diff --git a/tests/integration/features/acl.feature b/tests/integration/features/acl.feature index 2937a377f..1a9677fc1 100644 --- a/tests/integration/features/acl.feature +++ b/tests/integration/features/acl.feature @@ -90,3 +90,53 @@ Feature: acl And the current user should not have "edit" permissions on the board And the current user should have "share" permissions on the board And the current user should not have "manage" permissions on the board + + Scenario: Share a board multiple times + Given Logging in using web as "user0" + And creates a board named "Double shared board" with color "ff0000" + And shares the board with user "user1" + And shares the board with group "group1" + And creates a board named "Single shared board" with color "00ff00" + And shares the board with user "user1" + When Logging in using web as "user1" + And fetching the board list + Then the response should have a status code "200" + And the response should be a list of objects + And the response should contain an element with the properties + | property | value | + | title | Double shared board | + + + Scenario: Deleted board is inaccessible to share recipients + Given acting as user "user0" + When creates a board with example content + And remember the last card as "user0-card" + When post a comment with content "hello comment" on the card + And uploads an attachment to the last used card + And remember the last attachment as "user0-attachment" + And shares the board with user "user1" + Then the HTTP status code should be "200" + And delete the board + + Given acting as user "user1" + When fetching the attachments for the card "user0-card" + Then the response should have a status code 403 + + When get the comments on the card + Then the response should have a status code 403 + + When update a comment with content "hello deleted" on the card + Then the response should have a status code 403 + + When delete the comment on the card + Then the response should have a status code 403 + # 644 + When post a comment with content "hello deleted" on the card + Then the response should have a status code 403 + + When get the card details + Then the response should have a status code 403 + When fetching the attachment "user0-attachment" for the card "user0-card" + Then the response should have a status code 403 + When deleting the attachment "user0-attachment" for the card "user0-card" + Then the response should have a status code 403 diff --git a/tests/integration/features/bootstrap/AttachmentContext.php b/tests/integration/features/bootstrap/AttachmentContext.php index 051789aec..84ef35048 100644 --- a/tests/integration/features/bootstrap/AttachmentContext.php +++ b/tests/integration/features/bootstrap/AttachmentContext.php @@ -87,4 +87,14 @@ class AttachmentContext implements Context { $this->requestContext->sendPlainRequest('GET', '/index.php/apps/deck/cards/' . $cardId . '/attachment/file:' . $attachmentId); } + + /** + * @When fetching the attachments for the card :cardReference + */ + public function fetchingTheAttachmentsForTheCard($cardReference) { + $cardId = $this->boardContext->getRememberedCard($cardReference)['id'] ?? null; + Assert::assertNotNull($cardId, 'Card needs to be available'); + + $this->requestContext->sendPlainRequest('GET', '/index.php/apps/deck/cards/' . $cardId . '/attachments'); + } } diff --git a/tests/integration/features/bootstrap/BoardContext.php b/tests/integration/features/bootstrap/BoardContext.php index 420a7d410..fdd985d27 100644 --- a/tests/integration/features/bootstrap/BoardContext.php +++ b/tests/integration/features/bootstrap/BoardContext.php @@ -186,7 +186,9 @@ class BoardContext implements Context { ['description' => $description] )); $this->requestContext->getResponse()->getBody()->seek(0); - $this->card = json_decode((string)$this->getResponse()->getBody(), true); + if ($this->requestContext->getResponse()->getStatusCode() === 200) { + $this->card = json_decode((string)$this->getResponse()->getBody(), true); + } } /** @@ -198,7 +200,22 @@ class BoardContext implements Context { [$attribute => $value] )); $this->requestContext->getResponse()->getBody()->seek(0); - $this->card = json_decode((string)$this->getResponse()->getBody(), true); + if ($this->requestContext->getResponse()->getStatusCode() === 200) { + $this->card = json_decode((string)$this->getResponse()->getBody(), true); + } + } + + /** + * @Given /^get the card details$/ + */ + public function getCard() { + $this->requestContext->sendJSONrequest('GET', '/index.php/apps/deck/cards/' . $this->card['id'], array_merge( + $this->card + )); + $this->requestContext->getResponse()->getBody()->seek(0); + if ($this->requestContext->getResponse()->getStatusCode() === 200) { + $this->card = json_decode((string)$this->getResponse()->getBody(), true); + } } /** @@ -253,4 +270,18 @@ class BoardContext implements Context { public function getRememberedCard($arg1) { return $this->storedCards[$arg1] ?? null; } + + /** + * @Given /^delete the card$/ + */ + public function deleteTheCard() { + $this->requestContext->sendJSONrequest('DELETE', '/index.php/apps/deck/cards/' . $this->card['id']); + } + + /** + * @Given /^delete the board/ + */ + public function deleteTheBoard() { + $this->requestContext->sendJSONrequest('DELETE', '/index.php/apps/deck/boards/' . $this->board['id']); + } } diff --git a/tests/integration/features/bootstrap/CommentContext.php b/tests/integration/features/bootstrap/CommentContext.php index 40b6f4e45..92bc9a347 100644 --- a/tests/integration/features/bootstrap/CommentContext.php +++ b/tests/integration/features/bootstrap/CommentContext.php @@ -11,6 +11,8 @@ class CommentContext implements Context { /** @var BoardContext */ protected $boardContext; + private $lastComment = null; + /** @BeforeScenario */ public function gatherContexts(BeforeScenarioScope $scope) { $environment = $scope->getEnvironment(); @@ -27,5 +29,34 @@ class CommentContext implements Context { 'message' => $content, 'parentId' => null ]); + $this->lastComment = $this->requestContext->getResponseBodyFromJson()['ocs']['data'] ?? null; } + + /** + * @Given /^get the comments on the card$/ + */ + public function getCommentsOnTheCard() { + $card = $this->boardContext->getLastUsedCard(); + $this->requestContext->sendOCSRequest('GET', '/apps/deck/api/v1.0/cards/' . $card['id'] . '/comments'); + } + + /** + * @When /^update a comment with content "([^"]*)" on the card$/ + */ + public function updateACommentWithContentOnTheCard($content) { + $card = $this->boardContext->getLastUsedCard(); + $this->requestContext->sendOCSRequest('PUT', '/apps/deck/api/v1.0/cards/' . $card['id'] . '/comments/'. $this->lastComment['id'], [ + 'message' => $content, + 'parentId' => null + ]); + } + + /** + * @When /^delete the comment on the card$/ + */ + public function deleteTheCommentOnTheCard() { + $card = $this->boardContext->getLastUsedCard(); + $this->requestContext->sendOCSRequest('DELETE', '/apps/deck/api/v1.0/cards/' . $card['id'] . '/comments/'. $this->lastComment['id']); + } + } diff --git a/tests/integration/features/bootstrap/ServerContext.php b/tests/integration/features/bootstrap/ServerContext.php index 87b068ec8..6ed36f320 100644 --- a/tests/integration/features/bootstrap/ServerContext.php +++ b/tests/integration/features/bootstrap/ServerContext.php @@ -10,15 +10,15 @@ class ServerContext implements Context { WebDav::__construct as private __tConstruct; } + private string $rawBaseUrl; + private string $mappedUserId; + private array $lastInsertIds = []; + public function __construct($baseUrl) { $this->rawBaseUrl = $baseUrl; $this->__tConstruct($baseUrl . '/index.php/ocs/', ['admin', 'admin'], '123456'); } - /** @var string */ - private $mappedUserId; - - private $lastInsertIds = []; /** * @BeforeSuite diff --git a/tests/integration/features/decks.feature b/tests/integration/features/decks.feature index 22a74baec..3582af430 100644 --- a/tests/integration/features/decks.feature +++ b/tests/integration/features/decks.feature @@ -32,3 +32,101 @@ Feature: decks And creates a board named "MyBoard" with color "000000" And create a stack named "ToDo" When create a card named "This is a very ong name that exceeds the maximum length of a deck board created which is longer than 255 characters This is a very ong name that exceeds the maximum length of a deck board created which is longer than 255 characters This is a very ong name that exceeds the maximum length of a deck board created which is longer than 255 characters" + + Scenario: Setting a duedate on a card + Given acting as user "user0" + And creates a board named "MyBoard" with color "000000" + And create a stack named "ToDo" + And create a card named "Overdue task" + When get the card details + And the response should be a JSON array with the following mandatory values + |key|value| + |title|Overdue task| + |duedate|| + |overdue|0| + And set the card attribute "duedate" to "2020-12-12 13:37:00" + When get the card details + And the response should be a JSON array with the following mandatory values + |key|value| + |title|Overdue task| + |duedate|2020-12-12T13:37:00+00:00| + |overdue|3| + And set the card attribute "duedate" to "" + When get the card details + And the response should be a JSON array with the following mandatory values + |key|value| + |title|Overdue task| + |duedate|| + |overdue|0| + + Scenario: Cannot access card on a deleted board + Given acting as user "user0" + And creates a board named "MyBoard" with color "000000" + And create a stack named "ToDo" + And create a card named "Overdue task" + And remember the last card as "deletedCard" + And uploads an attachment to the last used card + And remember the last attachment as "my-attachment" + And post a comment with content "My first comment" on the card + And delete the board + + When fetching the attachment "my-attachment" for the card "deletedCard" + Then the response should have a status code 403 + + When get the comments on the card + Then the response should have a status code 403 + + When post a comment with content "My second comment" on the card + Then the response should have a status code 403 + + When uploads an attachment to the last used card + Then the response should have a status code 403 + + When set the description to "Update some text" + Then the response should have a status code 403 + + When get the card details + Then the response should have a status code 403 + + When create a card named "Overdue task" + Then the response should have a status code 403 + + When create a stack named "ToDo" + Then the response should have a status code 403 + + Scenario: Cannot access card on a deleted card + Given acting as user "user0" + And creates a board named "MyBoard" with color "000000" + And create a stack named "ToDo" + And create a card named "Overdue task" + And remember the last card as "deletedCard" + And uploads an attachment to the last used card + And remember the last attachment as "my-attachment" + And post a comment with content "My first comment" on the card + And delete the card + + When fetching the attachment "my-attachment" for the card "deletedCard" + Then the response should have a status code 403 + + When get the comments on the card + Then the response should have a status code 403 + + When post a comment with content "My second comment" on the card + Then the response should have a status code 403 + + When deleting the attachment "my-attachment" for the card "deletedCard" + Then the response should have a status code 403 + + When uploads an attachment to the last used card + Then the response should have a status code 403 + + When get the card details + Then the response should have a status code 403 + + # We currently still expect to be able to update the card as this is used to undo deletion + When set the description to "Update some text" + Then the response should have a status code 403 + #When set the card attribute "deletedAt" to "0" + #Then the response should have a status code 200 + #When set the description to "Update some text" + #Then the response should have a status code 200