upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-14 01:21:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 32

Merge pull request #59599 from nextcloud/test/noid/add-proof-for-adding-self-to-other-group

Browse source 
test: Add integration test to confirm a user can not add themselves t…
This commit is contained in:
Joas Schilling 2026-04-13 15:14:13 +02:00 committed by GitHub
commit e9cd2fc830
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 19 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
build/integration/features/provisioning-v1.feature
View file

@ -487,11 +487,26 @@ Feature: provisioning
Given As an "admin"
And user "brand-new-user" exists
And group "new-group" exists
And group "other-group" exists
When sending "POST" to "/cloud/users/brand-new-user/subadmins" with
| groupid | new-group |
Then the OCS status code should be "100"
And the HTTP status code should be "200"
# Ensure self promotion is not possible
Given As an "brand-new-user"
When sending "POST" to "/cloud/users/brand-new-user/groups" with
| groupid | admin |
Then the OCS status code should be "104"
And the HTTP status code should be "200"
# Ensure self adding to other groups is not possible
Given As an "brand-new-user"
When sending "POST" to "/cloud/users/brand-new-user/groups" with
| groupid | other-group |
Then the OCS status code should be "104"
And the HTTP status code should be "200"
Scenario: get users using a subadmin
Given As an "admin"
And user "brand-new-user" exists
@ -793,7 +808,7 @@ Feature: provisioning
Then the HTTP status code should be "200"
And user "subadmin" is disabled
Scenario: Admin user cannot disable himself
Scenario: Admin user cannot disable themself
Given As an "admin"
And user "another-admin" exists
And user "another-admin" belongs to group "admin"
@ -804,7 +819,7 @@ Feature: provisioning
And As an "admin"
And user "another-admin" is enabled
Scenario:Admin user cannot enable himself
Scenario: Admin user cannot enable themself
Given As an "admin"
And user "another-admin" exists
And user "another-admin" belongs to group "admin"
@ -837,7 +852,7 @@ Feature: provisioning
And As an "admin"
And user "user2" is disabled
Scenario: Subadmin should not be able to disable himself
Scenario: Subadmin should not be able to disable themself
Given As an "admin"
And user "subadmin" exists
And group "new-group" exists
@ -850,7 +865,7 @@ Feature: provisioning
And As an "admin"
And user "subadmin" is enabled
Scenario: Subadmin should not be able to enable himself
Scenario: Subadmin should not be able to enable themself
Given As an "admin"
And user "subadmin" exists
And group "new-group" exists