From 92fcb03d54adf6c825b7e9709f9c1bfa8f44c864 Mon Sep 17 00:00:00 2001 From: mhsdesign <85400359+mhsdesign@users.noreply.github.com> Date: Mon, 27 Jan 2025 14:31:04 +0100 Subject: [PATCH] TASK: Fix cr security tests separate more complex discard commands into own tests as attempting to discard 0 nodes fails now and its harder to test that way in batches. --- .../Security/WorkspacePermissions.feature | 56 ++++++++++++++++++- 1 file changed, 53 insertions(+), 3 deletions(-) diff --git a/Neos.Neos/Tests/Behavior/Features/ContentRepository/Security/WorkspacePermissions.feature b/Neos.Neos/Tests/Behavior/Features/ContentRepository/Security/WorkspacePermissions.feature index f9532c6131..2f244d43d4 100644 --- a/Neos.Neos/Tests/Behavior/Features/ContentRepository/Security/WorkspacePermissions.feature +++ b/Neos.Neos/Tests/Behavior/Features/ContentRepository/Security/WorkspacePermissions.feature @@ -265,9 +265,7 @@ Feature: Workspace permission related features | CreateRootNodeAggregateWithNode | {"nodeAggregateId":"c","nodeTypeName":"Neos.Neos:CustomRoot"} | | MoveDimensionSpacePoint | {"source":{"language":"de"},"target":{"language":"ch"}} | | UpdateRootNodeAggregateDimensions | {"nodeAggregateId":"root"} | - | DiscardWorkspace | {} | - | DiscardIndividualNodesFromWorkspace | {"nodesToDiscard":["a1"]} | - | RebaseWorkspace | {} | + | RebaseWorkspace | {"rebaseErrorHandlingStrategy": "force"} | # note, creating a core workspace will not grant permissions to it to the current user: Missing "read" permissions for base workspace "new-workspace" | CreateWorkspace | {"workspaceName":"new-workspace","baseWorkspaceName":"workspace","newContentStreamId":"any"} | @@ -322,3 +320,55 @@ Feature: Workspace permission related features | user | | owner | | collaborator | + + Scenario Outline: Discarding a workspace without WRITE permissions + # make changes as owner + Given I am authenticated as owner + + And the following CreateNodeAggregateWithNode commands are executed: + | nodeAggregateId | nodeTypeName | parentNodeAggregateId | workspaceName | originDimensionSpacePoint | + | shernode-homes | Neos.Neos:Document | a | workspace | {"language":"de"} | + | other-node | Neos.Neos:Document | a | workspace | {"language":"de"} | + + # someone else attempts to discard + Given I am authenticated as + + And the command DiscardIndividualNodesFromWorkspace is executed with payload and exceptions are caught: + | Key | Value | + | workspaceName | "workspace" | + | nodesToDiscard | ["shernode-homes"] | + Then the last command should have thrown an exception of type "AccessDenied" with code 1729086686 + + And the command DiscardWorkspace is executed with payload and exceptions are caught: + | Key | Value | + | workspaceName | "workspace" | + Then the last command should have thrown an exception of type "AccessDenied" with code 1729086686 + + Examples: + | user | + | restricted_editor | + | simple_user | + | uninvolved_editor | + | admin | + + Scenario Outline: Discarding a workspace with WRITE permissions + Given I am authenticated as + + And the following CreateNodeAggregateWithNode commands are executed: + | nodeAggregateId | nodeTypeName | parentNodeAggregateId | workspaceName | originDimensionSpacePoint | + | shernode-homes | Neos.Neos:Document | a | workspace | {"language":"de"} | + | other-node | Neos.Neos:Document | a | workspace | {"language":"de"} | + + And the command DiscardIndividualNodesFromWorkspace is executed with payload: + | Key | Value | + | workspaceName | "workspace" | + | nodesToDiscard | ["shernode-homes"] | + + And the command DiscardWorkspace is executed with payload: + | Key | Value | + | workspaceName | "workspace" | + + Examples: + | user | + | owner | + | collaborator |