diff --git a/lib/Middleware/PermissionMiddleware.php b/lib/Middleware/PermissionMiddleware.php index 49b239936..49005e15e 100644 --- a/lib/Middleware/PermissionMiddleware.php +++ b/lib/Middleware/PermissionMiddleware.php @@ -3,8 +3,10 @@ namespace OCA\Tables\Middleware; use OCA\Tables\Errors\InternalError; +use OCA\Tables\Errors\NotFoundError; use OCA\Tables\Errors\PermissionError; use OCA\Tables\Service\PermissionsService; +use OCP\AppFramework\Http; use OCP\AppFramework\Middleware; use OCP\AppFramework\Utility\IControllerMethodReflector; use OCP\IRequest; @@ -87,4 +89,14 @@ protected function assertCanManageContext(): void { } } } + + public function afterException($controller, $methodName, \Exception $exception) { + if ($exception instanceof PermissionError) { + return new Http\DataResponse(['message' => $exception->getMessage()], Http::STATUS_FORBIDDEN); + } + if ($exception instanceof NotFoundError) { + return new Http\DataResponse(['message' => $exception->getMessage()], Http::STATUS_NOT_FOUND); + } + throw $exception; + } } diff --git a/tests/integration/features/APIv2.feature b/tests/integration/features/APIv2.feature index 89d2f117a..854bb2d15 100644 --- a/tests/integration/features/APIv2.feature +++ b/tests/integration/features/APIv2.feature @@ -206,3 +206,41 @@ Feature: APIv2 | t1 | table | read,created,update | When user "participant1-v2" attempts to fetch Context "NON-EXISTENT" Then the reported status is "404" + + @api2 @contexts + Scenario: Delete an owned context + Given table "Table 1 via api v2" with emoji "👋" exists for user "participant1-v2" as "t1" via v2 + And table "Table 2 via api v2" with emoji "📸" exists for user "participant1-v2" as "t2" via v2 + And user "participant1-v2" creates the Context "c1" with name "Enchanting Guitar" with icon "tennis" and description "Lorem ipsum dolor etc pp" and nodes: + | alias | type | permissions | + | t1 | table | read,created,update | + When user "participant1-v2" deletes Context "c1" + Then the reported status is "200" + When user "participant1-v2" attempts to fetch Context "c1" + Then the reported status is "404" + + @api2 @contexts + Scenario: Delete an inaccessible context + Given table "Table 1 via api v2" with emoji "👋" exists for user "participant1-v2" as "t1" via v2 + And table "Table 2 via api v2" with emoji "📸" exists for user "participant1-v2" as "t2" via v2 + And user "participant1-v2" creates the Context "c1" with name "Enchanting Guitar" with icon "tennis" and description "Lorem ipsum dolor etc pp" and nodes: + | alias | type | permissions | + | t1 | table | read,created,update | + When user "participant2-v2" attempts to delete Context "c1" + Then the reported status is "404" + When user "participant2-v2" attempts to fetch Context "c1" + Then the reported status is "404" + When user "participant1-v2" fetches Context "c1" + Then the reported status is "200" + + @api2 @contexts + Scenario: Delete an non-existing context + Given table "Table 1 via api v2" with emoji "👋" exists for user "participant1-v2" as "t1" via v2 + And table "Table 2 via api v2" with emoji "📸" exists for user "participant1-v2" as "t2" via v2 + And user "participant1-v2" creates the Context "c1" with name "Enchanting Guitar" with icon "tennis" and description "Lorem ipsum dolor etc pp" and nodes: + | alias | type | permissions | + | t1 | table | read,created,update | + When user "participant1-v2" attempts to delete Context "NON-EXISTENT" + Then the reported status is "404" + When user "participant1-v2" attempts to fetch Context "NON-EXISTENT" + Then the reported status is "404" diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php index 031c487ab..5a2f84766 100644 --- a/tests/integration/features/bootstrap/FeatureContext.php +++ b/tests/integration/features/bootstrap/FeatureContext.php @@ -1809,7 +1809,7 @@ public function createContext(string $user, string $alias, string $name, string $newContext = $this->getDataFromResponse($this->response)['ocs']['data']; $this->collectionManager->register($newContext, 'context', $newContext['id'], $alias, function () use ($newContext) { - $this->deleteContext($newContext['id'], $newContext['owner']); + $this->deleteContextWithFetchCheck($newContext['id'], $newContext['owner']); }); Assert::assertEquals($newContext['name'], $name); @@ -1968,11 +1968,15 @@ public function deleteContext(int $contextId, string $owner): void { ); Assert::assertEquals(200, $this->response->getStatusCode()); - $deletedContext = $this->getDataFromResponse($this->response)['ocs']['data']; + } + + public function deleteContextWithFetchCheck(int $contextId, string $owner): void { + $this->deleteContext($contextId, $owner); + $this->setCurrentUser($owner); $this->sendOcsRequest( 'GET', - sprintf('/apps/tables/api/2/contexts/%d', $deletedContext['id']), + sprintf('/apps/tables/api/2/contexts/%d', $contextId), ); Assert::assertEquals(404, $this->response->getStatusCode()); } @@ -2028,4 +2032,34 @@ public function theReportedStatusIs(int $statusCode): void { Assert::assertEquals($statusCode, $this->response->getStatusCode()); } + /** + * @When user :user deletes Context :contextAlias + */ + public function userDeletesContext(string $user, string $contextAlias): void { + $context = $this->collectionManager->getByAlias('context', $contextAlias); + $this->deleteContext($context['id'], $user); + // keep the alias and id mapping, but reset the cleanup method + $this->collectionManager->update($context, 'context', $context['id'], fn () => null); + } + + /** + * @When user :user attempts to delete Context :contextAlias + */ + public function userAttemptsToDeleteContext(string $user, string $contextAlias): void { + if ($contextAlias === self::NON_EXISTING_CONTEXT_ALIAS) { + $context = ['id' => self::NON_EXISTING_CONTEXT_ID]; + } else { + $context = $this->collectionManager->getByAlias('context', $contextAlias); + } + + $exceptionCaught = false; + try { + $this->deleteContext($context['id'], $user); + } catch (ExpectationFailedException $e) { + $exceptionCaught = true; + } + + Assert::assertTrue($exceptionCaught); + } + }