enable again denyAccess tests

.drone.env

@@ -1,3 +1,3 @@
 # The version of OCIS to use in pipelines that test against OCIS
-OCIS_COMMITID=0fa52f26e9a9f81ffaab1c1922f16f3c43d75d2f
+OCIS_COMMITID=1d83da09d2c03c89a19ba138e8a6badd17725423
 OCIS_BRANCH=master

.drone.star

@@ -949,11 +949,10 @@ def ocisService(extra_env_config = {}, deploy_type = "ocis"):
         "PROXY_ENABLE_BASIC_AUTH": True,
         "WEB_ASSET_CORE_PATH": "%s/dist" % dir["web"],
         "FRONTEND_SEARCH_MIN_LENGTH": "2",
-        "FRONTEND_OCS_ENABLE_DENIALS": True,
         "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST": "%s/tests/drone/banned-passwords.txt" % dir["web"],
         "PROXY_CSP_CONFIG_FILE_LOCATION": "%s/tests/drone/csp.yaml" % dir["web"],
         # Needed for enabling all roles
-        "GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6",
+        "GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6,63e64e19-8d43-42ec-a738-2b6af2610efa",
     }
 
     if deploy_type == "federation":

docker-compose.yml

@@ -94,7 +94,7 @@ services:
       COLLABORA_DOMAIN: host.docker.internal:9980
       FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.collaboration.Collabora
       # Needed for enabling all roles
-      GRAPH_AVAILABLE_ROLES: b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6
+      GRAPH_AVAILABLE_ROLES: b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6,63e64e19-8d43-42ec-a738-2b6af2610efa
     labels:
       traefik.enable: true
       traefik.http.routers.ocis.tls: true

tests/e2e/cucumber/features/shares/denyShareAccess.feature

@@ -1,42 +1,43 @@
 Feature: deny share access
 
-  # FIXME: enable as soon as sharing NG supports it
-  # Scenario: deny and grant access
-  #   Given "Admin" creates following users using API
-  #     | id    |
-  #     | Alice |
-  #     | Brian |
-  #   When "Alice" logs in
-  #   And "Alice" creates the following folder in personal space using API
-  #     | name                            |
-  #     | folder_to_shared                |
-  #     | folder_to_shared/folder         |
-  #     | folder_to_shared/folder_to_deny |
-  #   And "Alice" opens the "files" app
-  #   And "Alice" shares the following resource using the quick action
-  #     | resource         | recipient | type | role     | resourceType |
-  #     | folder_to_shared | Brian     | user | Can view | folder       |
-  #   And "Alice" opens folder "folder_to_shared"
-  #   When "Alice" denies access to the following resources for user "Brian" using the sidebar panel
-  #     | resource       |
-  #     | folder_to_deny |
-  #   And "Brian" logs in
-  #   And "Brian" opens the "files" app
-  #   And "Brian" navigates to the shared with me page
-  #   And "Brian" opens folder "folder_to_shared"
-  #   Then following resources should not be displayed in the files list for user "Brian"
-  #     | resource       |
-  #     | folder_to_deny |
-  #   And "Alice" opens the "files" app
-  #   And "Alice" opens folder "folder_to_shared"
-  #   When "Alice" grants access to the following resources for user "Brian" using the sidebar panel
-  #     | resource       |
-  #     | folder_to_deny |
-  #   And "Brian" opens the "files" app
-  #   And "Brian" navigates to the shared with me page
-  #   And "Brian" opens folder "folder_to_shared"
-  #   Then following resources should be displayed in the files list for user "Brian"
-  #     | resource       |
-  #     | folder_to_deny |
-  #   And "Brian" logs out
-  #   And "Alice" logs out
+  Scenario: deny and grant access
+    Given "Admin" creates following users using API
+      | id    |
+      | Alice |
+      | Brian |
+    When "Alice" logs in
+    And "Alice" creates the following folder in personal space using API
+      | name                            |
+      | folder_to_shared                |
+      | folder_to_shared/folder         |
+      | folder_to_shared/folder_to_deny |
+    And "Alice" opens the "files" app
+    And "Alice" shares the following resource using the quick action
+      | resource         | recipient | type | role     | resourceType |
+      | folder_to_shared | Brian     | user | Can view | folder       |
+    And "Alice" opens folder "folder_to_shared"
+    # deny access
+    When "Alice" shares the following resource using the sidebar panel
+      | resource       | recipient | type | role          | resourceType |
+      | folder_to_deny | Brian     | user | Cannot access | folder       |
+    And "Brian" logs in
+    And "Brian" opens the "files" app
+    And "Brian" navigates to the shared with me page
+    And "Brian" opens folder "folder_to_shared"
+    Then following resources should not be displayed in the files list for user "Brian"
+      | resource       |
+      | folder_to_deny |
+    And "Alice" opens the "files" app
+    And "Alice" opens folder "folder_to_shared"
+    # allow access - deleting "Cannot access" share
+    When "Alice" removes following sharee
+      | resource       | recipient |
+      | folder_to_deny | Brian     |
+    And "Brian" opens the "files" app
+    And "Brian" navigates to the shared with me page
+    And "Brian" opens folder "folder_to_shared"
+    Then following resources should be displayed in the files list for user "Brian"
+      | resource       |
+      | folder_to_deny |
+    And "Brian" logs out
+    And "Alice" logs out

tests/e2e/cucumber/features/spaces/denySpaceAccess.feature

@@ -0,0 +1,46 @@
+Feature: deny space access
+
+  Scenario: deny and grant access
+    Given "Admin" creates following users using API
+      | id    |
+      | Alice |
+      | Brian |
+    And "Admin" assigns following roles to the users using API
+      | id    | role        |
+      | Alice | Space Admin |
+    And "Alice" logs in
+    And "Alice" creates the following project space using API
+      | name  | id    |
+      | sales | sales |
+    And "Alice" creates the following folder in space "sales" using API
+      | name |
+      | f1   |
+      | f2   |
+    And "Alice" adds the following members to the space "sales" using API
+      | user  | role     | shareType |
+      | Brian | Can edit | user      |
+
+    When "Alice" navigates to the project space "sales"
+    # deny access
+    When "Alice" shares the following resource using the sidebar panel
+      | resource | recipient | type | role          | resourceType |
+      | f1       | Brian     | user | Cannot access | folder       |
+    And "Brian" logs in
+    And "Brian" navigates to the project space "sales"
+    Then following resources should not be displayed in the files list for user "Brian"
+      | resource |
+      | f1       |
+    But following resources should be displayed in the files list for user "Brian"
+      | resource |
+      | f2       |
+    # allow access - deleting "Cannot access" share
+    When "Alice" removes following sharee
+      | resource | recipient |
+      | f1       | Brian     |
+    And "Brian" navigates to the project space "sales"
+    Then following resources should be displayed in the files list for user "Brian"
+      | resource |
+      | f1       |
+      | f2       |
+    And "Brian" logs out
+    And "Alice" logs out

tests/e2e/cucumber/steps/ui/shares.ts

@@ -237,35 +237,6 @@ Then(
   }
 )
 
-When(
-  /^"([^"]*)" (grants|denies) access to the following resources(?:s)? for (group|user) "([^"]*)" using the sidebar panel?$/,
-  async function (
-    this: World,
-    stepUser: string,
-    actionType: string,
-    collaboratorType: 'user' | 'group',
-    collaborator: string,
-    stepTable: DataTable
-  ): Promise<void> {
-    const { page } = this.actorsEnvironment.getActor({ key: stepUser })
-    const shareObject = new objects.applicationFiles.Share({ page })
-
-    for (const { resource } of stepTable.hashes()) {
-      await shareObject.setDenyShare({
-        resource,
-        deny: actionType === 'denies',
-        collaborator: {
-          collaborator:
-            collaboratorType === 'group'
-              ? this.usersEnvironment.getGroup({ key: collaborator })
-              : this.usersEnvironment.getUser({ key: collaborator }),
-          type: collaboratorType
-        } as ICollaborator
-      })
-    }
-  }
-)
-
 When(
   /^"([^"]*)" sets the expiration date of share "([^"]*)" of (group|user) "([^"]*)" to "([^"]*)"?$/,
   async function (

tests/e2e/support/api/share/share.ts

@@ -27,13 +27,15 @@ export const shareRoles: Readonly<{
   'Can edit': string
   'Can view': string
   'Secret File Drop': string
+  'Cannot access': string
 }> = {
   'Invited people': 'internal',
   'Can upload': 'contributor',
   'Can manage': 'manager',
   'Can edit': 'editor',
   'Can view': 'viewer',
-  'Secret File Drop': 'uploader'
+  'Secret File Drop': 'uploader',
+  'Cannot access': 'denied'
 } as const
 
 export const linkShareRoles: Readonly<{

tests/e2e/support/objects/app-files/share/actions.ts

@@ -203,19 +203,6 @@ export const checkSharee = async (args: ShareArgs): Promise<void> => {
   }
 }
 
-export interface setDenyShareArgs {
-  page: Page
-  resource: string
-  deny: boolean
-  collaborator: ICollaborator
-}
-
-export const setDenyShare = async (args: setDenyShareArgs): Promise<void> => {
-  const { page, resource, deny, collaborator } = args
-  await openSharingPanel(page, resource)
-  await Collaborator.setDenyShareForCollaborator({ page, deny, collaborator })
-}
-
 export const addExpirationDate = async (args: {
   page: Page
   resource: string

tests/e2e/support/objects/app-files/share/collaborator.ts

@@ -187,6 +187,7 @@ export default class Collaborator {
 
     await page
       .locator(util.format(Collaborator.collaboratorEditDropdownButton, collaboratorRow))
+      .first()
       .click()
     await page.locator(util.format(Collaborator.removeCollaboratorButton, collaboratorRow)).click()
 
@@ -304,38 +305,6 @@ export default class Collaborator {
       : util.format(Collaborator.collaboratorUserSelector, collaborator.displayName)
   }
 
-  static async setDenyShareForCollaborator(args: SetDenyShareForCollaboratorArgs): Promise<void> {
-    const {
-      page,
-      collaborator: { collaborator, type },
-      deny
-    } = args
-    const collaboratorRow = Collaborator.getCollaboratorUserOrGroupSelector(collaborator, type)
-    await page.locator(collaboratorRow).waitFor()
-
-    await page
-      .locator(util.format(Collaborator.collaboratorEditDropdownButton, collaboratorRow))
-      .click()
-
-    await Promise.all([
-      page.waitForResponse(
-        (resp) =>
-          resp.url().includes('shares') &&
-          resp.status() === 200 &&
-          resp.request().method() === (deny ? 'POST' : 'DELETE')
-      ),
-      page
-        .locator(
-          util.format(
-            Collaborator.denyShareCollaboratorButton,
-            collaboratorRow,
-            deny ? 'false' : 'true'
-          )
-        )
-        .click()
-    ])
-  }
-
   static async getAccessDetails(
     page: Page,
     recipient: Omit<ICollaborator, 'role'>

tests/e2e/support/objects/app-files/share/index.ts

@@ -59,12 +59,6 @@ export class Share {
     return await resourceIsSynced({ page: this.#page, resource })
   }
 
-  async setDenyShare(args: Omit<po.setDenyShareArgs, 'page'>): Promise<void> {
-    const startUrl = this.#page.url()
-    await po.setDenyShare({ ...args, page: this.#page })
-    await this.#page.goto(startUrl)
-  }
-
   async addExpirationDate({
     resource,
     collaborator,