tests: Add integration tests for deleted boards/cards
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
@@ -106,3 +106,37 @@ Feature: acl
|
||||
| property | value |
|
||||
| title | Double shared board |
|
||||
|
||||
|
||||
Scenario: Deleted board is inaccessible to share recipients
|
||||
Given acting as user "user0"
|
||||
When creates a board with example content
|
||||
And remember the last card as "user0-card"
|
||||
When post a comment with content "hello comment" on the card
|
||||
And uploads an attachment to the last used card
|
||||
And remember the last attachment as "user0-attachment"
|
||||
And shares the board with user "user1"
|
||||
Then the HTTP status code should be "200"
|
||||
And delete the board
|
||||
|
||||
Given acting as user "user1"
|
||||
When fetching the attachments for the card "user0-card"
|
||||
Then the response should have a status code 403
|
||||
|
||||
When get the comments on the card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When update a comment with content "hello deleted" on the card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When delete the comment on the card
|
||||
Then the response should have a status code 403
|
||||
# 644
|
||||
When post a comment with content "hello deleted" on the card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When get the card details
|
||||
Then the response should have a status code 403
|
||||
When fetching the attachment "user0-attachment" for the card "user0-card"
|
||||
Then the response should have a status code 403
|
||||
When deleting the attachment "user0-attachment" for the card "user0-card"
|
||||
Then the response should have a status code 403
|
||||
|
||||
@@ -87,4 +87,14 @@ class AttachmentContext implements Context {
|
||||
|
||||
$this->requestContext->sendPlainRequest('GET', '/index.php/apps/deck/cards/' . $cardId . '/attachment/file:' . $attachmentId);
|
||||
}
|
||||
|
||||
/**
|
||||
* @When fetching the attachments for the card :cardReference
|
||||
*/
|
||||
public function fetchingTheAttachmentsForTheCard($cardReference) {
|
||||
$cardId = $this->boardContext->getRememberedCard($cardReference)['id'] ?? null;
|
||||
Assert::assertNotNull($cardId, 'Card needs to be available');
|
||||
|
||||
$this->requestContext->sendPlainRequest('GET', '/index.php/apps/deck/cards/' . $cardId . '/attachments');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -204,7 +204,9 @@ class BoardContext implements Context {
|
||||
['description' => $description]
|
||||
));
|
||||
$this->requestContext->getResponse()->getBody()->seek(0);
|
||||
$this->card = json_decode((string)$this->getResponse()->getBody(), true);
|
||||
if ($this->requestContext->getResponse()->getStatusCode() === 200) {
|
||||
$this->card = json_decode((string)$this->getResponse()->getBody(), true);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -216,7 +218,9 @@ class BoardContext implements Context {
|
||||
[$attribute => $value]
|
||||
));
|
||||
$this->requestContext->getResponse()->getBody()->seek(0);
|
||||
$this->card = json_decode((string)$this->getResponse()->getBody(), true);
|
||||
if ($this->requestContext->getResponse()->getStatusCode() === 200) {
|
||||
$this->card = json_decode((string)$this->getResponse()->getBody(), true);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -227,7 +231,9 @@ class BoardContext implements Context {
|
||||
$this->card
|
||||
));
|
||||
$this->requestContext->getResponse()->getBody()->seek(0);
|
||||
$this->card = json_decode((string)$this->getResponse()->getBody(), true);
|
||||
if ($this->requestContext->getResponse()->getStatusCode() === 200) {
|
||||
$this->card = json_decode((string)$this->getResponse()->getBody(), true);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -282,4 +288,18 @@ class BoardContext implements Context {
|
||||
public function getRememberedCard($arg1) {
|
||||
return $this->storedCards[$arg1] ?? null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^delete the card$/
|
||||
*/
|
||||
public function deleteTheCard() {
|
||||
$this->requestContext->sendJSONrequest('DELETE', '/index.php/apps/deck/cards/' . $this->card['id']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^delete the board/
|
||||
*/
|
||||
public function deleteTheBoard() {
|
||||
$this->requestContext->sendJSONrequest('DELETE', '/index.php/apps/deck/boards/' . $this->board['id']);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,6 +11,8 @@ class CommentContext implements Context {
|
||||
/** @var BoardContext */
|
||||
protected $boardContext;
|
||||
|
||||
private $lastComment = null;
|
||||
|
||||
/** @BeforeScenario */
|
||||
public function gatherContexts(BeforeScenarioScope $scope) {
|
||||
$environment = $scope->getEnvironment();
|
||||
@@ -27,5 +29,34 @@ class CommentContext implements Context {
|
||||
'message' => $content,
|
||||
'parentId' => null
|
||||
]);
|
||||
$this->lastComment = $this->requestContext->getResponseBodyFromJson()['ocs']['data'] ?? null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^get the comments on the card$/
|
||||
*/
|
||||
public function getCommentsOnTheCard() {
|
||||
$card = $this->boardContext->getLastUsedCard();
|
||||
$this->requestContext->sendOCSRequest('GET', '/apps/deck/api/v1.0/cards/' . $card['id'] . '/comments');
|
||||
}
|
||||
|
||||
/**
|
||||
* @When /^update a comment with content "([^"]*)" on the card$/
|
||||
*/
|
||||
public function updateACommentWithContentOnTheCard($content) {
|
||||
$card = $this->boardContext->getLastUsedCard();
|
||||
$this->requestContext->sendOCSRequest('PUT', '/apps/deck/api/v1.0/cards/' . $card['id'] . '/comments/'. $this->lastComment['id'], [
|
||||
'message' => $content,
|
||||
'parentId' => null
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @When /^delete the comment on the card$/
|
||||
*/
|
||||
public function deleteTheCommentOnTheCard() {
|
||||
$card = $this->boardContext->getLastUsedCard();
|
||||
$this->requestContext->sendOCSRequest('DELETE', '/apps/deck/api/v1.0/cards/' . $card['id'] . '/comments/'. $this->lastComment['id']);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -10,15 +10,15 @@ class ServerContext implements Context {
|
||||
WebDav::__construct as private __tConstruct;
|
||||
}
|
||||
|
||||
private string $rawBaseUrl;
|
||||
private string $mappedUserId;
|
||||
private array $lastInsertIds = [];
|
||||
|
||||
public function __construct($baseUrl) {
|
||||
$this->rawBaseUrl = $baseUrl;
|
||||
$this->__tConstruct($baseUrl . '/index.php/ocs/', ['admin', 'admin'], '123456');
|
||||
}
|
||||
|
||||
/** @var string */
|
||||
private $mappedUserId;
|
||||
|
||||
private $lastInsertIds = [];
|
||||
|
||||
/**
|
||||
* @BeforeSuite
|
||||
|
||||
@@ -58,3 +58,75 @@ Feature: decks
|
||||
|title|Overdue task|
|
||||
|duedate||
|
||||
|overdue|0|
|
||||
|
||||
Scenario: Cannot access card on a deleted board
|
||||
Given acting as user "user0"
|
||||
And creates a board named "MyBoard" with color "000000"
|
||||
And create a stack named "ToDo"
|
||||
And create a card named "Overdue task"
|
||||
And remember the last card as "deletedCard"
|
||||
And uploads an attachment to the last used card
|
||||
And remember the last attachment as "my-attachment"
|
||||
And post a comment with content "My first comment" on the card
|
||||
And delete the board
|
||||
|
||||
When fetching the attachment "my-attachment" for the card "deletedCard"
|
||||
Then the response should have a status code 403
|
||||
|
||||
When get the comments on the card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When post a comment with content "My second comment" on the card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When uploads an attachment to the last used card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When set the description to "Update some text"
|
||||
Then the response should have a status code 403
|
||||
|
||||
When get the card details
|
||||
Then the response should have a status code 403
|
||||
|
||||
When create a card named "Overdue task"
|
||||
Then the response should have a status code 403
|
||||
|
||||
When create a stack named "ToDo"
|
||||
Then the response should have a status code 403
|
||||
|
||||
Scenario: Cannot access card on a deleted card
|
||||
Given acting as user "user0"
|
||||
And creates a board named "MyBoard" with color "000000"
|
||||
And create a stack named "ToDo"
|
||||
And create a card named "Overdue task"
|
||||
And remember the last card as "deletedCard"
|
||||
And uploads an attachment to the last used card
|
||||
And remember the last attachment as "my-attachment"
|
||||
And post a comment with content "My first comment" on the card
|
||||
And delete the card
|
||||
|
||||
When fetching the attachment "my-attachment" for the card "deletedCard"
|
||||
Then the response should have a status code 403
|
||||
|
||||
When get the comments on the card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When post a comment with content "My second comment" on the card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When deleting the attachment "my-attachment" for the card "deletedCard"
|
||||
Then the response should have a status code 403
|
||||
|
||||
When uploads an attachment to the last used card
|
||||
Then the response should have a status code 403
|
||||
|
||||
When get the card details
|
||||
Then the response should have a status code 403
|
||||
|
||||
# We currently still expect to be able to update the card as this is used to undo deletion
|
||||
When set the description to "Update some text"
|
||||
Then the response should have a status code 403
|
||||
#When set the card attribute "deletedAt" to "0"
|
||||
#Then the response should have a status code 200
|
||||
#When set the description to "Update some text"
|
||||
#Then the response should have a status code 200
|
||||
|
||||
Reference in New Issue
Block a user