile0.txt" + When User "user0" empties trashbin + Then the HTTP status code should be "204" + + Scenario: orphaned shares + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/common" + And user "user0" created a folder "/common/sub" + And file "/common/sub" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And User "user0" deletes folder "/common" + When User "user0" empties trashbin + Then as "user1" the folder "/sub" does not exist + + Scenario: sharing again an own file while belonging to a group + Given As an "admin" + Given user "user0" exists + And group "sharing-group" exists + And user "user0" belongs to group "sharing-group" + And file "welcome.txt" of user "user0" is shared with group "sharing-group" + And Deleting last share + When creating a share with + | path | welcome.txt | + | shareWith | sharing-group | + | shareType | 1 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: unshare from self + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "sharing-group" exists + And user "user0" belongs to group "sharing-group" + And user "user1" belongs to group "sharing-group" + And file "/PARENT/parent.txt" of user "user0" is shared with group "sharing-group" + And user "user1" accepts last share + And user "user0" stores etag of element "/PARENT" + And user "user1" stores etag of element "/" + And As an "user1" + When Deleting last share + Then etag of element "/" of user "user1" has changed + And etag of element "/PARENT" of user "user0" has not changed + + Scenario: do not allow to increase permissions on received share + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + When As an "user1" + And Updating last share with + | permissions | 19 | + Then the OCS status code should be "403" + And the HTTP status code should be "200" + + Scenario: do not allow to increase permissions on non received share with user with resharing rights + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 31 | + And user "user1" accepts last share + And creating a share with + | path | TMP | + | shareType | 0 | + | shareWith | user2 | + | permissions | 17 | + When As an "user1" + And Updating last share with + | permissions | 19 | + Then the OCS status code should be "403" + And the HTTP status code should be "200" + + Scenario: do not allow to increase link share permissions on reshare + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/TMP" + And As an "user0" + And creating a share with + | path | TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + When As an "user1" + And accepting last share + And creating a share with + | path | TMP | + | shareType | 3 | + And Updating last share with + | publicUpload | true | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: do not allow to increase link share permissions on sub reshare + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/TMP" + And user "user0" created a folder "/TMP/SUB" + And As an "user0" + And creating a share with + | path | TMP | + | shareType | 0 | + | shareWith | user1 | + | permissions | 17 | + When As an "user1" + And accepting last share + And creating a share with + | path | TMP/SUB | + | shareType | 3 | + And Updating last share with + | publicUpload | true | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: deleting file out of a share as recipient creates a backup for the owner + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/shared" + And User "user0" moved file "/textfile0.txt" to "/shared/shared_file.txt" + And folder "/shared" of user "user0" is shared with user "user1" + And user "user1" accepts last share + When User "user1" deletes file "/shared/shared_file.txt" + Then as "user1" the file "/shared/shared_file.txt" does not exist + And as "user0" the file "/shared/shared_file.txt" does not exist + And as "user0" the file "/shared_file.txt" exists in trash + And as "user1" the file "/shared_file.txt" exists in trash + + Scenario: deleting folder out of a share as recipient creates a backup for the owner + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/shared" + And user "user0" created a folder "/shared/sub" + And User "user0" moved file "/textfile0.txt" to "/shared/sub/shared_file.txt" + And folder "/shared" of user "user0" is shared with user "user1" + And user "user1" accepts last share + When User "user1" deletes folder "/shared/sub" + Then as "user1" the folder "/shared/sub" does not exist + And as "user0" the folder "/shared/sub" does not exist + And as "user0" the folder "/sub" exists in trash + And as "user0" the file "/sub/shared_file.txt" exists in trash + And as "user1" the folder "/sub" exists in trash + And as "user1" the file "/sub/shared_file.txt" exists in trash + + Scenario: moving a file into a share as recipient + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/shared" + And folder "/shared" of user "user0" is shared with user "user1" + And user "user1" accepts last share + When User "user1" moved file "/textfile0.txt" to "/shared/shared_file.txt" + Then as "user1" the file "/shared/shared_file.txt" exists + And as "user0" the file "/shared/shared_file.txt" exists + + Scenario: receiving shares into a configured share_folder + Given As an "admin" + And invoking occ with "config:system:set share_folder --value received_shares" + And user "user0" exists + And user "user1" exists + And user "user0" created a folder "/shared_folder" + And User "user0" moved file "/textfile0.txt" to "/shared_file.txt" + When folder "/shared_folder" of user "user0" is shared with user "user1" + And user "user1" accepts last share + Then as "user1" the file "/received_shares/shared_folder" exists + When file "/shared_file.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + Then as "user1" the file "/received_shares/shared_file.txt" exists + + Scenario: Owner of subshares is adjusted after moving into received share + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user0" created a folder "/shared" + And folder "/shared" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And user "user1" created a folder "/movein" + And user "user1" created a folder "/movein/subshare" + When As an "user1" + And folder "/movein" of user "user1" is shared with user "user2" + And save last share id + Then Getting info of last share + And Share fields of last share match with + | uid_file_owner | user1 | + | share_with | user2 | + When User "user1" moved file "/movein" to "/shared/movein" + Then As an "user0" + And Getting info of last share + And Share fields of last share match with + | uid_file_owner | user0 | + | share_with | user2 | + + Scenario: Owner of subshares is adjusted after moving out of received share + Given As an "admin" + And user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user0" created a folder "/shared" + And user "user0" created a folder "/shared/moveout" + And user "user0" created a folder "/shared/moveout/subshare" + And folder "/shared" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And As an "user1" + And folder "/shared/moveout/subshare" of user "user1" is shared with user "user2" + And save last share id + When As an "user1" + Then Getting info of last share + And Share fields of last share match with + | uid_file_owner | user0 | + | share_with | user2 | + When User "user1" moved file "/shared/moveout" to "/moveout" + Then Getting info of last share + And Share fields of last share match with + | uid_file_owner | user1 | + | share_with | user2 | + + Scenario: Link shares inside of group shares keep their original data when the root share is updated + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "group1" exists + And user "user1" belongs to group "group1" + And As an "user0" + And user "user0" created a folder "/share" + And folder "/share" of user "user0" is shared with group "group1" + And user "user1" accepts last share + And user "user0" created a folder "/share/subfolder" + And As an "user1" + And save the last share data as "original" + And as "user1" creating a share with + | path | /share/subfolder | + | shareType | 3 | + | permissions | 31 | + And save the last share data as "link" + And As an "user0" + And restore the last share data from "original" + When Updating last share with + | permissions | 23 | + | expireDate | +3 days | + And restore the last share data from "link" + And Getting info of last share + And Share fields of last share match with + | id | A_NUMBER | + | item_source | A_NUMBER | + | share_type | 3 | + | permissions | 23 | + | file_target | /subfolder | + | expireDate | | diff --git a/build/integration/sharing_features/sharing-v1-part4.feature b/build/integration/sharing_features/sharing-v1-part4.feature new file mode 100644 index 00000000000..d138f0a1769 --- /dev/null +++ b/build/integration/sharing_features/sharing-v1-part4.feature @@ -0,0 +1,184 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +Feature: sharing + Background: + Given using api version "1" + Given using new dav path + +# See sharing-v1-part3.feature + +Scenario: Creating a new share of a file shows size and mtime + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "7" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | item_size | A_NUMBER | + | item_mtime | A_NUMBER | + +Scenario: Creating a new share of a file you own shows the file permissions + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "7" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | item_permissions | 27 | + +Scenario: Receiving a share of a file gives no create permission + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "31" + And file "welcome.txt" of user "user0" is shared with user "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /welcome.txt | + | permissions | 19 | + | item_permissions | 27 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /welcome (2).txt | + | permissions | 19 | + | item_permissions | 27 | + +Scenario: Receiving a share of a folder gives create permission + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "31" + And file "PARENT/CHILD" of user "user0" is shared with user "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /PARENT/CHILD | + | permissions | 31 | + | item_permissions | 31 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /CHILD | + | permissions | 31 | + | item_permissions | 31 | + +# User can remove itself from a share +Scenario: Receiving a share of a file without delete permission gives delete permission anyway + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "23" + And file "welcome.txt" of user "user0" is shared with user "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /welcome.txt | + | permissions | 19 | + | item_permissions | 27 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /welcome (2).txt | + | permissions | 19 | + | item_permissions | 27 | + +Scenario: Receiving a share of a file without delete permission gives delete permission anyway + Given user "user0" exists + And user "user1" exists + And As an "user0" + And group "group1" exists + And user "user1" belongs to group "group1" + And parameter "shareapi_default_permissions" of app "core" is set to "23" + And file "welcome.txt" of user "user0" is shared with group "group1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /welcome.txt | + | permissions | 19 | + | item_permissions | 27 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /welcome (2).txt | + | permissions | 19 | + | item_permissions | 27 | + +# This is a regression test as in the past creating a file drop required creating with permissions=5 +# and then afterwards update the share to permissions=4 +Scenario: Directly create link share with CREATE only permissions (file drop) + Given user "user0" exists + And As an "user0" + And user "user0" created a folder "/TMP" + When creating a share with + | path | TMP | + | shareType | 3 | + | permissions | 4 | + And Getting info of last share + Then Share fields of last share match with + | uid_file_owner | user0 | + | share_type | 3 | + | permissions | 4 | + +Scenario: Directly create email share with CREATE only permissions (file drop) + Given user "user0" exists + And As an "user0" + And user "user0" created a folder "/TMP" + When creating a share with + | path | TMP | + | shareType | 4 | + | shareWith | j.doe@example.com | + | permissions | 4 | + And Getting info of last share + Then Share fields of last share match with + | uid_file_owner | user0 | + | share_type | 4 | + | permissions | 4 | + +# This ensures the legacy behavior of sharing v1 is kept +Scenario: publicUpload overrides permissions + Given user "user0" exists + And As an "user0" + And parameter "outgoing_server2server_share_enabled" of app "files_sharing" is set to "no" + And user "user0" created a folder "/TMP" + When creating a share with + | path | TMP | + | shareType | 3 | + | permissions | 4 | + | publicUpload | true | + And Getting info of last share + Then Share fields of last share match with + | uid_file_owner | user0 | + | share_type | 3 | + | permissions | 15 | + When creating a share with + | path | TMP | + | shareType | 3 | + | permissions | 4 | + | publicUpload | false | + And Getting info of last share + Then Share fields of last share match with + | uid_file_owner | user0 | + | share_type | 3 | + | permissions | 1 | diff --git a/build/integration/sharing_features/sharing-v1.feature b/build/integration/sharing_features/sharing-v1.feature new file mode 100644 index 00000000000..25f168db2e7 --- /dev/null +++ b/build/integration/sharing_features/sharing-v1.feature @@ -0,0 +1,672 @@ +# SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +Feature: sharing + Background: + Given using api version "1" + Given using old dav path + + Scenario: Creating a new share with user + Given user "user0" exists + And user "user1" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And The following headers should be set + | Content-Security-Policy | default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' | + + Scenario: Creating a share with a group + Given user "user0" exists + And user "user1" exists + And group "sharing-group" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareWith | sharing-group | + | shareType | 1 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: Creating a new share with user who already received a share through their group + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "sharing-group" exists + And user "user1" belongs to group "sharing-group" + And file "welcome.txt" of user "user0" is shared with group "sharing-group" + And user "user1" accepts last share + And As an "user0" + Then creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: Creating a new room share when Talk is not enabled + Given As an "admin" + And app "spreed" is not enabled + And user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareWith | a-room-token | + | shareType | 10 | + Then the OCS status code should be "403" + And the HTTP status code should be "200" + + Scenario: Creating a new mail share + Given dummy mail server is listening + And user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 4 | + | shareWith | dumy@test.com | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share can be downloaded + + Scenario: Creating a new mail share with password + Given dummy mail server is listening + And user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 4 | + | shareWith | dumy@test.com | + | password | publicpw | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share with password "publicpw" can be downloaded + + Scenario: Creating a new mail share with password when password protection is enforced + Given dummy mail server is listening + And As an "admin" + And parameter "shareapi_enforce_links_password" of app "core" is set to "yes" + And user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 4 | + | shareWith | dumy@test.com | + | password | publicpw | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share with password "publicpw" can be downloaded + + Scenario: Creating a new mail share and setting a password + Given dummy mail server is listening + And user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 4 | + | shareWith | dumy@test.com | + And Updating last share with + | password | publicpw | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share with password "publicpw" can be downloaded + + Scenario: Creating a new mail share and setting a password twice + Given dummy mail server is listening + And user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 4 | + | shareWith | dumy@test.com | + And Updating last share with + | password | publicpw | + And Updating last share with + | password | another publicpw | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share with password "another publicpw" can be downloaded + + Scenario: Creating a new mail share and setting the same password twice + Given dummy mail server is listening + And user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 4 | + | shareWith | dumy@test.com | + And Updating last share with + | password | publicpw | + And Updating last share with + | password | publicpw | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share with password "publicpw" can be downloaded + + Scenario: Creating a new public share + Given user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 3 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last link share can be downloaded + + Scenario: Creating a new public share with password + Given user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 3 | + | password | publicpw | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share with password "publicpw" can be downloaded + + Scenario: Creating a new public share of a folder + Given user "user0" exists + And As an "user0" + When creating a share with + | path | FOLDER | + | shareType | 3 | + | password | publicpw | + | expireDate | +3 days | + | publicUpload | true | + | permissions | 7 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | permissions | 31 | + | expiration | +3 days | + | url | AN_URL | + | token | A_TOKEN | + | mimetype | httpd/unix-directory | + + Scenario: Creating a new public share with password and adding an expiration date + Given user "user0" exists + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareType | 3 | + | password | publicpw | + And Updating last share with + | expireDate | +3 days | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And last share with password "publicpw" can be downloaded + + Scenario: Creating a new public share, updating its expiration date and getting its info + Given user "user0" exists + And As an "user0" + When creating a share with + | path | FOLDER | + | shareType | 3 | + And Updating last share with + | expireDate | +3 days | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | folder | + | item_source | A_NUMBER | + | share_type | 3 | + | file_source | A_NUMBER | + | file_target | /FOLDER | + | permissions | 17 | + | stime | A_NUMBER | + | expiration | +3 days | + | token | A_TOKEN | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | displayname_owner | user0 | + | url | AN_URL | + | mimetype | httpd/unix-directory | + + Scenario: Creating a new share with expiration date empty, when default expiration is set + Given user "user0" exists + And user "user1" exists + And parameter "shareapi_default_internal_expire_date" of app "core" is set to "yes" + And parameter "shareapi_internal_expire_after_n_days" of app "core" is set to "3" + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + | expireDate | | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration || + + Scenario: Creating a new share with expiration date removed, when default expiration is set + Given user "user0" exists + And user "user1" exists + And parameter "shareapi_default_internal_expire_date" of app "core" is set to "yes" + And parameter "shareapi_internal_expire_after_n_days" of app "core" is set to "3" + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +3 days | + + Scenario: Creating a new share with expiration date null, when default expiration is set + Given user "user0" exists + And user "user1" exists + And parameter "shareapi_default_internal_expire_date" of app "core" is set to "yes" + And parameter "shareapi_internal_expire_after_n_days" of app "core" is set to "3" + And As an "user0" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + | expireDate | null | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +3 days | + + Scenario: Creating a new public share, updating its password and getting its info + Given user "user0" exists + And As an "user0" + When creating a share with + | path | FOLDER | + | shareType | 3 | + And Updating last share with + | password | publicpw | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | folder | + | item_source | A_NUMBER | + | share_type | 3 | + | file_source | A_NUMBER | + | file_target | /FOLDER | + | permissions | 17 | + | stime | A_NUMBER | + | token | A_TOKEN | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | displayname_owner | user0 | + | url | AN_URL | + | mimetype | httpd/unix-directory | + + Scenario: Creating a new public share, updating its permissions and getting its info + Given user "user0" exists + And As an "user0" + When creating a share with + | path | FOLDER | + | shareType | 3 | + And Updating last share with + | permissions | 7 | + | publicUpload | true | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | folder | + | item_source | A_NUMBER | + | share_type | 3 | + | file_source | A_NUMBER | + | file_target | /FOLDER | + | permissions | 31 | + | stime | A_NUMBER | + | token | A_TOKEN | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | displayname_owner | user0 | + | url | AN_URL | + | mimetype | httpd/unix-directory | + + Scenario: Creating a new public share, updating its permissions for "hide file list" + Given user "user0" exists + And As an "user0" + When creating a share with + | path | FOLDER | + | shareType | 3 | + And Updating last share with + | permissions | 4 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | folder | + | item_source | A_NUMBER | + | share_type | 3 | + | file_source | A_NUMBER | + | file_target | /FOLDER | + | permissions | 4 | + | stime | A_NUMBER | + | token | A_TOKEN | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | displayname_owner | user0 | + | url | AN_URL | + | mimetype | httpd/unix-directory | + + Scenario: Creating a new public share, updating publicUpload option and getting its info + Given user "user0" exists + And As an "user0" + When creating a share with + | path | FOLDER | + | shareType | 3 | + And Updating last share with + | publicUpload | true | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | id | A_NUMBER | + | item_type | folder | + | item_source | A_NUMBER | + | share_type | 3 | + | file_source | A_NUMBER | + | file_target | /FOLDER | + | permissions | 31 | + | stime | A_NUMBER | + | token | A_TOKEN | + | storage | A_NUMBER | + | mail_send | 0 | + | uid_owner | user0 | + | storage_id | home::user0 | + | file_parent | A_NUMBER | + | displayname_owner | user0 | + | url | AN_URL | + | mimetype | httpd/unix-directory | + + Scenario: Creating a new share of a file with default permissions + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "7" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | permissions | 3 | + + Scenario: Creating a new share of a folder with default permissions + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "7" + When creating a share with + | path | FOLDER | + | shareWith | user1 | + | shareType | 0 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | permissions | 7 | + + Scenario: Creating a new internal share with default expiration date + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_internal_expire_date" of app "core" is set to "yes" + And parameter "shareapi_internal_expire_after_n_days" of app "core" is set to "3" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +3 days | + + Scenario: Creating a new internal share with relaxed default expiration date + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_internal_expire_date" of app "core" is set to "yes" + And parameter "shareapi_internal_expire_after_n_days" of app "core" is set to "3" + And parameter "internal_defaultExpDays" of app "core" is set to "1" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +1 days | + + Scenario: Creating a new internal share with relaxed default expiration date too large + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_internal_expire_date" of app "core" is set to "yes" + And parameter "shareapi_internal_expire_after_n_days" of app "core" is set to "3" + And parameter "internal_defaultExpDays" of app "core" is set to "10" + When creating a share with + | path | welcome.txt | + | shareWith | user1 | + | shareType | 0 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +3 days | + + Scenario: Creating a new link share with default expiration date + Given user "user0" exists + And As an "user0" + And parameter "shareapi_default_expire_date" of app "core" is set to "yes" + And parameter "shareapi_expire_after_n_days" of app "core" is set to "3" + When creating a share with + | path | welcome.txt | + | shareType | 3 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +3 days | + + Scenario: Creating a new link share with relaxed default expiration date + Given user "user0" exists + And As an "user0" + And parameter "shareapi_default_expire_date" of app "core" is set to "yes" + And parameter "shareapi_expire_after_n_days" of app "core" is set to "3" + And parameter "link_defaultExpDays" of app "core" is set to "1" + When creating a share with + | path | welcome.txt | + | shareType | 3 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +1 days | + + Scenario: Creating a new link share with relaxed default expiration date too large + Given user "user0" exists + And As an "user0" + And parameter "shareapi_default_expire_date" of app "core" is set to "yes" + And parameter "shareapi_expire_after_n_days" of app "core" is set to "3" + And parameter "link_defaultExpDays" of app "core" is set to "10" + When creating a share with + | path | welcome.txt | + | shareType | 3 | + And the OCS status code should be "100" + And the HTTP status code should be "200" + And Getting info of last share + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And Share fields of last share match with + | expiration | +3 days | + + Scenario: getting all shares of a user using that user + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And As an "user0" + When sending "GET" to "/apps/files_sharing/api/v1/shares" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And File "textfile0.txt" should be included in the response + + Scenario: getting all shares of a user using another user + Given user "user0" exists + And user "user1" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And As an "admin" + When sending "GET" to "/apps/files_sharing/api/v1/shares" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And File "textfile0.txt" should not be included in the response + + Scenario: getting all shares of a file + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And file "textfile0.txt" of user "user0" is shared with user "user2" + And As an "user0" + When sending "GET" to "/apps/files_sharing/api/v1/shares?path=textfile0.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user1" should be included in the response + And User "user2" should be included in the response + And User "user3" should not be included in the response + + Scenario: getting all shares of a file with a user with resharing rights but not yourself + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + And file "textfile0.txt" of user "user0" is shared with user "user1" + And user "user1" accepts last share + And file "textfile0.txt" of user "user0" is shared with user "user2" + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares?path=textfile0 (2).txt&reshares=true" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user1" should not be included in the response + And User "user2" should be included in the response + And User "user3" should not be included in the response + + Scenario: getting inherited shares of a file + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + # will be shared with user1 + And User "user0" created a folder "/first" + # will be shared with user1, user2 + And User "user0" created a folder "/first/second" + # will be shared with user1, user3 + And User "user0" uploads file "data/textfile.txt" to "/first/test1.txt" + # will be shared with user1, user2, user3 + And User "user0" uploads file "data/textfile.txt" to "/first/second/test2.txt" + And As an "user0" + And creating a share with + | path | /first | + | shareType | 0 | + | shareWith | user1 | + | permissions | 16 | + And As an "user1" + And accepting last share + And folder "first/second" of user "user0" is shared with user "user2" + And file "first/test1.txt" of user "user0" is shared with user "user3" + And file "first/second/test2.txt" of user "user0" is shared with user "user3" + # get inherited shares from the owner PoV + And As an "user0" + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/second/test2.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should be included in the response + And User "user2" should be included in the response + And User "user3" should not be included in the response + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/test1.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should be included in the response + And User "user2" should not be included in the response + And User "user3" should not be included in the response + # get inherited shares from the a user with no shares rights + And As an "user2" + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/test1.txt" + Then the OCS status code should be "404" + And the HTTP status code should be "200" + # get inherited shares from the PoV of a user with resharing rights (user1) + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/second/test2.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should not be included in the response + And User "user2" should be included in the response + And User "user3" should not be included in the response + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/test1.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should not be included in the response + And User "user2" should not be included in the response + And User "user3" should not be included in the response + +# See sharing-v1-part2.feature |