From 9bc3f0341c53f9e8d49115aafee42e1e013a5fd3 Mon Sep 17 00:00:00 2001 From: "v.scharf" Date: Wed, 17 Jun 2026 21:48:14 +0200 Subject: [PATCH 1/3] api-test: deleting space --- .../apiSpaces/disableAndDeleteSpaces.feature | 152 ----------- .../disableEnableDeleteSpaces.feature | 239 ++++++++++++++++++ .../features/apiSpaces/restoreSpaces.feature | 98 ------- 3 files changed, 239 insertions(+), 250 deletions(-) delete mode 100644 tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature create mode 100644 tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature delete mode 100644 tests/acceptance/features/apiSpaces/restoreSpaces.feature diff --git a/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature b/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature deleted file mode 100644 index 3fef82ab94..0000000000 --- a/tests/acceptance/features/apiSpaces/disableAndDeleteSpaces.feature +++ /dev/null @@ -1,152 +0,0 @@ -Feature: Disabling and deleting space - As a manager of space - I want to be able to disable the space first, then delete it. - So that a disabled spaces isn't accessible by shared users. - - Background: - Given these users have been created with default attributes: - | username | - | Alice | - | Brian | - | Bob | - | Carol | - And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API - And user "Alice" has created a space "Project Moon" with the default quota using the Graph API - And user "Alice" has sent the following space share invitation: - | space | Project Moon | - | sharee | Brian | - | shareType | user | - | permissionsRole | Space Editor | - And user "Alice" has sent the following space share invitation: - | space | Project Moon | - | sharee | Bob | - | shareType | user | - | permissionsRole | Space Viewer | - - - Scenario Outline: user can disable their own space via the Graph API - Given the administrator has assigned the role "" to user "Alice" using the Graph API - When user "Alice" disables a space "Project Moon" - Then the HTTP status code should be "204" - And the user "Brian" should not have a space called "Project Moon" - And the user "Bob" should not have a space called "Project Moon" - Examples: - | user-role | - | Admin | - | Space Admin | - | User | - | User Light | - - - Scenario Outline: user with role user and user light cannot disable other space via the Graph API - Given the administrator has assigned the role "" to user "Carol" using the Graph API - When user "Carol" tries to disable a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "404" - And the user "Brian" should have a space called "Project Moon" - And the user "Bob" should have a space called "Project Moon" - Examples: - | user-role | - | User | - | User Light | - - - Scenario: a space manager can disable and delete space in which files and folders exist via the webDav API - Given user "Alice" has uploaded a file inside space "Project Moon" with content "test" to "test.txt" - And user "Alice" has created a folder "MainFolder" in space "Project Moon" - When user "Alice" disables a space "Project Moon" - Then the HTTP status code should be "204" - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "204" - And the user "Alice" should not have a space called "Project Moon" - - - Scenario Outline: user cannot delete their own space without first disabling it - Given the administrator has assigned the role "" to user "Alice" using the Graph API - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "400" - And the user "Alice" should have a space called "Project Moon" - Examples: - | user-role | - | Admin | - | Space Admin | - | User | - | User Light | - - - Scenario Outline: user can delete their own disabled space via the Graph API - Given the administrator has assigned the role "" to user "Alice" using the Graph API - And user "Alice" has disabled a space "Project Moon" - When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "204" - And the user "Alice" should not have a space called "Project Moon" - Examples: - | user-role | - | Admin | - | Space Admin | - | User | - | User Light | - - - Scenario Outline: an admin and space manager can disable other space via the Graph API - Given the administrator has assigned the role "" to user "Carol" using the Graph API - When user "Carol" disables a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "204" - And the user "Carol" should not have a space called "Project Moon" - Examples: - | user-role | - | Admin | - | Space Admin | - - - Scenario Outline: an admin and space manager can delete other disabled Space - Given the administrator has assigned the role "" to user "Carol" using the Graph API - And user "Alice" has disabled a space "Project Moon" - When user "Carol" deletes a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "204" - And the user "Alice" should not have a space called "Project Moon" - And the user "Carol" should not have a space called "Project Moon" - Examples: - | user-role | - | Admin | - | Space Admin | - - - Scenario Outline: user with role user and user light cannot disable space - Given the administrator has assigned the role "" to user "Carol" using the Graph API - When user "Carol" tries to delete a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "404" - Examples: - | user-role | - | User | - | User Light | - - - Scenario Outline: user with role user and user light cannot delete others disabled space - Given the administrator has assigned the role "" to user "Carol" using the Graph API - And user "Alice" has disabled a space "Project Moon" - When user "Carol" tries to delete a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "404" - Examples: - | user-role | - | User | - | User Light | - - - Scenario Outline: viewer and space editor cannot disable space - When user "" tries to disable a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "404" - And the user "" should have a space called "Project Moon" - Examples: - | user | - | Brian | - | Bob | - - - Scenario Outline: viewer and space editor cannot delete disabled space - Given user "Alice" has disabled a space "Project Moon" - When user "" tries to delete a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "404" - Examples: - | user | - | Brian | - | Bob | diff --git a/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature b/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature new file mode 100644 index 0000000000..fc4cb979e9 --- /dev/null +++ b/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature @@ -0,0 +1,239 @@ +Feature: Disabling, restoring and deleting space + As a manager of space + I want to be able to disable the space first, then either restore or delete it. + So that a disabled space isn't accessible by shared users until it is restored, + and so that data is protected from accidental deletion by a mandatory disable step first. + + | action | space admin (system role) | space manager (space role) | space viewer/editor (space role) | + | disable space | allowed | allowed | denied | + | list disabled space (/me/drives) | denied | allowed | denied | + | enable space | allowed | allowed | denied | + | delete space | allowed | denied | denied | + + Background: + Given these users have been created with default attributes: + | username | + | Alice | + | Brian | + | Carol | + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "Project Moon" with the default quota using the Graph API + ############################################################################## + # DISABLE SPACE + ############################################################################## + + Scenario Outline: disable space via the Graph API + Given the administrator has assigned the role "" to user "Brian" using the Graph API + And user "Alice" has sent the following space share invitation: + | space | Project Moon | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + When user "Brian" disables a space "Project Moon" + Then the HTTP status code should be "" + And the user "Brian" have a space called "Project Moon" + Examples: + | user-role | space-role | code | shouldOrNot | + | Space Admin | Space Viewer | 204 | should not | + | User | Manager | 204 | should | + | User | Space Editor | 404 | should | + | User Light | Space Viewer | 404 | should | + + + Scenario: user can disable their own space via the Graph API + When user "Alice" has disabled a space "Project Moon" + And user "Alice" lists all available spaces via the Graph API with query "$filter=driveType eq 'project'" + Then the HTTP status code should be "200" + And the JSON response should contain space called "Project Moon" and match + """ + { + "type": "object", + "required": [ + "name", + "driveType" + ], + "properties": { + "name": { + "type": "string", + "enum": ["Project Moon"] + }, + "driveType": { + "type": "string", + "enum": ["project"] + }, + "id": { + "type": "string", + "enum": ["%space_id%"] + }, + "root": { + "type": "object", + "required": [ + "deleted" + ], + "properties": { + "deleted": { + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "type": "string", + "enum": ["trashed"] + } + } + } + } + } + } + } + """ + + + Scenario Outline: an admin and space manager can disable other space via the Graph API + Given the administrator has assigned the role "" to user "Carol" using the Graph API + When user "Carol" disables a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "204" + And the user "Carol" should not have a space called "Project Moon" + Examples: + | user-role | + | Admin | + | Space Admin | + ############################################################################## + # LIST DISABLED SPACE (/me/drives) + ############################################################################## + + Scenario Outline: list disabled space via the Graph API + Given the administrator has assigned the role "" to user "Brian" using the Graph API + And user "Alice" has sent the following space share invitation: + | space | Project Moon | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + When user "Alice" has disabled a space "Project Moon" + And the user "Brian" have a space called "Project Moon" + Examples: + | user-role | space-role | shouldOrNot | + | Space Admin | Space Viewer | should not | + | User | Manager | should | + | User | Space Editor | should not | + | User Light | Space Viewer | should not | + ############################################################################## + # ENABLE SPACE + ############################################################################## + + Scenario Outline: enable space via the Graph API + Given the administrator has assigned the role "" to user "Brian" using the Graph API + And user "Alice" has sent the following space share invitation: + | space | Project Moon | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And user "Alice" has disabled a space "Project Moon" + When user "Brian" restores a disabled space "Project Moon" + Then the HTTP status code should be "" + Examples: + | user-role | space-role | code | + | Space Admin | Space Viewer | 200 | + | User | Manager | 200 | + | User | Space Editor | 404 | + | User Light | Space Viewer | 404 | + + + Scenario: participants can see and create the data after the space is restored + Given using spaces DAV path + And user "Alice" has created a folder "mainFolder" in space "Project Moon" + And user "Alice" has uploaded a file inside space "Project Moon" with content "example" to "test.txt" + And user "Alice" has sent the following space share invitation: + | space | Project Moon | + | sharee | Brian | + | shareType | user | + | permissionsRole | Space Editor | + And user "Alice" has sent the following space share invitation: + | space | Project Moon | + | sharee | Carol | + | shareType | user | + | permissionsRole | Space Viewer | + And user "Alice" has disabled a space "Project Moon" + When user "Alice" restores a disabled space "Project Moon" + Then for user "Alice" the space "Project Moon" should contain these entries: + | test.txt | + | mainFolder | + When user "Brian" creates a folder "newFolder" in space "Project Moon" using the WebDav Api + And user "Brian" uploads a file inside space "Project Moon" with content "test" to "new.txt" using the WebDAV API + And for user "Brian" the space "Project Moon" should contain these entries: + | test.txt | + | mainFolder | + | new.txt | + | newFolder | + Then for user "Carol" the space "Project Moon" should contain these entries: + | test.txt | + | mainFolder | + | new.txt | + | newFolder | + + + Scenario Outline: try to restore other space + Given the administrator has assigned the role "" to user "Brian" using the Graph API + And user "Alice" has disabled a space "Project Moon" + When user "Brian" restores a disabled space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "" + Examples: + | user-role | code | + | Admin | 200 | + | Space Admin | 200 | + | User | 404 | + | User Light | 404 | + ############################################################################## + # DELETE SPACE + ############################################################################## + + Scenario Outline: delete space via the Graph API + Given the administrator has assigned the role "" to user "Brian" using the Graph API + And user "Alice" has sent the following space share invitation: + | space | Project Moon | + | sharee | Brian | + | shareType | user | + | permissionsRole | | + And user "Alice" has disabled a space "Project Moon" + When user "Brian" deletes a space "Project Moon" + Then the HTTP status code should be "" + Examples: + | user-role | space-role | code | + | Space Admin | Space Viewer | 204 | + | User | Manager | 404 | + | User | Space Editor | 404 | + | User Light | Space Viewer | 404 | + + + Scenario Outline: user cannot delete their own space without first disabling it + Given the administrator has assigned the role "" to user "Alice" using the Graph API + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "400" + And the user "Alice" should have a space called "Project Moon" + Examples: + | user-role | + | Admin | + | Space Admin | + | User | + | User Light | + + + Scenario: user can delete their own disabled space via the Graph API + Given user "Alice" has disabled a space "Project Moon" + When user "Alice" deletes a space "Project Moon" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + + + Scenario Outline: admin and space manager can delete other disabled Space + Given the administrator has assigned the role "" to user "Carol" using the Graph API + And user "Alice" has disabled a space "Project Moon" + When user "Carol" deletes a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "204" + And the user "Alice" should not have a space called "Project Moon" + And the user "Carol" should not have a space called "Project Moon" + Examples: + | user-role | + | Admin | + | Space Admin | diff --git a/tests/acceptance/features/apiSpaces/restoreSpaces.feature b/tests/acceptance/features/apiSpaces/restoreSpaces.feature deleted file mode 100644 index 8e4f627664..0000000000 --- a/tests/acceptance/features/apiSpaces/restoreSpaces.feature +++ /dev/null @@ -1,98 +0,0 @@ -Feature: Restoring space - As a manager of space - I want to be able to restore a disabled space - So that I can retrieve all the data belonging to the space - - Background: - Given these users have been created with default attributes: - | username | - | Alice | - | Brian | - | Bob | - And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API - And user "Alice" has created a space "restore a space" of type "project" with quota "10" - And using spaces DAV path - - - Scenario: owner can restore a space via the Graph API - Given user "Alice" has disabled a space "restore a space" - When user "Alice" restores a disabled space "restore a space" - Then the HTTP status code should be "200" - - - Scenario: participants can see the data after the space is restored - Given user "Alice" has created a folder "mainFolder" in space "restore a space" - And user "Alice" has uploaded a file inside space "restore a space" with content "example" to "test.txt" - And user "Alice" has sent the following space share invitation: - | space | restore a space | - | sharee | Brian | - | shareType | user | - | permissionsRole | Space Editor | - And user "Alice" has sent the following space share invitation: - | space | restore a space | - | sharee | Bob | - | shareType | user | - | permissionsRole | Space Viewer | - And user "Alice" has disabled a space "restore a space" - When user "Alice" restores a disabled space "restore a space" - Then for user "Alice" the space "restore a space" should contain these entries: - | test.txt | - | mainFolder | - And for user "Brian" the space "restore a space" should contain these entries: - | test.txt | - | mainFolder | - And for user "Bob" the space "restore a space" should contain these entries: - | test.txt | - | mainFolder | - - - Scenario: participant can create data in the space after restoring - Given user "Alice" has sent the following space share invitation: - | space | restore a space | - | sharee | Brian | - | shareType | user | - | permissionsRole | Space Editor | - And user "Alice" has disabled a space "restore a space" - And user "Alice" has restored a disabled space "restore a space" - When user "Brian" creates a folder "mainFolder" in space "restore a space" using the WebDav Api - And user "Brian" uploads a file inside space "restore a space" with content "test" to "test.txt" using the WebDAV API - Then for user "Brian" the space "restore a space" should contain these entries: - | test.txt | - | mainFolder | - - - Scenario Outline: user without space manager role cannot restore space - Given user "Alice" has sent the following space share invitation: - | space | restore a space | - | sharee | Brian | - | shareType | user | - | permissionsRole | | - And user "Alice" has disabled a space "restore a space" - When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice" - Then the HTTP status code should be "404" - Examples: - | space-role | - | Space Viewer | - | Space Editor | - - - Scenario Outline: user with role user and user light cannot restore space - Given the administrator has assigned the role "" to user "Brian" using the Graph API - And user "Alice" has disabled a space "restore a space" - When user "Brian" tries to restore a disabled space "restore a space" owned by user "Alice" - Then the HTTP status code should be "404" - Examples: - | user-role | - | User | - | User Light | - - @issue-5872 - Scenario Outline: admin and space admin can restore other space - Given the administrator has assigned the role "" to user "Brian" using the Graph API - And user "Alice" has disabled a space "restore a space" - When user "Brian" restores a disabled space "restore a space" owned by user "Alice" - Then the HTTP status code should be "200" - Examples: - | user-role | - | Admin | - | Space Admin | From 787ed79f36c5467135d4ad5215be80a9c996ebe9 Mon Sep 17 00:00:00 2001 From: "v.scharf" Date: Thu, 18 Jun 2026 15:15:06 +0200 Subject: [PATCH 2/3] change test expectation --- .../disableEnableDeleteSpaces.feature | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature b/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature index fc4cb979e9..a8f24386b4 100644 --- a/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature +++ b/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature @@ -5,10 +5,10 @@ Feature: Disabling, restoring and deleting space and so that data is protected from accidental deletion by a mandatory disable step first. | action | space admin (system role) | space manager (space role) | space viewer/editor (space role) | - | disable space | allowed | allowed | denied | - | list disabled space (/me/drives) | denied | allowed | denied | - | enable space | allowed | allowed | denied | - | delete space | allowed | denied | denied | + | disable space | allowed (204) | allowed (204) | denied (403) | + | list disabled space (/me/drives) | yes | yes | no | + | enable space | allowed (200) | allowed (200) | denied (404) should be 403? | + | delete space | allowed (204) | denied (403) | denied (404) should be 403? | Background: Given these users have been created with default attributes: @@ -36,8 +36,8 @@ Feature: Disabling, restoring and deleting space | user-role | space-role | code | shouldOrNot | | Space Admin | Space Viewer | 204 | should not | | User | Manager | 204 | should | - | User | Space Editor | 404 | should | - | User Light | Space Viewer | 404 | should | + | User | Space Editor | 403 | should | + | User Light | Space Viewer | 403 | should | Scenario: user can disable their own space via the Graph API @@ -201,7 +201,7 @@ Feature: Disabling, restoring and deleting space Examples: | user-role | space-role | code | | Space Admin | Space Viewer | 204 | - | User | Manager | 404 | + | User | Manager | 403 | | User | Space Editor | 404 | | User Light | Space Viewer | 404 | @@ -237,3 +237,14 @@ Feature: Disabling, restoring and deleting space | user-role | | Admin | | Space Admin | + + + Scenario Outline: user cannot delete other disabled Space + Given the administrator has assigned the role "" to user "Carol" using the Graph API + And user "Alice" has disabled a space "Project Moon" + When user "Carol" deletes a space "Project Moon" owned by user "Alice" + Then the HTTP status code should be "403" + Examples: + | user-role | + | User | + | User Light | From f0b793d2d612e52bbc145191f3fa999ef3edb7f1 Mon Sep 17 00:00:00 2001 From: "v.scharf" Date: Thu, 18 Jun 2026 17:30:21 +0200 Subject: [PATCH 3/3] adapted tests --- .../disableEnableDeleteSpaces.feature | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature b/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature index a8f24386b4..f6b952f46f 100644 --- a/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature +++ b/tests/acceptance/features/apiSpaces/disableEnableDeleteSpaces.feature @@ -7,8 +7,8 @@ Feature: Disabling, restoring and deleting space | action | space admin (system role) | space manager (space role) | space viewer/editor (space role) | | disable space | allowed (204) | allowed (204) | denied (403) | | list disabled space (/me/drives) | yes | yes | no | - | enable space | allowed (200) | allowed (200) | denied (404) should be 403? | - | delete space | allowed (204) | denied (403) | denied (404) should be 403? | + | enable space | allowed (200) | allowed (200) | denied (404) | + | delete space | allowed (204) | denied (403) | denied (404) | Background: Given these users have been created with default attributes: @@ -209,14 +209,14 @@ Feature: Disabling, restoring and deleting space Scenario Outline: user cannot delete their own space without first disabling it Given the administrator has assigned the role "" to user "Alice" using the Graph API When user "Alice" deletes a space "Project Moon" - Then the HTTP status code should be "400" + Then the HTTP status code should be "" And the user "Alice" should have a space called "Project Moon" Examples: - | user-role | - | Admin | - | Space Admin | - | User | - | User Light | + | user-role | code | + | Admin | 400 | + | Space Admin | 400 | + | User | 403 | + | User Light | 403 | Scenario: user can delete their own disabled space via the Graph API @@ -243,7 +243,7 @@ Feature: Disabling, restoring and deleting space Given the administrator has assigned the role "" to user "Carol" using the Graph API And user "Alice" has disabled a space "Project Moon" When user "Carol" deletes a space "Project Moon" owned by user "Alice" - Then the HTTP status code should be "403" + Then the HTTP status code should be "404" Examples: | user-role | | User |