RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212
							# SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
Feature: sharing
  Background:
    Given using api version "1"
    Given using old dav path

# See sharing-v1.feature

  Scenario: getting all shares of a file with reshares
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "textfile0 (2).txt" of user "user1" is shared with user "user2"
    And As an "user0"
    When sending "GET" to "/apps/files_sharing/api/v1/shares?reshares=true&path=textfile0.txt"
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And User "user1" should be included in the response
    And User "user2" should be included in the response
    And User "user3" should not be included in the response

  Scenario: getting all shares of a file with a received share after revoking the resharing rights
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "textfile0.txt" of user "user1" is shared with user "user0"
    And user "user0" accepts last share
    And Updating last share with
      | permissions | 1 |
    And file "textfile0.txt" of user "user1" is shared with user "user2"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?reshares=true&path=/textfile0 (2).txt"
    Then the list of returned shares has 1 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user1 |
      | displayname_owner      | user1 |
      | path                   | /textfile0 (2).txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | shared::/textfile0 (2).txt |
      | file_target            | /textfile0.txt |
      | share_with             | user2 |
      | share_with_displayname | user2 |

  Scenario: getting all shares of a file with a received share also reshared after revoking the resharing rights
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And file "textfile0.txt" of user "user1" is shared with user "user0"
    And user "user0" accepts last share
    And save the last share data as "textfile0.txt from user1"
    And file "textfile0 (2).txt" of user "user0" is shared with user "user3"
    And restore the last share data from "textfile0.txt from user1"
    And Updating last share with
      | permissions | 1 |
    And file "textfile0.txt" of user "user1" is shared with user "user2"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?reshares=true&path=/textfile0 (2).txt"
    Then the list of returned shares has 2 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user0 |
      | displayname_owner      | user0 |
      | uid_file_owner         | user1 |
      | displayname_file_owner | user1 |
      | path                   | /textfile0 (2).txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | shared::/textfile0 (2).txt |
      | file_target            | /textfile0 (2).txt |
      | share_with             | user3 |
      | share_with_displayname | user3 |
    And share 1 is returned with
      | share_type             | 0 |
      | uid_owner              | user1 |
      | displayname_owner      | user1 |
      | path                   | /textfile0 (2).txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | shared::/textfile0 (2).txt |
      | file_target            | /textfile0.txt |
      | share_with             | user2 |
      | share_with_displayname | user2 |

  Scenario: Reshared files can be still accessed if a user in the middle removes it.
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "textfile0 (2).txt" of user "user1" is shared with user "user2"
    And user "user2" accepts last share
    And file "textfile0 (2).txt" of user "user2" is shared with user "user3"
    And user "user3" accepts last share
    And As an "user1"
    When User "user1" deletes file "/textfile0 (2).txt"
    And As an "user3"
    And Downloading file "/textfile0 (2).txt" with range "bytes=1-8"
    Then Downloaded content should be "extcloud"

  Scenario: getting share info of a share
    Given user "user0" exists
    And user "user1" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And As an "user0"
    When Getting info of last share
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And Share fields of last share match with
      | id | A_NUMBER |
      | item_type | file |
      | item_source | A_NUMBER |
      | share_type | 0 |
      | share_with | user1 |
      | file_source | A_NUMBER |
      | file_target | /textfile0.txt |
      | path | /textfile0.txt |
      | permissions | 19 |
      | stime | A_NUMBER |
      | storage | A_NUMBER |
      | mail_send | 0 |
      | uid_owner | user0 |
      | storage_id | home::user0 |
      | file_parent | A_NUMBER |
      | share_with_displayname | user1 |
      | displayname_owner | user0 |
      | mimetype          | text/plain |

  Scenario: getting share info of a group share
    Given user "user0" exists
    And user "user1" exists
    And group "group1" exists
    And user "user1" belongs to group "group1"
    And file "textfile0.txt" of user "user0" is shared with group "group1"
    And As an "user0"
    When Getting info of last share
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And Share fields of last share match with
      | id | A_NUMBER |
      | item_type | file |
      | item_source | A_NUMBER |
      | share_type | 1 |
      | share_with | group1 |
      | file_source | A_NUMBER |
      | file_target | /textfile0.txt |
      | path | /textfile0.txt |
      | permissions | 19 |
      | stime | A_NUMBER |
      | storage | A_NUMBER |
      | mail_send | 0 |
      | uid_owner | user0 |
      | storage_id | home::user0 |
      | file_parent | A_NUMBER |
      | share_with_displayname | group1 |
      | displayname_owner | user0 |
      | mimetype          | text/plain |
    And As an "user1"
    And accepting last share
    And Getting info of last share
    And the OCS status code should be "100"
    And the HTTP status code should be "200"
    And Share fields of last share match with
      | id | A_NUMBER |
      | item_type | file |
      | item_source | A_NUMBER |
      | share_type | 1 |
      | share_with | group1 |
      | file_source | A_NUMBER |
      | file_target | /textfile0 (2).txt |
      | path | /textfile0 (2).txt |
      | permissions | 19 |
      | stime | A_NUMBER |
      | storage | A_NUMBER |
      | mail_send | 0 |
      | uid_owner | user0 |
      | storage_id | shared::/textfile0 (2).txt |
      | file_parent | A_NUMBER |
      | share_with_displayname | group1 |
      | displayname_owner | user0 |
      | mimetype          | text/plain |

  Scenario: getting all shares including subfiles in a directory
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "PARENT/CHILD" of user "user0" is shared with user "user1"
    And file "PARENT/parent.txt" of user "user0" is shared with user "user2"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT"
    Then the list of returned shares has 2 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user0 |
      | displayname_owner      | user0 |
      | path                   | /PARENT/CHILD |
      | item_type              | folder |
      | mimetype               | httpd/unix-directory |
      | storage_id             | home::user0 |
      | file_target            | /CHILD |
      | share_with             | user1 |
      | share_with_displayname | user1 |
      | permissions            | 31 |
    And share 1 is returned with
      | share_type             | 0 |
      | uid_owner              | user0 |
      | displayname_owner      | user0 |
      | path                   | /PARENT/parent.txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | home::user0 |
      | file_target            | /parent.txt |
      | share_with             | user2 |
      | share_with_displayname | user2 |

  Scenario: getting all shares including subfiles in a directory with received shares
    Given user "user0" exists
    And user "user1" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "textfile0.txt" of user "user1" is shared with user "user0"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=/"
    Then the list of returned shares has 1 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user0 |
      | displayname_owner      | user0 |
      | path                   | /textfile0.txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | home::user0 |
      | file_target            | /textfile0 (2).txt |
      | share_with             | user1 |
      | share_with_displayname | user1 |

  Scenario: getting all shares including subfiles in a directory with shares in subdirectories
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "PARENT/CHILD" of user "user0" is shared with user "user1"
    And file "PARENT/CHILD/child.txt" of user "user0" is shared with user "user2"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT"
    Then the list of returned shares has 1 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user0 |
      | displayname_owner      | user0 |
      | path                   | /PARENT/CHILD |
      | item_type              | folder |
      | mimetype               | httpd/unix-directory |
      | storage_id             | home::user0 |
      | file_target            | /CHILD |
      | share_with             | user1 |
      | share_with_displayname | user1 |
      | permissions            | 31 |

  Scenario: getting all shares including subfiles in a shared directory with reshares
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And file "PARENT" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "PARENT (2)/CHILD" of user "user1" is shared with user "user2"
    And user "user2" accepts last share
    And file "CHILD" of user "user2" is shared with user "user3"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT"
    Then the list of returned shares has 2 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user1 |
      | displayname_owner      | user1 |
      | uid_file_owner         | user0 |
      | displayname_file_owner | user0 |
      | path                   | /PARENT/CHILD |
      | item_type              | folder |
      | mimetype               | httpd/unix-directory |
      | storage_id             | home::user0 |
      | file_target            | /CHILD |
      | share_with             | user2 |
      | share_with_displayname | user2 |
      | permissions            | 31 |
    And share 1 is returned with
      | share_type             | 0 |
      | uid_owner              | user2 |
      | displayname_owner      | user2 |
      | uid_file_owner         | user0 |
      | displayname_file_owner | user0 |
      | path                   | /PARENT/CHILD |
      | item_type              | folder |
      | mimetype               | httpd/unix-directory |
      | storage_id             | home::user0 |
      | file_target            | /CHILD |
      | share_with             | user3 |
      | share_with_displayname | user3 |
      | permissions            | 31 |

  Scenario: getting all shares including subfiles in a directory by a resharer
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And file "PARENT" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "PARENT (2)/CHILD" of user "user1" is shared with user "user2"
    And user "user2" accepts last share
    And file "CHILD" of user "user2" is shared with user "user3"
    When As an "user1"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT (2)"
    Then the list of returned shares has 2 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user1 |
      | displayname_owner      | user1 |
      | uid_file_owner         | user0 |
      | displayname_file_owner | user0 |
      | path                   | /PARENT (2)/CHILD |
      | item_type              | folder |
      | mimetype               | httpd/unix-directory |
      | storage_id             | shared::/PARENT (2) |
      | file_target            | /CHILD |
      | share_with             | user2 |
      | share_with_displayname | user2 |
      | permissions            | 31 |
    And share 1 is returned with
      | share_type             | 0 |
      | uid_owner              | user2 |
      | displayname_owner      | user2 |
      | uid_file_owner         | user0 |
      | displayname_file_owner | user0 |
      | path                   | /PARENT (2)/CHILD |
      | item_type              | folder |
      | mimetype               | httpd/unix-directory |
      | storage_id             | shared::/PARENT (2) |
      | file_target            | /CHILD |
      | share_with             | user3 |
      | share_with_displayname | user3 |
      | permissions            | 31 |

  Scenario: getting all shares including subfiles in a directory by a resharer after revoking the resharing rights
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And file "PARENT" of user "user0" is shared with user "user1"
    And save the last share data as "parent folder"
    And user "user1" accepts last share
    And file "PARENT (2)/CHILD" of user "user1" is shared with user "user2"
    And user "user2" accepts last share
    And file "CHILD" of user "user2" is shared with user "user3"
    And As an "user0"
    And restore the last share data from "parent folder"
    And Updating last share with
      | permissions | 1 |
    When As an "user1"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=PARENT (2)"
    Then the list of returned shares has 1 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user1 |
      | displayname_owner      | user1 |
      | uid_file_owner         | user0 |
      | displayname_file_owner | user0 |
      | path                   | /PARENT (2)/CHILD |
      | item_type              | folder |
      | mimetype               | httpd/unix-directory |
      | storage_id             | shared::/PARENT (2) |
      | file_target            | /CHILD |
      | share_with             | user2 |
      | share_with_displayname | user2 |
      | permissions            | 31 |

  Scenario: getting all shares including subfiles in a directory after moving a received share not reshareable also shared with another user
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "textfile0.txt" of user "user1" is shared with user "user0"
    And user "user0" accepts last share
    And Updating last share with
      | permissions | 1 |
    And file "textfile0.txt" of user "user1" is shared with user "user2"
    And User "user0" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0.txt"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=/FOLDER"
    Then the list of returned shares has 1 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user1 |
      | displayname_owner      | user1 |
      | path                   | /FOLDER/textfile0.txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | shared::/FOLDER/textfile0.txt |
      | file_target            | /textfile0.txt |
      | share_with             | user2 |
      | share_with_displayname | user2 |

  Scenario: getting all shares including subfiles in a directory after moving a share and a received share not reshareable also shared with another user
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "textfile0.txt" of user "user1" is shared with user "user0"
    And user "user0" accepts last share
    And Updating last share with
      | permissions | 1 |
    And file "textfile0.txt" of user "user1" is shared with user "user2"
    And User "user0" moved file "/textfile0.txt" to "/FOLDER/textfile0.txt"
    And User "user0" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0 (2).txt"
    When As an "user0"
    And sending "GET" to "/apps/files_sharing/api/v1/shares?subfiles=true&path=/FOLDER"
    Then the list of returned shares has 2 shares
    And share 0 is returned with
      | share_type             | 0 |
      | uid_owner              | user0 |
      | displayname_owner      | user0 |
      | path                   | /FOLDER/textfile0.txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | home::user0 |
      | file_target            | /textfile0 (2).txt |
      | share_with             | user1 |
      | share_with_displayname | user1 |
    And share 1 is returned with
      | share_type             | 0 |
      | uid_owner              | user1 |
      | displayname_owner      | user1 |
      | path                   | /FOLDER/textfile0 (2).txt |
      | item_type              | file |
      | mimetype               | text/plain |
      | storage_id             | shared::/FOLDER/textfile0 (2).txt |
      | file_target            | /textfile0.txt |
      | share_with             | user2 |
      | share_with_displayname | user2 |

  Scenario: keep group permissions in sync
    Given As an "admin"
    Given user "user0" exists
    And user "user1" exists
    And group "group1" exists
    And user "user1" belongs to group "group1"
    And file "textfile0.txt" of user "user0" is shared with group "group1"
    And user "user1" accepts last share
    And User "user1" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0.txt"
    And As an "user0"
    When Updating last share with
      | permissions | 1 |
    And Getting info of last share
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And Share fields of last share match with
      | id | A_NUMBER |
      | item_type | file |
      | item_source | A_NUMBER |
      | share_type | 1 |
      | file_source | A_NUMBER |
      | file_target | /textfile0.txt |
      | permissions | 1 |
      | stime | A_NUMBER |
      | storage | A_NUMBER |
      | mail_send | 0 |
      | uid_owner | user0 |
      | storage_id | home::user0 |
      | file_parent | A_NUMBER |
      | displayname_owner | user0 |
      | mimetype          | text/plain |
    And As an "user1"
    And Getting info of last share
    And the OCS status code should be "100"
    And the HTTP status code should be "200"
    And Share fields of last share match with
      | id | A_NUMBER |
      | item_type | file |
      | item_source | A_NUMBER |
      | share_type | 1 |
      | file_source | A_NUMBER |
      | file_target | /FOLDER/textfile0.txt |
      | permissions | 1 |
      | stime | A_NUMBER |
      | storage | A_NUMBER |
      | mail_send | 0 |
      | uid_owner | user0 |
      | storage_id | shared::/FOLDER/textfile0.txt |
      | file_parent | A_NUMBER |
      | displayname_owner | user0 |
      | mimetype          | text/plain |

  Scenario: Sharee can see the share
    Given user "user0" exists
    And user "user1" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And As an "user1"
    When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true"
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And last share_id is included in the answer

  Scenario: Sharee can see the filtered share
    Given user "user0" exists
    And user "user1" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And file "textfile1.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And As an "user1"
    When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true&path=textfile1 (2).txt"
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And last share_id is included in the answer

  Scenario: Sharee can't see the share that is filtered out
    Given user "user0" exists
    And user "user1" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "textfile1.txt" of user "user0" is shared with user "user1"
    And As an "user1"
    When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true&path=textfile0 (2).txt"
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And last share_id is not included in the answer

  Scenario: Sharee can see the group share
    Given As an "admin"
    And user "user0" exists
    And user "user1" exists
    And group "group0" exists
    And user "user1" belongs to group "group0"
    And file "textfile0.txt" of user "user0" is shared with group "group0"
    And As an "user1"
    When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true"
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And last share_id is included in the answer

  Scenario: User is not allowed to reshare file
  As an "admin"
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 8 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /textfile0 (2).txt |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 31 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: User is allowed to reshare file with more permissions if shares of same file to same user have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And group "group1" exists
    And user "user1" belongs to group "group1"
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 1 |
      | shareWith | group1 |
      | permissions | 15 |
    And As an "user1"
    And accepting last share
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 17 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /textfile0 (2).txt |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 19 |
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"

  Scenario: User is not allowed to reshare file with more permissions
  As an "admin"
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 16 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /textfile0 (2).txt |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 31 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: User is not allowed to reshare file with more permissions even if shares of same file to other users have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user3 |
      | permissions | 15 |
    And As an "user3"
    And accepting last share
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 17 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /textfile0 (2).txt |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 19 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: User is not allowed to reshare file with more permissions even if shares of other files from same user have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 15 |
    And As an "user1"
    And accepting last share
    And As an "user0"
    And creating a share with
      | path | /textfile1.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 17 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /textfile1 (2).txt |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 19 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: User is not allowed to reshare file with more permissions even if shares of other files from other users have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And As an "user3"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 15 |
    And As an "user1"
    And accepting last share
    And As an "user0"
    And creating a share with
      | path | /textfile1.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 17 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /textfile1 (2).txt |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 19 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: User is not allowed to reshare file with additional delete permissions
  As an "admin"
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And As an "user0"
    And creating a share with
      | path | /PARENT |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 16 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /PARENT (2) |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 25 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: User is not allowed to reshare file with additional delete permissions for files
  As an "admin"
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And As an "user0"
    And creating a share with
      | path | /textfile0.txt |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 16 |
    And As an "user1"
    And accepting last share
    When creating a share with
      | path | /textfile0 (2).txt |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 25 |
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    When Getting info of last share
    Then Share fields of last share match with
      | id | A_NUMBER |
      | item_type | file |
      | item_source | A_NUMBER |
      | share_type | 0 |
      | share_with | user2 |
      | file_source | A_NUMBER |
      | file_target | /textfile0 (2).txt |
      | path | /textfile0 (2).txt |
      | permissions | 17 |
      | stime | A_NUMBER |
      | storage | A_NUMBER |
      | mail_send | 0 |
      | uid_owner | user1 |
      | storage_id | shared::/textfile0 (2).txt |
      | file_parent | A_NUMBER |
      | share_with_displayname | user2 |
      | displayname_owner | user1 |
      | mimetype          | text/plain |

  Scenario: Get a share with a user which didn't received the share
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And As an "user2"
    When Getting info of last share
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: Get a share with a user with resharing rights
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "textfile0.txt" of user "user0" is shared with user "user2"
    And As an "user1"
    When Getting info of last share
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And Share fields of last share match with
      | id | A_NUMBER |
      | item_type | file |
      | item_source | A_NUMBER |
      | share_type | 0 |
      | share_with | user2 |
      | file_source | A_NUMBER |
      | file_target | /textfile0.txt |
      | path | /textfile0 (2).txt |
      | permissions | 19 |
      | stime | A_NUMBER |
      | storage | A_NUMBER |
      | mail_send | 0 |
      | uid_owner | user0 |
      | storage_id | shared::/textfile0 (2).txt |
      | file_parent | A_NUMBER |
      | share_with_displayname | user2 |
      | displayname_owner | user0 |
      | mimetype          | text/plain |

  Scenario: Share of folder and sub-folder to same user - core#20645
    Given As an "admin"
    And user "user0" exists
    And user "user1" exists
    And group "group0" exists
    And user "user1" belongs to group "group0"
    And file "/PARENT" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    When file "/PARENT/CHILD" of user "user0" is shared with group "group0"
    And user "user1" accepts last share
    Then user "user1" should see following elements
      | /FOLDER/ |
      | /PARENT/ |
      | /PARENT/CHILD/ |
      | /PARENT/parent.txt |
      | /PARENT/CHILD/child.txt |
      | /PARENT%20(2)/ |
      | /PARENT%20(2)/CHILD/ |
      | /PARENT%20(2)/parent.txt |
      | /PARENT%20(2)/CHILD/child.txt |
      | /CHILD/ |
      | /CHILD/child.txt |
    And the HTTP status code should be "200"

  Scenario: Share a file by multiple channels
    Given As an "admin"
    And user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And group "group0" exists
    And user "user1" belongs to group "group0"
    And user "user2" belongs to group "group0"
    And user "user0" created a folder "/common"
    And user "user0" created a folder "/common/sub"
    And file "common" of user "user0" is shared with group "group0"
    And user "user1" accepts last share
    And user "user2" accepts last share
    And file "textfile0.txt" of user "user1" is shared with user "user2"
    And user "user2" accepts last share
    And User "user1" moved file "/textfile0.txt" to "/common/textfile0.txt"
    And User "user1" moved file "/common/textfile0.txt" to "/common/sub/textfile0.txt"
    And As an "user2"
    When Downloading file "/common/sub/textfile0.txt" with range "bytes=10-18"
    Then Downloaded content should be "test text"
    And Downloaded content when downloading file "/textfile0.txt" with range "bytes=10-18" should be "test text"
    And user "user2" should see following elements
      | /common/sub/textfile0.txt |

  Scenario: Share a file by multiple channels
    Given As an "admin"
    And user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And group "group0" exists
    And user "user1" belongs to group "group0"
    And user "user2" belongs to group "group0"
    And user "user0" created a folder "/common"
    And user "user0" created a folder "/common/sub"
    And file "common" of user "user0" is shared with group "group0"
    And user "user1" accepts last share
    And user "user2" accepts last share
    And file "textfile0.txt" of user "user1" is shared with user "user2"
    And user "user2" accepts last share
    And User "user1" moved file "/textfile0.txt" to "/common/textfile0.txt"
    And User "user1" moved file "/common/textfile0.txt" to "/common/sub/textfile0.txt"
    And As an "user2"
    When Downloading file "/textfile0 (2).txt" with range "bytes=10-18"
    Then Downloaded content should be "test text"
    And user "user2" should see following elements
      | /common/sub/textfile0.txt |

  Scenario: Delete all group shares
    Given As an "admin"
    And user "user0" exists
    And user "user1" exists
    And group "group1" exists
    And user "user1" belongs to group "group1"
    And file "textfile0.txt" of user "user0" is shared with group "group1"
    And user "user1" accepts last share
    And User "user1" moved file "/textfile0 (2).txt" to "/FOLDER/textfile0.txt"
    And As an "user0"
    And Deleting last share
    And As an "user1"
    When sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true"
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"
    And last share_id is not included in the answer

  Scenario: delete a share
    Given user "user0" exists
    And user "user1" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And As an "user0"
    When Deleting last share
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"

  Scenario: delete a share with a user that didn't receive the share
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And As an "user2"
    When Deleting last share
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: delete a share with a user with resharing rights that didn't receive the share
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And file "textfile0.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "textfile0.txt" of user "user0" is shared with user "user2"
    And As an "user1"
    When Deleting last share
    Then the OCS status code should be "403"
    And the HTTP status code should be "200"

  Scenario: Keep usergroup shares (#22143)
    Given As an "admin"
    And user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And group "group" exists
    And user "user1" belongs to group "group"
    And user "user2" belongs to group "group"
    And user "user0" created a folder "/TMP"
    And file "TMP" of user "user0" is shared with group "group"
    And user "user1" accepts last share
    And user "user2" accepts last share
    And user "user1" created a folder "/myFOLDER"
    And User "user1" moves file "/TMP" to "/myFOLDER/myTMP"
    And user "user2" does not exist
    And user "user1" should see following elements
      | /myFOLDER/myTMP/ |

  Scenario: Check quota of owners parent directory of a shared file
    Given using old dav path
    And As an "admin"
    And user "user0" exists
    And user "user1" exists
    And user "user1" has a quota of "0"
    And User "user0" moved file "/welcome.txt" to "/myfile.txt"
    And file "myfile.txt" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    When User "user1" uploads file "data/textfile.txt" to "/myfile.txt"
    Then the HTTP status code should be "204"

  Scenario: Don't allow sharing of the root
    Given user "user0" exists
    And As an "user0"
    When creating a share with
      | path | / |
      | shareType | 3 |
    Then the OCS status code should be "403"

  Scenario: Allow modification of reshare
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user0" created a folder "/TMP"
    And file "TMP" of user "user0" is shared with user "user1"
    And user "user1" accepts last share
    And file "TMP" of user "user1" is shared with user "user2"
    And As an "user1"
    When Updating last share with
      | permissions | 1 |
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"

  Scenario: Allow reshare to exceed permissions if shares of same file to same user have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And group "group1" exists
    And user "user1" belongs to group "group1"
    And user "user0" created a folder "/TMP"
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 1 |
      | shareWith | group1 |
      | permissions | 15 |
    And As an "user1"
    And accepting last share
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 17 |
    And As an "user1"
    And accepting last share
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 17 |
    When Updating last share with
      | permissions | 31 |
    Then the OCS status code should be "100"
    And the HTTP status code should be "200"

  Scenario: Do not allow reshare to exceed permissions
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user0" created a folder "/TMP"
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 21 |
    And As an "user1"
    And accepting last share
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 21 |
    When Updating last share with
      | permissions | 31 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: Do not allow reshare to exceed permissions even if shares of same file to other users have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And user "user0" created a folder "/TMP"
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user3 |
      | permissions | 15 |
    And As an "user3"
    And accepting last share
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 21 |
    And As an "user1"
    And accepting last share
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 21 |
    When Updating last share with
      | permissions | 31 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: Do not allow reshare to exceed permissions even if shares of other files from same user have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And As an "user0"
    And creating a share with
      | path | /FOLDER |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 15 |
    And As an "user1"
    And accepting last share
    And user "user0" created a folder "/TMP"
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 21 |
    And As an "user1"
    And accepting last share
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 21 |
    When Updating last share with
      | permissions | 31 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: Do not allow reshare to exceed permissions even if shares of other files from other users have them
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user3" exists
    And As an "user3"
    And creating a share with
      | path | /FOLDER |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 15 |
    And As an "user1"
    And accepting last share
    And user "user0" created a folder "/TMP"
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 21 |
    And As an "user1"
    And accepting last share
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 21 |
    When Updating last share with
      | permissions | 31 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: Do not allow sub reshare to exceed permissions
    Given user "user0" exists
    And user "user1" exists
    And user "user2" exists
    And user "user0" created a folder "/TMP"
    And user "user0" created a folder "/TMP/SUB"
    And As an "user0"
    And creating a share with
      | path | /TMP |
      | shareType | 0 |
      | shareWith | user1 |
      | permissions | 21 |
    And As an "user1"
    And accepting last share
    And creating a share with
      | path | /TMP/SUB |
      | shareType | 0 |
      | shareWith | user2 |
      | permissions | 21 |
    When Updating last share with
      | permissions | 31 |
    Then the OCS status code should be "404"
    And the HTTP status code should be "200"

  Scenario: Only allow 1 link share per file/folder
    Given user "user0" exists
    And As an "user0"
    And creating a share with
      | path | welcome.txt |
      | shareType | 3 |
    When save last share id
    And creating a share with
      | path | welcome.txt |
      | shareType | 3      |
    Then share ids should match

  Scenario: Correct webdav share-permissions for owned file
    Given user "user0" exists
    And User "user0" uploads file with content "foo" to "/tmp.txt"
    When as "user0" gets properties of folder "/tmp.txt" with
      |{http://open-collaboration-services.org/ns}share-permissions |
    Then the single response should contain a property "{http://open-collaboration-services.org/ns}share-permissions" with value "19"

  Scenario: Cannot download a file when it's shared view-only
    Given user "user0" exists
    And user "user1" exists
    And User "user0" moves file "/textfile0.txt" to "/document.odt"
    And file "document.odt" of user "user0" is shared with user "user1" view-only
    And user "user1" accepts last share
    When As an "user1"
    And Downloading file "/document.odt"
    Then the HTTP status code should be "403"

  Scenario: Cannot download a file when its parent is shared view-only
    Given user "user0" exists
    And user "user1" exists
    And User "user0" created a folder "/sharedviewonly"
    And User "user0" moves file "/textfile0.txt" to "/sharedviewonly/document.odt"
    And folder "sharedviewonly" of user "user0" is shared with user "user1" view-only
    And user "user1" accepts last share
    When As an "user1"
    And Downloading file "/sharedviewonly/document.odt"
    Then the HTTP status code should be "403"

  Scenario: Cannot copy a file when it's shared view-only
    Given user "user0" exists
    And user "user1" exists
    And User "user0" moves file "/textfile0.txt" to "/document.odt"
    And file "document.odt" of user "user0" is shared with user "user1" view-only
    And user "user1" accepts last share
    When User "user1" copies file "/document.odt" to "/copyforbidden.odt"
    Then the HTTP status code should be "403"

  Scenario: Cannot copy a file when its parent is shared view-only
    Given user "user0" exists
    And user "user1" exists
    And User "user0" created a folder "/sharedviewonly"
    And User "user0" moves file "/textfile0.txt" to "/sharedviewonly/document.odt"
    And folder "sharedviewonly" of user "user0" is shared with user "user1" view-only
    And user "user1" accepts last share
    When User "user1" copies file "/sharedviewonly/document.odt" to "/copyforbidden.odt"
    Then the HTTP status code should be "403"

# See sharing-v1-part3.feature