@skipOnReva @issue-1276 @issue-1269 Feature: changing a public link share As a user I want to set the permissions of a public link share So that people who have the public link only have the designated authorization Background: Given these users have been created with default attributes: | username | | Alice | And user "Alice" has created folder "PARENT" And user "Alice" has uploaded file "filesForUpload/textfile.txt" to "PARENT/parent.txt" @issue-10331 Scenario Outline: public can or cannot delete file through publicly shared link depending on having delete permissions using the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | | | password | %public% | When the public deletes file "parent.txt" from the last link share with password "%public%" using the public WebDAV API Then the HTTP status code should be "" And as "Alice" file "PARENT/parent.txt" exist Examples: | permissions-role | http-status-code | should-or-not | | view | 403 | should | | upload | 403 | should | | createOnly | 403 | should | | edit | 204 | should not | @issue-10331 Scenario: public link share permissions work correctly for renaming and share permissions edit using the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "%public%" and the public WebDAV API Then the HTTP status code should be "201" And as "Alice" file "/PARENT/parent.txt" should not exist And as "Alice" file "/PARENT/newparent.txt" should exist @issue-10331 Scenario: public link share permissions work correctly for upload with share permissions edit with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public uploads file "lorem.txt" with password "%public%" and content "test" using the public WebDAV API Then the HTTP status code should be "201" And the content of file "PARENT/lorem.txt" for user "Alice" should be "test" Scenario: public cannot delete file through publicly shared link with password using an invalid password with public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public deletes file "parent.txt" from the last link share with password "invalid" using the public WebDAV API Then the HTTP status code should be "401" And as "Alice" file "PARENT/parent.txt" should exist @issue-10331 Scenario: public can delete file through publicly shared link with password using the valid password with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public deletes file "parent.txt" from the last link share with password "%public%" using the public WebDAV API Then the HTTP status code should be "204" And as "Alice" file "PARENT/parent.txt" should not exist Scenario: public tries to rename a file in a password protected share using an invalid password with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "invalid" and the public WebDAV API Then the HTTP status code should be "401" And as "Alice" file "/PARENT/newparent.txt" should not exist And as "Alice" file "/PARENT/parent.txt" should exist @issue-10331 Scenario: public tries to rename a file in a password protected share using the valid password with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "%public%" and the public WebDAV API Then the HTTP status code should be "201" And as "Alice" file "/PARENT/newparent.txt" should exist And as "Alice" file "/PARENT/parent.txt" should not exist Scenario: public tries to upload to a password protected public share using an invalid password with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public uploads file "lorem.txt" with password "invalid" and content "test" using the public WebDAV API Then the HTTP status code should be "401" And as "Alice" file "/PARENT/lorem.txt" should not exist @issue-10331 Scenario: public tries to upload to a password protected public share using the valid password with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When the public uploads file "lorem.txt" with password "%public%" and content "test" using the public WebDAV API Then the HTTP status code should be "201" And as "Alice" file "/PARENT/lorem.txt" should exist @issue-10331 Scenario: public cannot rename a file in upload-write-only public link share with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | createOnly | | password | %public% | When the public renames file "parent.txt" to "newparent.txt" from the last public link share using the password "%public%" and the public WebDAV API Then the HTTP status code should be "403" And as "Alice" file "/PARENT/parent.txt" should exist And as "Alice" file "/PARENT/newparent.txt" should not exist @issue-10331 Scenario: public cannot delete a file in upload-write-only public link share with the public WebDAV API Given using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | createOnly | | password | %public% | When the public deletes file "parent.txt" from the last link share with password "%public%" using the public WebDAV API Then the HTTP status code should be "403" And as "Alice" file "PARENT/parent.txt" should exist Scenario Outline: normal user tries to remove password of a public link share (change/create permission) Given using OCS API version "" And using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | | | password | %public% | When user "Alice" updates the last public link share using the sharing API with | path | /PARENT | | permissions | | | password | | Then the HTTP status code should be "" And the OCS status code should be "400" And the OCS status message should be "missing required password" Examples: | ocs-api-version | permissions | permissions-role | http-status-code | | 1 | change | edit | 200 | | 2 | change | edit | 400 | | 1 | create | createOnly | 200 | | 2 | create | createOnly | 400 | @issue-7821 Scenario Outline: normal user tries to remove password of a public link (update without sending permissions) Given using OCS API version "" And using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | edit | | password | %public% | When user "Alice" updates the last public link share using the sharing API with | path | /PARENT | | password | | Then the HTTP status code should be "" And the OCS status code should be "104" And the OCS status message should be "user is not allowed to delete the password from the public link" Examples: | ocs-api-version | http-status-code | | 1 | 200 | | 2 | 403 | @issue-9724 @issue-10331 Scenario Outline: administrator removes password of a read-only public link Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API And using OCS API version "" And admin has created folder "/PARENT" And user "Alice" has uploaded file "filesForUpload/textfile.txt" to "PARENT/parent.txt" And using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | view | | password | %public% | When user "Alice" updates the last public link share using the sharing API with | path | /PARENT | | permissions | read | | password | | Then the HTTP status code should be "200" And the OCS status code should be "" And the public should be able to download file "/parent.txt" from inside the last public link shared folder using the public WebDAV API with password "" Examples: | ocs-api-version | ocs-status-code | | 1 | 100 | | 2 | 200 | Scenario Outline: administrator tries to remove password of a public link share (change/create permission) Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API And using OCS API version "" And admin has created folder "/PARENT" And using SharingNG And user "Alice" has created the following resource link share: | resource | PARENT | | space | Personal | | permissionsRole | | | password | %public% | When user "Alice" updates the last public link share using the sharing API with | path | /PARENT | | permissions | | | password | | Then the HTTP status code should be "" And the OCS status code should be "400" And the OCS status message should be "missing required password" Examples: | ocs-api-version | permissions | permissions-role | http-status-code | | 1 | change | edit | 200 | | 2 | change | edit | 400 | | 1 | create | createOnly | 200 | | 2 | create | createOnly | 400 | @issue-web-10473 Scenario: user tries to download public link file using own basic auth Given user "Alice" has created folder "FOLDER" And user "Alice" has uploaded file "filesForUpload/textfile.txt" to "FOLDER/textfile.txt" And using SharingNG And user "Alice" has created the following resource link share: | resource | FOLDER | | space | Personal | | permissionsRole | edit | | password | %public% | When user "Alice" tries to download file "textfile.txt" from the last public link using own basic auth and public WebDAV API Then the HTTP status code should be "401"