Add graph api tests for assign role

owncloud · Feb 17, 2023 · 278e1d5 · 278e1d5
1 parent 3e3d3f9
commit 278e1d5
Show file tree

Hide file tree

Showing 4 changed files with 196 additions and 1 deletion.
diff --git a/tests/TestHelpers/GraphHelper.php b/tests/TestHelpers/GraphHelper.php
@@ -1073,4 +1073,67 @@ public static function getUsersOfTwoGroups(
 			self::getRequestHeaders()
 		);
 	}
+
+	/**
+	 * @param string $baseUrl
+	 * @param string $xRequestId
+	 * @param string $user
+	 * @param string $password
+	 * @param string $appRoleId
+	 * @param string $applicationId
+	 * @param string $userId
+	 *
+	 * @return ResponseInterface
+	 * @throws GuzzleException
+	 */
+	public static function assignRole(
+		string $baseUrl,
+		string $xRequestId,
+		string $user,
+		string $password,
+		string $appRoleId,
+		string $applicationId,
+		string $userId
+	): ResponseInterface {
+		$url = self::getFullUrl($baseUrl, 'users/' . $userId . '/appRoleAssignments');
+		$payload['principalId'] = $userId;
+		$payload['appRoleId'] = $appRoleId;
+		$payload['resourceId'] = $applicationId;
+		return HttpRequestHelper::sendRequest(
+			$url,
+			$xRequestId,
+			"POST",
+			$user,
+			$password,
+			self::getRequestHeaders(),
+			\json_encode($payload)
+		);
+	}
+
+	/**
+	 * @param string $baseUrl
+	 * @param string $xRequestId
+	 * @param string $user
+	 * @param string $password
+	 * @param string $userId
+	 *
+	 * @return ResponseInterface
+	 * @throws GuzzleException
+	 */
+	public static function getAssignedRole(
+		string $baseUrl,
+		string $xRequestId,
+		string $user,
+		string $password,
+		string $userId
+	): ResponseInterface {
+		$url = self::getFullUrl($baseUrl, 'users/' . $userId . '/appRoleAssignments');
+		return HttpRequestHelper::get(
+			$url,
+			$xRequestId,
+			$user,
+			$password,
+			self::getRequestHeaders()
+		);
+	}
 }
diff --git a/tests/acceptance/features/apiGraph/assignRole.feature b/tests/acceptance/features/apiGraph/assignRole.feature
@@ -0,0 +1,33 @@
+@api
+Feature: assign role
+  As an admin, I want to assign roles to users.
+  I cannot change my own role.
+  Users without an admin role cannot get the list of roles, assignments list and assign roles to users
+
+
+  Scenario Outline: assign role to the user using graph api
+    Given user "Alice" has been created with default attributes and without skeleton files
+    And the administrator has given "Alice" the role "<userRole>" using the Graph API
+    When the administrator retrieves "Alice" assigned role using the Graph API
+    Then the HTTP status code should be "200"
+    And the Graph API response should have the role "<userRole>"
+    Examples:
+      | userRole    |
+      | Admin       |
+      | Space Admin |
+      | User        |
+      | Guest       |
+
+
+  Scenario Outline: assign role to the user with setting api and list role with graph api
+    Given user "Alice" has been created with default attributes and without skeleton files
+    And the administrator has given "Alice" the role "<userRole>" using the Graph API
+    When user "Alice" tries to get list of assignment
+    Then the HTTP status code should be "201"
+    And the setting API response should have the role "<userRole>"
+    Examples:
+      | userRole    |
+      | Admin       |
+      | Space Admin |
+      | User        |
+      | Guest       |
diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php
@@ -28,6 +28,13 @@ class GraphContext implements Context {
 	 */
 	private FeatureContext $featureContext;
 
+	/**
+	 * list of appRole
+	 *
+	 * @var array
+	 */
+	private $appRole = [];
+
 	/**
 	 * This will run before EVERY scenario.
 	 * It will set the properties for this object.
@@ -1563,4 +1570,80 @@ public function userGetsAllUsersOfTwoGroupsUsingTheGraphApi(string $user, string
 		);
 		$this->featureContext->setResponse($response);
 	}
+
+	/**
+	 * @When /^the administrator has given "([^"]*)" the role "([^"]*)" using the Graph API$/
+	 *
+	 * @param string $user
+	 * @param string $role
+	 *
+	 * @return void
+	 *
+	 * @throws GuzzleException
+	 * @throws Exception
+	 */
+	public function theAdministratorHasGivenTheRoleUsingTheGraphApi(string $user, string $role): void {
+		$admin = $this->featureContext->getAdminUserName();
+		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id');
+		$userId = $userId ?? $user;
+		$this->userGetsAllApplicationsUsingTheGraphApi($user);
+
+		$applicationEntity = ($this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse()))['value'][0];
+		foreach ($applicationEntity["appRoles"] as $value) {
+			$this->appRole[$value['displayName']] = $value['id'];
+		}
+
+		$response = $this->featureContext->getJsonDecodedResponse(
+			GraphHelper::assignRole(
+				$this->featureContext->getBaseUrl(),
+				$this->featureContext->getStepLineRef(),
+				$admin,
+				$this->featureContext->getPasswordForUser($admin),
+				$this->appRole[$role],
+				$applicationEntity["id"],
+				$userId
+			)
+		);
+		if (!\array_key_exists('appRoleId', $response) && $response['appRoleId'] !== $this->appRole[$role]) {
+			throw new Error('Could not assign role' . $role);
+		}
+	}
+
+	/**
+	 * @When /^the administrator retrieves "([^"]*)" assigned role using the Graph API$/
+	 *
+	 * @param string $user
+	 *
+	 * @return void
+	 * @throws GuzzleException
+	 */
+	public function userRetrievesAssignedRoleUsingTheGraphApi(string $user): void {
+		$admin = $this->featureContext->getAdminUserName();
+		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id');
+		$userId = $userId ?? $user;
+		$this->featureContext->setResponse(
+			GraphHelper::getAssignedRole(
+				$this->featureContext->getBaseUrl(),
+				$this->featureContext->getStepLineRef(),
+				$admin,
+				$this->featureContext->getPasswordForUser($admin),
+				$userId
+			)
+		);
+	}
+
+	/**
+	 * @Then /^the Graph API response should have the role "([^"]*)"$/
+	 *
+	 * @param string $role
+	 *
+	 * @return void
+	 * @throws Exception
+	 */
+	public function theGraphApiResponseShouldHaveTheRole(string $role): void {
+		$response = $this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse())['value'][0];
+		if ($this->appRole[$role] !== $response['appRoleId']) {
+			throw new Error('App role should be' . $role . ' but found ' . $response['appRoleId']);
+		}
+	}
 }
diff --git a/tests/acceptance/features/bootstrap/RoleAssignmentContext.php b/tests/acceptance/features/bootstrap/RoleAssignmentContext.php
@@ -239,7 +239,7 @@ public function userGetAssignmentsList(string $user): void {
 	}
 
 	/**
-	 * @When /^user "([^"]*)" should have the role "([^"]*)"$/
+	 * @Then /^user "([^"]*)" should have the role "([^"]*)"$/
 	 *
 	 * @param string $user
 	 * @param string $role
@@ -256,4 +256,20 @@ public function userShouldHaveRole(string $user, string $role): void {
 		$assignmentRoleId = \json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR)["assignments"][0]["roleId"];
 		Assert::assertEquals($this->userGetRoleIdByRoleName($this->featureContext->getAdminUserName(), $role), $assignmentRoleId, "user $user has no role $role");
 	}
+
+	/**
+	 * @Then /^the setting API response should have the role "([^"]*)"$/
+	 *
+	 * @param string $role
+	 *
+	 * @return void
+	 *
+	 * @throws GuzzleException
+	 * @throws JsonException
+	 */
+	public function theSettingApiResponseShouldHaveTheRole(string $role): void {
+		$rawBody =  $this->featureContext->getResponse()->getBody()->getContents();
+		$assignmentRoleId = \json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR)["assignments"][0]["roleId"];
+		Assert::assertEquals($this->userGetRoleIdByRoleName($this->featureContext->getAdminUserName(), $role), $assignmentRoleId, "user has no role $role");
+	}
 }