Merge pull request #1073 from nextcloud/backport/1042/stable0.7

[stable0.7] ci(integration): tests against context deletion

lib/Middleware/PermissionMiddleware.php

@@ -3,8 +3,10 @@
 namespace OCA\Tables\Middleware;
 
 use OCA\Tables\Errors\InternalError;
+use OCA\Tables\Errors\NotFoundError;
 use OCA\Tables\Errors\PermissionError;
 use OCA\Tables\Service\PermissionsService;
+use OCP\AppFramework\Http;
 use OCP\AppFramework\Middleware;
 use OCP\AppFramework\Utility\IControllerMethodReflector;
 use OCP\IRequest;
@@ -87,4 +89,14 @@ protected function assertCanManageContext(): void {
 			}
 		}
 	}
+
+	public function afterException($controller, $methodName, \Exception $exception) {
+		if ($exception instanceof PermissionError) {
+			return new Http\DataResponse(['message' => $exception->getMessage()], Http::STATUS_FORBIDDEN);
+		}
+		if ($exception instanceof NotFoundError) {
+			return new Http\DataResponse(['message' => $exception->getMessage()], Http::STATUS_NOT_FOUND);
+		}
+		throw $exception;
+	}
 }

tests/integration/features/APIv2.feature

@@ -206,3 +206,41 @@ Feature: APIv2
       | t1    | table | read,created,update |
     When user "participant1-v2" attempts to fetch Context "NON-EXISTENT"
     Then the reported status is "404"
+
+  @api2 @contexts
+  Scenario: Delete an owned context
+    Given table "Table 1 via api v2" with emoji "👋" exists for user "participant1-v2" as "t1" via v2
+    And table "Table 2 via api v2" with emoji "📸" exists for user "participant1-v2" as "t2" via v2
+    And user "participant1-v2" creates the Context "c1" with name "Enchanting Guitar" with icon "tennis" and description "Lorem ipsum dolor etc pp" and nodes:
+      | alias | type  | permissions         |
+      | t1    | table | read,created,update |
+    When user "participant1-v2" deletes Context "c1"
+    Then the reported status is "200"
+    When user "participant1-v2" attempts to fetch Context "c1"
+    Then the reported status is "404"
+
+  @api2 @contexts
+  Scenario: Delete an inaccessible context
+    Given table "Table 1 via api v2" with emoji "👋" exists for user "participant1-v2" as "t1" via v2
+    And table "Table 2 via api v2" with emoji "📸" exists for user "participant1-v2" as "t2" via v2
+    And user "participant1-v2" creates the Context "c1" with name "Enchanting Guitar" with icon "tennis" and description "Lorem ipsum dolor etc pp" and nodes:
+      | alias | type  | permissions         |
+      | t1    | table | read,created,update |
+    When user "participant2-v2" attempts to delete Context "c1"
+    Then the reported status is "404"
+    When user "participant2-v2" attempts to fetch Context "c1"
+    Then the reported status is "404"
+    When user "participant1-v2" fetches Context "c1"
+    Then the reported status is "200"
+
+  @api2 @contexts
+  Scenario: Delete an non-existing context
+    Given table "Table 1 via api v2" with emoji "👋" exists for user "participant1-v2" as "t1" via v2
+    And table "Table 2 via api v2" with emoji "📸" exists for user "participant1-v2" as "t2" via v2
+    And user "participant1-v2" creates the Context "c1" with name "Enchanting Guitar" with icon "tennis" and description "Lorem ipsum dolor etc pp" and nodes:
+      | alias | type  | permissions         |
+      | t1    | table | read,created,update |
+    When user "participant1-v2" attempts to delete Context "NON-EXISTENT"
+    Then the reported status is "404"
+    When user "participant1-v2" attempts to fetch Context "NON-EXISTENT"
+    Then the reported status is "404"

tests/integration/features/bootstrap/FeatureContext.php

@@ -1809,7 +1809,7 @@ public function createContext(string $user, string $alias, string $name, string
 		$newContext = $this->getDataFromResponse($this->response)['ocs']['data'];
 
 		$this->collectionManager->register($newContext, 'context', $newContext['id'], $alias, function () use ($newContext) {
-			$this->deleteContext($newContext['id'], $newContext['owner']);
+			$this->deleteContextWithFetchCheck($newContext['id'], $newContext['owner']);
 		});
 
 		Assert::assertEquals($newContext['name'], $name);
@@ -1968,11 +1968,15 @@ public function deleteContext(int $contextId, string $owner): void {
 		);
 
 		Assert::assertEquals(200, $this->response->getStatusCode());
-		$deletedContext = $this->getDataFromResponse($this->response)['ocs']['data'];
+	}
+
+	public function deleteContextWithFetchCheck(int $contextId, string $owner): void {
+		$this->deleteContext($contextId, $owner);
 
+		$this->setCurrentUser($owner);
 		$this->sendOcsRequest(
 			'GET',
-			sprintf('/apps/tables/api/2/contexts/%d', $deletedContext['id']),
+			sprintf('/apps/tables/api/2/contexts/%d', $contextId),
 		);
 		Assert::assertEquals(404, $this->response->getStatusCode());
 	}
@@ -2028,4 +2032,34 @@ public function theReportedStatusIs(int $statusCode): void {
 		Assert::assertEquals($statusCode, $this->response->getStatusCode());
 	}
 
+	/**
+	 * @When user :user deletes Context :contextAlias
+	 */
+	public function userDeletesContext(string $user, string $contextAlias): void {
+		$context = $this->collectionManager->getByAlias('context', $contextAlias);
+		$this->deleteContext($context['id'], $user);
+		// keep the alias and id mapping, but reset the cleanup method
+		$this->collectionManager->update($context, 'context', $context['id'], fn () => null);
+	}
+
+	/**
+	 * @When user :user attempts to delete Context :contextAlias
+	 */
+	public function userAttemptsToDeleteContext(string $user, string $contextAlias): void {
+		if ($contextAlias === self::NON_EXISTING_CONTEXT_ALIAS) {
+			$context = ['id' => self::NON_EXISTING_CONTEXT_ID];
+		} else {
+			$context = $this->collectionManager->getByAlias('context', $contextAlias);
+		}
+
+		$exceptionCaught = false;
+		try {
+			$this->deleteContext($context['id'], $user);
+		} catch (ExpectationFailedException $e) {
+			$exceptionCaught = true;
+		}
+
+		Assert::assertTrue($exceptionCaught);
+	}
+
 }