diff options
author | Joas Schilling <coding@schilljs.com> | 2022-04-27 19:13:40 +0200 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2022-04-27 21:22:43 +0200 |
commit | 5874253f25e5d780680d2dbdc7c71540d6a95aee (patch) | |
tree | 68e586d58272819a398a55065e8af9a823943103 /tests | |
parent | 7f0dbc0c6497225090cab15fb416e7352edd9323 (diff) |
Disallow sharing without chat permissions
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/integration/features/chat/file-share.feature | 29 | ||||
-rw-r--r-- | tests/php/Collaboration/Collaborators/RoomPluginTest.php | 18 |
2 files changed, 46 insertions, 1 deletions
diff --git a/tests/integration/features/chat/file-share.feature b/tests/integration/features/chat/file-share.feature index cb35a4d16..caae8ffae 100644 --- a/tests/integration/features/chat/file-share.feature +++ b/tests/integration/features/chat/file-share.feature @@ -1,6 +1,7 @@ Feature: chat/public Background: Given user "participant1" exists + Given user "participant2" exists Scenario: Share a file to a chat Given user "participant1" creates room "public room" (v4) @@ -11,6 +12,18 @@ Feature: chat/public | room | actorType | actorId | actorDisplayName | message | messageParameters | | public room | users | participant1 | participant1-displayname | {file} | "IGNORE" | + Scenario: Can not share a file without chat permission + Given user "participant1" creates room "public room" (v4) + | roomType | 3 | + | roomName | room | + And user "participant1" adds user "participant2" to room "public room" with 200 (v4) + # Removing chat permission only + Then user "participant1" sets permissions for "participant2" in room "public room" to "CSJLAVP" with 200 (v4) + When user "participant2" shares "welcome.txt" with room "public room" + And the OCS status code should be 404 + Then user "participant1" sees the following messages in room "public room" with 200 + | room | actorType | actorId | actorDisplayName | message | messageParameters | + Scenario: Delete share a file message from a chat Given user "participant1" creates room "public room" (v4) | roomType | 3 | @@ -23,3 +36,19 @@ Feature: chat/public Then user "participant1" sees the following messages in room "public room" with 200 | room | actorType | actorId | actorDisplayName | message | messageParameters | | public room | users | participant1 | participant1-displayname | Message deleted by you | {"actor":{"type":"user","id":"participant1","name":"participant1-displayname"}} | + + Scenario: Can not delete a share file message without chat permission + Given user "participant1" creates room "public room" (v4) + | roomType | 3 | + | roomName | room | + And user "participant1" adds user "participant2" to room "public room" with 200 (v4) + When user "participant2" shares "welcome.txt" with room "public room" + Then user "participant1" sees the following messages in room "public room" with 200 + | room | actorType | actorId | actorDisplayName | message | messageParameters | + | public room | users | participant2 | participant2-displayname | {file} | "IGNORE" | + # Removing chat permission only + Then user "participant1" sets permissions for "participant2" in room "public room" to "CSJLAVP" with 200 (v4) + And user "participant2" deletes message "shared::file::welcome.txt" from room "public room" with 403 + Then user "participant1" sees the following messages in room "public room" with 200 + | room | actorType | actorId | actorDisplayName | message | messageParameters | + | public room | users | participant2 | participant2-displayname | {file} | "IGNORE" | diff --git a/tests/php/Collaboration/Collaborators/RoomPluginTest.php b/tests/php/Collaboration/Collaborators/RoomPluginTest.php index f96d23569..bb116ffd7 100644 --- a/tests/php/Collaboration/Collaborators/RoomPluginTest.php +++ b/tests/php/Collaboration/Collaborators/RoomPluginTest.php @@ -27,6 +27,8 @@ namespace OCA\Talk\Tests\php\Collaboration\Collaborators; use OCA\Talk\Collaboration\Collaborators\RoomPlugin; use OCA\Talk\Manager; +use OCA\Talk\Model\Attendee; +use OCA\Talk\Participant; use OCA\Talk\Room; use OCP\Collaboration\Collaborators\ISearchResult; use OCP\Collaboration\Collaborators\SearchResultType; @@ -65,8 +67,9 @@ class RoomPluginTest extends TestCase { $this->plugin = new RoomPlugin($this->manager, $this->userSession); } - private function newRoom(int $type, string $token, string $name): Room { + private function newRoom(int $type, string $token, string $name, int $permissions = Attendee::PERMISSIONS_MAX_DEFAULT): Room { $room = $this->createMock(Room::class); + $participant = $this->createMock(Participant::class); $room->expects($this->any()) ->method('getType') @@ -80,6 +83,14 @@ class RoomPluginTest extends TestCase { ->method('getDisplayName') ->willReturn($name); + $room->expects($this->any()) + ->method('getParticipant') + ->willReturn($participant); + + $participant->expects($this->any()) + ->method('getPermissions') + ->willReturn($permissions); + return $room; } @@ -116,6 +127,11 @@ class RoomPluginTest extends TestCase { $this->newResult('Room name', 'roomToken') ], false], + // Chats without chat permission are not returned + ['room', 2, 0, [ + $this->newRoom(Room::TYPE_GROUP, 'roomToken', 'Room name', Attendee::PERMISSIONS_MAX_DEFAULT ^ Attendee::PERMISSIONS_CHAT), + ], [], [], false], + // Search term with single exact match ['room name', 2, 0, [ $this->newRoom(Room::TYPE_GROUP, 'roomToken', 'Unmatched name'), |