-
Notifications
You must be signed in to change notification settings - Fork 164
/
changingPublicLinkShare.feature
199 lines (168 loc) · 9.95 KB
/
changingPublicLinkShare.feature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
@issue-1276 @issue-1277 @issue-1269
Feature: changing a public link share
As a user
I want to set the permissions of a public link share
So that people who have the public link only have the designated authorization
Background:
Given these users have been created with default attributes and without skeleton files:
| username |
| Alice |
And user "Alice" has created folder "PARENT"
And user "Alice" has uploaded file "filesForUpload/textfile.txt" to "PARENT/parent.txt"
Scenario Outline: public can or cannot delete file through publicly shared link depending on having delete permissions using the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | <permissions> |
| password | %public% |
When the public deletes file "parent.txt" from the last public link share using the password "%public%" and new public WebDAV API
Then the HTTP status code should be "<http-status-code>"
And as "Alice" file "PARENT/parent.txt" <should-or-not> exist
Examples:
| permissions | http-status-code | should-or-not |
| read | 403 | should |
| read,create | 403 | should |
| create | 403 | should |
| read,update,create,delete | 204 | should not |
Scenario: public link share permissions work correctly for renaming and share permissions read,update,create,delete using the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create,delete |
| password | %public% |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "%public%" and the new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/parent.txt" should not exist
And as "Alice" file "/PARENT/newparent.txt" should exist
Scenario: public link share permissions work correctly for upload with share permissions read,update,create,delete with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | read,update,create,delete |
| password | %public% |
When the public uploads file "lorem.txt" with password "%public%" and content "test" using the new public WebDAV API
Then the HTTP status code should be "201"
And the content of file "PARENT/lorem.txt" for user "Alice" should be "test"
Scenario: public cannot delete file through publicly shared link with password using an invalid password with public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | %public% |
When the public deletes file "parent.txt" from the last public link share using the password "invalid" and new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "PARENT/parent.txt" should exist
Scenario: public can delete file through publicly shared link with password using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | %public% |
When the public deletes file "parent.txt" from the last public link share using the password "%public%" and new public WebDAV API
Then the HTTP status code should be "204"
And as "Alice" file "PARENT/parent.txt" should not exist
Scenario: public tries to rename a file in a password protected share using an invalid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | %public% |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "invalid" and the new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "/PARENT/newparent.txt" should not exist
And as "Alice" file "/PARENT/parent.txt" should exist
Scenario: public tries to rename a file in a password protected share using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | %public% |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "%public%" and the new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/newparent.txt" should exist
And as "Alice" file "/PARENT/parent.txt" should not exist
Scenario: public tries to upload to a password protected public share using an invalid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | %public% |
When the public uploads file "lorem.txt" with password "invalid" and content "test" using the new public WebDAV API
Then the HTTP status code should be "401"
And as "Alice" file "/PARENT/lorem.txt" should not exist
Scenario: public tries to upload to a password protected public share using the valid password with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | %public% |
When the public uploads file "lorem.txt" with password "%public%" and content "test" using the new public WebDAV API
Then the HTTP status code should be "201"
And as "Alice" file "/PARENT/lorem.txt" should exist
Scenario: public cannot rename a file in upload-write-only public link share with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | uploadwriteonly |
| password | %public% |
When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "%public%" and the new public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "/PARENT/parent.txt" should exist
And as "Alice" file "/PARENT/newparent.txt" should not exist
Scenario: public cannot delete a file in upload-write-only public link share with the public WebDAV API
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | uploadwriteonly |
| password | %public% |
When the public deletes file "parent.txt" from the last public link share using the password "%public%" and new public WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file "PARENT/parent.txt" should exist
Scenario Outline: normal user tries to remove password of a public link share (change/create permission)
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | <permissions> |
| password | %public% |
When user "Alice" updates the last public link share using the sharing API with
| path | /PARENT |
| permissions | <permissions> |
| password | |
Then the HTTP status code should be "200"
And the OCS status code should be "400"
And the OCS status message should be "missing required password"
Examples:
| permissions |
| change |
| create |
@issue-7821
Scenario: normal user tries to remove password of a public link (update without sending permissions)
Given user "Alice" has created a public link share with settings
| path | /PARENT |
| permissions | change |
| password | %public% |
When user "Alice" updates the last public link share using the sharing API with
| path | /PARENT |
| password | |
Then the HTTP status code should be "200"
And the OCS status code should be "400"
And the OCS status message should be "missing required password"
Scenario: administrator removes password of a read-only public link
Given admin has created folder "/PARENT"
And user "admin" has uploaded file "filesForUpload/textfile.txt" to "PARENT/parent.txt"
And user "admin" has created a public link share with settings
| path | /PARENT |
| permissions | read |
| password | %public% |
When user "admin" updates the last public link share using the sharing API with
| path | /PARENT |
| permissions | read |
| password | |
Then the HTTP status code should be "200"
And the OCS status code should be "100"
And the public should be able to download file "/parent.txt" from inside the last public link shared folder using the new public WebDAV API with password ""
Scenario Outline: administrator tries to remove password of a public link share (change/create permission)
Given admin has created folder "/PARENT"
And user "admin" has created a public link share with settings
| path | /PARENT |
| permissions | <permissions> |
| password | %public% |
When user "admin" updates the last public link share using the sharing API with
| path | /PARENT |
| permissions | <permissions> |
| password | |
Then the HTTP status code should be "200"
And the OCS status code should be "400"
And the OCS status message should be "missing required password"
Examples:
| permissions |
| change |
| create |