fixup

Signed-off-by: Ferdinand Thiessen <[email protected]>

Author: susnux

tests/Integration/Api/RespectAdminSettingsTest.php

@@ -0,0 +1,303 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\Forms\Tests\Integration\Api;
+
+use GuzzleHttp\Client;
+use OCA\Forms\AppInfo\Application;
+use OCA\Forms\Constants;
+use OCA\Forms\Tests\Integration\IntegrationBase;
+use OCP\IConfig;
+
+/**
+ * This tests that the API respects all admin settings
+ * @group DB
+ */
+class RespectAdminSettingsTest extends IntegrationBase {
+	/** @var GuzzleHttp\Client */
+	private $http;
+
+	protected array $users = [
+		'test' => 'Test user',
+	];
+
+	/**
+	 * Store Test Forms Array.
+	 * Necessary as function due to object type-casting.
+	 */
+	private function setTestForms() {
+		$this->testForms = [
+			[
+				'hash' => 'abcdefghij123456',
+				'title' => 'Title of a test Form',
+				'description' => '',
+				'owner_id' => 'test',
+				'access_enum' => 0,
+				'created' => 12345,
+				'expires' => 0,
+				'state' => 0,
+				'is_anonymous' => false,
+				'submit_multiple' => false,
+				'show_expiration' => false,
+				'last_updated' => 123456789,
+				'submission_message' => '',
+				'file_id' => null,
+				'file_format' => null,
+				'questions' => [],
+				'shares' => [],
+				'submissions' => [],
+			],
+			[
+				'hash' => '1234567890abcdef',
+				'title' => 'Title of a second globally shared Form',
+				'description' => '',
+				'owner_id' => 'test1',
+				'access_enum' => 2,
+				'created' => 12345,
+				'expires' => 0,
+				'state' => 0,
+				'is_anonymous' => false,
+				'submit_multiple' => false,
+				'show_expiration' => false,
+				'last_updated' => 123456789,
+				'submission_message' => '',
+				'file_id' => null,
+				'file_format' => null,
+				'questions' => [],
+				'shares' => [],
+				'submissions' => [],
+			],
+			[
+				'hash' => 'bcdf011899881',
+				'title' => 'Title of a directly shared Form',
+				'description' => '',
+				'owner_id' => 'test1',
+				'access_enum' => 0,
+				'created' => 12345,
+				'expires' => 0,
+				'state' => 0,
+				'is_anonymous' => false,
+				'submit_multiple' => false,
+				'show_expiration' => false,
+				'last_updated' => 123456789,
+				'submission_message' => '',
+				'file_id' => null,
+				'file_format' => null,
+				'questions' => [],
+				'shares' => [
+					[
+						'shareType' => 0,
+						'shareWith' => 'test',
+						'permissions' => ['submit'],
+					],
+				],
+				'submissions' => [],
+			],
+		];
+	}
+
+	private static function sharedTestForms(): array {
+		return [
+			[
+				'hash' => 'abcdefghij123456',
+				'title' => 'Title of a test Form',
+				'description' => '',
+				'created' => 12345,
+				'expires' => 0,
+				'state' => 0,
+				'questions' => [],
+				'shares' => [],
+				'ownerId' => 'test',
+				'fileId' => null,
+				'fileFormat' => null,
+				'access' => [],
+				'isAnonymous' => false,
+				'submitMultiple' => false,
+				'showExpiration' => false,
+				'submissionMessage' => '',
+				'permissions' => [],
+				'canSubmit' => true,
+				'submissionCount' => 0,
+			],
+		];
+	}
+
+	/**
+	 * Set up test environment.
+	 * Writing testforms into db, preparing http request
+	 */
+	public function setUp(): void {
+		$this->setTestForms();
+		$this->users = [
+			'test' => 'Test Displayname',
+			'user1' => 'User No. 1',
+		];
+
+		parent::setUp();
+
+		// Set up http Client
+		$this->http = new Client([
+			'base_uri' => 'http://localhost:8080/ocs/v2.php/apps/forms/',
+			'auth' => ['test', 'test'],
+			'headers' => [
+				'OCS-ApiRequest' => 'true',
+				'Accept' => 'application/json'
+			],
+		]);
+	}
+
+	public function tearDown(): void {
+		parent::tearDown();
+	}
+
+	// Small Wrapper for OCS-Response
+	private function OcsResponse2Data($resp) {
+		$arr = json_decode($resp->getBody()->getContents(), true);
+		return $arr['ocs']['data'];
+	}
+
+	// Unset Id, as we can not control it on the tests.
+	private function arrayUnsetId(array $arr): array {
+		foreach ($arr as $index => $elem) {
+			unset($arr[$index]['id']);
+		}
+		return $arr;
+	}
+
+	/**
+	 * Allow to update form if there are no admin settings
+	 */
+	public function testAllowUpdate(): void {
+		$resp = $this->http->request(
+			'PATCH',
+			"api/v3/forms/{$this->testForms[0]['id']}",
+			[
+				'json' => [
+					'keyValuePairs' => ['access' => ['permitAllUsers' => true, 'showToAllUsers' => true]],
+				],
+			],
+		);
+		$this->assertEquals(200, $resp->getStatusCode());
+
+		$resp = $this->http->request(
+			'GET',
+			"api/v3/forms/{$this->testForms[0]['id']}",
+		);
+		$data = $this->OcsResponse2Data($resp);
+
+		$expected = self::sharedTestForms()[0];
+		$expected['access'] = ['permitAllUsers' => true, 'showToAllUsers' => true];
+
+		$this->assertEquals(200, $resp->getStatusCode());
+		$this->assertEquals($expected, $this->arrayUnsetId($data));
+	}
+
+	/**
+	 * Forbid to update form if there are admin settings
+	 * @dataProvider forbidUpdateAdminSettingsData
+	 */
+	public function testForbidUpdate(array $accessValue, array $adminConfigKeys): void {
+		$config = \OCP\Server::get(IConfig::class);
+		foreach ($adminConfigKeys as $key => $value) {
+			$config->setAppValue(Application::APP_ID, $key, $value);
+		}
+
+		$resp = $this->http->request(
+			'PATCH',
+			"api/v3/forms/{$this->testForms[0]['id']}",
+			[
+				'json' => [
+					'keyValuePairs' => ['access' => $accessValue],
+				],
+			],
+		);
+		$this->assertEquals(401, $resp->getStatusCode());
+
+		$resp = $this->http->request(
+			'GET',
+			"api/v3/forms/{$this->testForms[0]['id']}",
+		);
+		$data = $this->OcsResponse2Data($resp);
+
+		$this->assertEquals(200, $resp->getStatusCode());
+		$this->assertEquals(self::sharedTestForms()[0], $this->arrayUnsetId($data));
+	}
+
+	public static function forbidUpdateAdminSettingsData(): array {
+		return [
+			'set both without show-to-all permission' => [
+				[
+					'permitAllUsers' => true,
+					'showToAllUsers' => true,
+				],
+				[
+					Constants::CONFIG_KEY_ALLOWSHOWTOALL => 'false',
+					Constants::CONFIG_KEY_ALLOWPERMITALL => 'true',
+				],
+			],
+			'set both without permit-all permission' => [
+				[
+					'permitAllUsers' => true,
+					'showToAllUsers' => true,
+				],
+				[
+					Constants::CONFIG_KEY_ALLOWSHOWTOALL => 'true',
+					Constants::CONFIG_KEY_ALLOWPERMITALL => 'false',
+				],
+			],
+			'set show-to-all without permission' => [
+				[
+					'showToAllUsers' => true,
+				],
+				[
+					Constants::CONFIG_KEY_ALLOWSHOWTOALL => 'false',
+					Constants::CONFIG_KEY_ALLOWPERMITALL => 'true',
+				],
+			],
+			'set permit-all without permission' => [
+				[
+					'permitAllUsers' => true,
+				],
+				[
+					Constants::CONFIG_KEY_ALLOWSHOWTOALL => 'true',
+					Constants::CONFIG_KEY_ALLOWPERMITALL => 'false',
+				],
+			],
+		];
+	}
+
+	/**
+	 * Test that forms with public access are listed
+	 */
+	public function testListFormsAllowed(): void {
+		$resp = $this->http->request(
+			'GET',
+			"api/v3/forms?type=shared",
+		);
+		$this->assertEquals(200, $resp->getStatusCode());
+
+		$data = $this->OcsResponse2Data($resp);
+		$this->assertEquals(2, count($data));
+	}
+
+	/**
+	 * Test that only forms directly shared are listed if the admin setting forbid access to the form.
+	 * Equivalent to creating form with "show to all" permission, but then the admin deactivates the "show all" globally.
+	 */
+	public function testListFormsNoAdminPermission(): void {
+		$resp = $this->http->request(
+			'GET',
+			"api/v3/forms?type=shared",
+		);
+		$this->assertEquals(200, $resp->getStatusCode());
+
+		$data = $this->OcsResponse2Data($resp);
+		$this->assertEquals(1, count($data));
+		$this->assertEquals('Title of a directly shared Form', $data[0]['title']);
+	}
+
+};

tests/Integration/IntegrationBase.php

@@ -7,7 +7,12 @@
  */
 namespace OCA\Forms\Tests\Integration;
 
+use OCA\Forms\AppInfo\Application;
+use OCA\Forms\Constants;
 use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IConfig;
+use OCP\IDBConnection;
+use OCP\IUserManager;
 use Test\TestCase;
 
 /**
@@ -30,7 +35,12 @@ class IntegrationBase extends TestCase {
 	public function setUp(): void {
 		parent::setUp();
 
-		$userManager = \OC::$server->getUserManager();
+		$config = \OCP\Server::get(IConfig::class);
+		foreach (Constants::CONFIG_KEYS as $key) {
+			$config->deleteAppValue(Application::APP_ID, $key);
+		}
+
+		$userManager = \OCP\Server::get(IUserManager::class);
 		foreach ($this->users as $userId => $displayName) {
 			$user = $userManager->get($userId);
 			if ($user === null) {
@@ -39,7 +49,7 @@ public function setUp(): void {
 			$user->setDisplayName($displayName);
 		}
 
-		$qb = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+		$qb = \OCP\Server::get(IDBConnection::class)->getQueryBuilder();
 
 		// Write our test forms into db
 		foreach ($this->testForms as $index => $form) {
@@ -136,7 +146,8 @@ public function setUp(): void {
 
 	/** Clean up database from testforms */
 	public function tearDown(): void {
-		$qb = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+		$db = \OCP\Server::get(IDBConnection::class);
+		$qb = $db->getQueryBuilder();
 
 		foreach ($this->testForms as $form) {
 			$qb->delete('forms_v2_forms')