mirror of
https://github.com/nextcloud/server.git
synced 2026-05-25 02:34:12 -04:00
Add int test for view-only download
Asserts that downloading a view-only document returns 403. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
This commit is contained in:
Vincent Petry
backportbot-nextcloud[bot]
parent
e9b6b6c421
commit
04fac4f540
2 changed files with 40 additions and 7 deletions
|
|
@ -275,7 +275,8 @@ trait Sharing {
|
|||
$shareWith = null,
|
||||
$publicUpload = null,
|
||||
$password = null,
|
||||
$permissions = null) {
|
||||
$permissions = null,
|
||||
$viewOnly = false) {
|
||||
$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares";
|
||||
$client = new Client();
|
||||
$options = [
|
||||
|
|
@ -309,6 +310,10 @@ trait Sharing {
|
|||
$body['permissions'] = $permissions;
|
||||
}
|
||||
|
||||
if ($viewOnly === true) {
|
||||
$body['attributes'] = json_encode([['scope' => 'permissions', 'key' => 'download', 'enabled' => false]]);
|
||||
}
|
||||
|
||||
$options['form_params'] = $body;
|
||||
|
||||
try {
|
||||
|
|
@ -402,13 +407,17 @@ trait Sharing {
|
|||
}
|
||||
|
||||
/**
|
||||
* @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with user "([^"]*)"( with permissions ([\d]*))?$/
|
||||
* @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with user "([^"]*)"( with permissions ([\d]*))?( view-only)?$/
|
||||
*
|
||||
* @param string $filepath
|
||||
* @param string $user1
|
||||
* @param string $user2
|
||||
*/
|
||||
public function assureFileIsShared($entry, $filepath, $user1, $user2, $withPerms = null, $permissions = null) {
|
||||
public function assureFileIsShared($entry, $filepath, $user1, $user2, $withPerms = null, $permissions = null, $viewOnly = null) {
|
||||
// when view-only is set, permissions is empty string instead of null...
|
||||
if ($permissions === '') {
|
||||
$permissions = null;
|
||||
}
|
||||
$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares" . "?path=$filepath";
|
||||
$client = new Client();
|
||||
$options = [];
|
||||
|
|
@ -424,20 +433,24 @@ trait Sharing {
|
|||
if ($this->isUserOrGroupInSharedData($user2, $permissions)) {
|
||||
return;
|
||||
} else {
|
||||
$this->createShare($user1, $filepath, 0, $user2, null, null, $permissions);
|
||||
$this->createShare($user1, $filepath, 0, $user2, null, null, $permissions, $viewOnly !== null);
|
||||
}
|
||||
$this->response = $client->get($fullUrl, $options);
|
||||
Assert::assertEquals(true, $this->isUserOrGroupInSharedData($user2, $permissions));
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))?$/
|
||||
* @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))( view-only)?$/
|
||||
*
|
||||
* @param string $filepath
|
||||
* @param string $user
|
||||
* @param string $group
|
||||
*/
|
||||
public function assureFileIsSharedWithGroup($entry, $filepath, $user, $group, $withPerms = null, $permissions = null) {
|
||||
public function assureFileIsSharedWithGroup($entry, $filepath, $user, $group, $withPerms = null, $permissions = null, $viewOnly = null) {
|
||||
// when view-only is set, permissions is empty string instead of null...
|
||||
if ($permissions === '') {
|
||||
$permissions = null;
|
||||
}
|
||||
$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares" . "?path=$filepath";
|
||||
$client = new Client();
|
||||
$options = [];
|
||||
|
|
@ -453,7 +466,7 @@ trait Sharing {
|
|||
if ($this->isUserOrGroupInSharedData($group, $permissions)) {
|
||||
return;
|
||||
} else {
|
||||
$this->createShare($user, $filepath, 1, $group, null, null, $permissions);
|
||||
$this->createShare($user, $filepath, 1, $group, null, null, $permissions, $viewOnly !== null);
|
||||
}
|
||||
$this->response = $client->get($fullUrl, $options);
|
||||
Assert::assertEquals(true, $this->isUserOrGroupInSharedData($group, $permissions));
|
||||
|
|
|
|||
|
|
@ -1167,4 +1167,24 @@ Feature: sharing
|
|||
|{http://open-collaboration-services.org/ns}share-permissions |
|
||||
Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "19"
|
||||
|
||||
Scenario: Cannot download a file when it's shared view-only
|
||||
Given user "user0" exists
|
||||
And user "user1" exists
|
||||
And User "user0" moves file "/textfile0.txt" to "/document.odt"
|
||||
And file "document.odt" of user "user0" is shared with user "user1" view-only
|
||||
And user "user1" accepts last share
|
||||
When As an "user1"
|
||||
And Downloading file "/document.odt"
|
||||
Then the HTTP status code should be "403"
|
||||
|
||||
Scenario: Cannot download a file when its parent is shared view-only
|
||||
Given user "user0" exists
|
||||
And user "user1" exists
|
||||
And User "user0" created a folder "/sharedviewonly"
|
||||
And User "user0" moves file "/textfile0.txt" to "/sharedviewonly/document.odt"
|
||||
And folder "sharedviewonly" of user "user0" is shared with user "user1" view-only
|
||||
And user "user1" accepts last share
|
||||
When As an "user1"
|
||||
And Downloading file "/sharedviewonly/document.odt"
|
||||
Then the HTTP status code should be "403"
|
||||
# See sharing-v1-part3.feature
|
||||
|
|
|
|||
Loading…
Reference in a new issue