From b96b75522ad5ba1446121679cb160bc4b9a25e25 Mon Sep 17 00:00:00 2001 From: Viktor Scharf Date: Mon, 25 Nov 2024 12:18:26 +0100 Subject: [PATCH] enable again denyAccess tests --- .drone.env | 2 +- .drone.star | 3 +- docker-compose.yml | 2 +- .../features/shares/denyShareAccess.feature | 81 ++++++++++--------- .../features/spaces/denySpaceAccess.feature | 46 +++++++++++ tests/e2e/cucumber/steps/ui/shares.ts | 29 ------- tests/e2e/support/api/share/share.ts | 4 +- .../objects/app-files/share/actions.ts | 13 --- .../objects/app-files/share/collaborator.ts | 33 +------- .../support/objects/app-files/share/index.ts | 6 -- 10 files changed, 94 insertions(+), 125 deletions(-) create mode 100644 tests/e2e/cucumber/features/spaces/denySpaceAccess.feature diff --git a/.drone.env b/.drone.env index c37e546931f..349b1213cb8 100644 --- a/.drone.env +++ b/.drone.env @@ -1,3 +1,3 @@ # The version of OCIS to use in pipelines that test against OCIS -OCIS_COMMITID=0fa52f26e9a9f81ffaab1c1922f16f3c43d75d2f +OCIS_COMMITID=1d83da09d2c03c89a19ba138e8a6badd17725423 OCIS_BRANCH=master diff --git a/.drone.star b/.drone.star index 0a0911c0d46..cb7a5e2d5ab 100644 --- a/.drone.star +++ b/.drone.star @@ -949,11 +949,10 @@ def ocisService(extra_env_config = {}, deploy_type = "ocis"): "PROXY_ENABLE_BASIC_AUTH": True, "WEB_ASSET_CORE_PATH": "%s/dist" % dir["web"], "FRONTEND_SEARCH_MIN_LENGTH": "2", - "FRONTEND_OCS_ENABLE_DENIALS": True, "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST": "%s/tests/drone/banned-passwords.txt" % dir["web"], "PROXY_CSP_CONFIG_FILE_LOCATION": "%s/tests/drone/csp.yaml" % dir["web"], # Needed for enabling all roles - "GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6", + "GRAPH_AVAILABLE_ROLES": "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6,63e64e19-8d43-42ec-a738-2b6af2610efa", } if deploy_type == "federation": diff --git a/docker-compose.yml b/docker-compose.yml index 0a69ae75da9..521006ef1cf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,7 +94,7 @@ services: COLLABORA_DOMAIN: host.docker.internal:9980 FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.collaboration.Collabora # Needed for enabling all roles - GRAPH_AVAILABLE_ROLES: b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6 + GRAPH_AVAILABLE_ROLES: b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6,63e64e19-8d43-42ec-a738-2b6af2610efa labels: traefik.enable: true traefik.http.routers.ocis.tls: true diff --git a/tests/e2e/cucumber/features/shares/denyShareAccess.feature b/tests/e2e/cucumber/features/shares/denyShareAccess.feature index 6d04a4f76aa..169c0e9dc17 100644 --- a/tests/e2e/cucumber/features/shares/denyShareAccess.feature +++ b/tests/e2e/cucumber/features/shares/denyShareAccess.feature @@ -1,42 +1,43 @@ Feature: deny share access - # FIXME: enable as soon as sharing NG supports it - # Scenario: deny and grant access - # Given "Admin" creates following users using API - # | id | - # | Alice | - # | Brian | - # When "Alice" logs in - # And "Alice" creates the following folder in personal space using API - # | name | - # | folder_to_shared | - # | folder_to_shared/folder | - # | folder_to_shared/folder_to_deny | - # And "Alice" opens the "files" app - # And "Alice" shares the following resource using the quick action - # | resource | recipient | type | role | resourceType | - # | folder_to_shared | Brian | user | Can view | folder | - # And "Alice" opens folder "folder_to_shared" - # When "Alice" denies access to the following resources for user "Brian" using the sidebar panel - # | resource | - # | folder_to_deny | - # And "Brian" logs in - # And "Brian" opens the "files" app - # And "Brian" navigates to the shared with me page - # And "Brian" opens folder "folder_to_shared" - # Then following resources should not be displayed in the files list for user "Brian" - # | resource | - # | folder_to_deny | - # And "Alice" opens the "files" app - # And "Alice" opens folder "folder_to_shared" - # When "Alice" grants access to the following resources for user "Brian" using the sidebar panel - # | resource | - # | folder_to_deny | - # And "Brian" opens the "files" app - # And "Brian" navigates to the shared with me page - # And "Brian" opens folder "folder_to_shared" - # Then following resources should be displayed in the files list for user "Brian" - # | resource | - # | folder_to_deny | - # And "Brian" logs out - # And "Alice" logs out + Scenario: deny and grant access + Given "Admin" creates following users using API + | id | + | Alice | + | Brian | + When "Alice" logs in + And "Alice" creates the following folder in personal space using API + | name | + | folder_to_shared | + | folder_to_shared/folder | + | folder_to_shared/folder_to_deny | + And "Alice" opens the "files" app + And "Alice" shares the following resource using the quick action + | resource | recipient | type | role | resourceType | + | folder_to_shared | Brian | user | Can view | folder | + And "Alice" opens folder "folder_to_shared" + # deny access + When "Alice" shares the following resource using the sidebar panel + | resource | recipient | type | role | resourceType | + | folder_to_deny | Brian | user | Cannot access | folder | + And "Brian" logs in + And "Brian" opens the "files" app + And "Brian" navigates to the shared with me page + And "Brian" opens folder "folder_to_shared" + Then following resources should not be displayed in the files list for user "Brian" + | resource | + | folder_to_deny | + And "Alice" opens the "files" app + And "Alice" opens folder "folder_to_shared" + # allow access - deleting "Cannot access" share + When "Alice" removes following sharee + | resource | recipient | + | folder_to_deny | Brian | + And "Brian" opens the "files" app + And "Brian" navigates to the shared with me page + And "Brian" opens folder "folder_to_shared" + Then following resources should be displayed in the files list for user "Brian" + | resource | + | folder_to_deny | + And "Brian" logs out + And "Alice" logs out diff --git a/tests/e2e/cucumber/features/spaces/denySpaceAccess.feature b/tests/e2e/cucumber/features/spaces/denySpaceAccess.feature new file mode 100644 index 00000000000..68058309e7a --- /dev/null +++ b/tests/e2e/cucumber/features/spaces/denySpaceAccess.feature @@ -0,0 +1,46 @@ +Feature: deny space access + + Scenario: deny and grant access + Given "Admin" creates following users using API + | id | + | Alice | + | Brian | + And "Admin" assigns following roles to the users using API + | id | role | + | Alice | Space Admin | + And "Alice" logs in + And "Alice" creates the following project space using API + | name | id | + | sales | sales | + And "Alice" creates the following folder in space "sales" using API + | name | + | f1 | + | f2 | + And "Alice" adds the following members to the space "sales" using API + | user | role | shareType | + | Brian | Can edit | user | + + When "Alice" navigates to the project space "sales" + # deny access + When "Alice" shares the following resource using the sidebar panel + | resource | recipient | type | role | resourceType | + | f1 | Brian | user | Cannot access | folder | + And "Brian" logs in + And "Brian" navigates to the project space "sales" + Then following resources should not be displayed in the files list for user "Brian" + | resource | + | f1 | + But following resources should be displayed in the files list for user "Brian" + | resource | + | f2 | + # allow access - deleting "Cannot access" share + When "Alice" removes following sharee + | resource | recipient | + | f1 | Brian | + And "Brian" navigates to the project space "sales" + Then following resources should be displayed in the files list for user "Brian" + | resource | + | f1 | + | f2 | + And "Brian" logs out + And "Alice" logs out diff --git a/tests/e2e/cucumber/steps/ui/shares.ts b/tests/e2e/cucumber/steps/ui/shares.ts index 5726c0671b0..b647e9ea897 100644 --- a/tests/e2e/cucumber/steps/ui/shares.ts +++ b/tests/e2e/cucumber/steps/ui/shares.ts @@ -237,35 +237,6 @@ Then( } ) -When( - /^"([^"]*)" (grants|denies) access to the following resources(?:s)? for (group|user) "([^"]*)" using the sidebar panel?$/, - async function ( - this: World, - stepUser: string, - actionType: string, - collaboratorType: 'user' | 'group', - collaborator: string, - stepTable: DataTable - ): Promise { - const { page } = this.actorsEnvironment.getActor({ key: stepUser }) - const shareObject = new objects.applicationFiles.Share({ page }) - - for (const { resource } of stepTable.hashes()) { - await shareObject.setDenyShare({ - resource, - deny: actionType === 'denies', - collaborator: { - collaborator: - collaboratorType === 'group' - ? this.usersEnvironment.getGroup({ key: collaborator }) - : this.usersEnvironment.getUser({ key: collaborator }), - type: collaboratorType - } as ICollaborator - }) - } - } -) - When( /^"([^"]*)" sets the expiration date of share "([^"]*)" of (group|user) "([^"]*)" to "([^"]*)"?$/, async function ( diff --git a/tests/e2e/support/api/share/share.ts b/tests/e2e/support/api/share/share.ts index ee4c73f594d..7e9501fa512 100644 --- a/tests/e2e/support/api/share/share.ts +++ b/tests/e2e/support/api/share/share.ts @@ -27,13 +27,15 @@ export const shareRoles: Readonly<{ 'Can edit': string 'Can view': string 'Secret File Drop': string + 'Cannot access': string }> = { 'Invited people': 'internal', 'Can upload': 'contributor', 'Can manage': 'manager', 'Can edit': 'editor', 'Can view': 'viewer', - 'Secret File Drop': 'uploader' + 'Secret File Drop': 'uploader', + 'Cannot access': 'denied' } as const export const linkShareRoles: Readonly<{ diff --git a/tests/e2e/support/objects/app-files/share/actions.ts b/tests/e2e/support/objects/app-files/share/actions.ts index 53b1498f02c..e66c8a19b24 100644 --- a/tests/e2e/support/objects/app-files/share/actions.ts +++ b/tests/e2e/support/objects/app-files/share/actions.ts @@ -203,19 +203,6 @@ export const checkSharee = async (args: ShareArgs): Promise => { } } -export interface setDenyShareArgs { - page: Page - resource: string - deny: boolean - collaborator: ICollaborator -} - -export const setDenyShare = async (args: setDenyShareArgs): Promise => { - const { page, resource, deny, collaborator } = args - await openSharingPanel(page, resource) - await Collaborator.setDenyShareForCollaborator({ page, deny, collaborator }) -} - export const addExpirationDate = async (args: { page: Page resource: string diff --git a/tests/e2e/support/objects/app-files/share/collaborator.ts b/tests/e2e/support/objects/app-files/share/collaborator.ts index b26f9b4a036..e625aae1cbe 100644 --- a/tests/e2e/support/objects/app-files/share/collaborator.ts +++ b/tests/e2e/support/objects/app-files/share/collaborator.ts @@ -187,6 +187,7 @@ export default class Collaborator { await page .locator(util.format(Collaborator.collaboratorEditDropdownButton, collaboratorRow)) + .first() .click() await page.locator(util.format(Collaborator.removeCollaboratorButton, collaboratorRow)).click() @@ -304,38 +305,6 @@ export default class Collaborator { : util.format(Collaborator.collaboratorUserSelector, collaborator.displayName) } - static async setDenyShareForCollaborator(args: SetDenyShareForCollaboratorArgs): Promise { - const { - page, - collaborator: { collaborator, type }, - deny - } = args - const collaboratorRow = Collaborator.getCollaboratorUserOrGroupSelector(collaborator, type) - await page.locator(collaboratorRow).waitFor() - - await page - .locator(util.format(Collaborator.collaboratorEditDropdownButton, collaboratorRow)) - .click() - - await Promise.all([ - page.waitForResponse( - (resp) => - resp.url().includes('shares') && - resp.status() === 200 && - resp.request().method() === (deny ? 'POST' : 'DELETE') - ), - page - .locator( - util.format( - Collaborator.denyShareCollaboratorButton, - collaboratorRow, - deny ? 'false' : 'true' - ) - ) - .click() - ]) - } - static async getAccessDetails( page: Page, recipient: Omit diff --git a/tests/e2e/support/objects/app-files/share/index.ts b/tests/e2e/support/objects/app-files/share/index.ts index 77666aecc3d..0b050c7a6f0 100644 --- a/tests/e2e/support/objects/app-files/share/index.ts +++ b/tests/e2e/support/objects/app-files/share/index.ts @@ -59,12 +59,6 @@ export class Share { return await resourceIsSynced({ page: this.#page, resource }) } - async setDenyShare(args: Omit): Promise { - const startUrl = this.#page.url() - await po.setDenyShare({ ...args, page: this.#page }) - await this.#page.goto(startUrl) - } - async addExpirationDate({ resource, collaborator,