test: Add test for read only shares

juliusknorr · juliusknorr · commit 049607e0c117 · 2025-10-21T12:32:24.000+02:00
Signed-off-by: Julius Knorr &lt;jus@bitgrid.net&gt;
diff --git a/playwright/e2e/sharing.spec.ts b/playwright/e2e/sharing.spec.ts
@@ -0,0 +1,49 @@
+/**
+ * SPDX-FileCopyrightText: 2024 Ferdinand Thiessen <opensource@fthiessen.de>
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import { expect } from '@playwright/test'
+import { test } from '../support/fixtures/sharing-user'
+
+test('Share a file read only that cannot be locked by the recipient', async ({ pageOwner, pageRecipient, owner, recipient, request }) => {
+	// Create a test file as owner
+	const filename = 'test-share.txt'
+	const response = await request.put(`/remote.php/dav/files/${owner.userId}/${filename}`, {
+		headers: {
+			Authorization: `Basic ${Buffer.from(`${owner.userId}:${owner.password}`).toString('base64')}`,
+		},
+		data: 'Test file content',
+	})
+	expect(response.ok()).toBeTruthy()
+
+	// Share the file with recipient
+	const shareResponse = await request.post('/ocs/v2.php/apps/files_sharing/api/v1/shares', {
+		headers: {
+			'OCS-APIRequest': 'true',
+			'Content-Type': 'application/json',
+			Authorization: `Basic ${Buffer.from(`${owner.userId}:${owner.password}`).toString('base64')}`,
+		},
+		data: {
+			path: `/${filename}`,
+			shareType: '0', // User share
+			shareWith: recipient.userId,
+			permissions: '1',
+		},
+	})
+	expect(shareResponse.ok()).toBeTruthy()
+
+	// Check recipient cannot lock
+	await pageRecipient.goto('/apps/files')
+	await pageRecipient.waitForURL(/apps\/files/)
+	const rowRecipient = await pageRecipient.getByRole('row', { name: filename })
+	await rowRecipient.getByRole('button', { name: 'Actions' }).click()
+	await expect(pageRecipient.getByRole('menuitem', { name: 'Lock file' })).not.toBeVisible()
+
+	// Check owner can still lock
+	await pageOwner.goto('/apps/files')
+	await pageOwner.waitForURL(/apps\/files/)
+	const rowOwner = await pageOwner.getByRole('row', { name: filename })
+	await rowOwner.getByRole('button', { name: 'Actions' }).click()
+	await expect(pageOwner.getByRole('menuitem', { name: 'Lock file' })).toBeVisible()
+})
diff --git a/playwright/support/fixtures/sharing-user.ts b/playwright/support/fixtures/sharing-user.ts
@@ -0,0 +1,59 @@
+/**
+ * SPDX-FileCopyrightText: 2024 Ferdinand Thiessen <opensource@fthiessen.de>
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import { test as base } from '@playwright/test'
+import { createRandomUser, login } from '@nextcloud/e2e-test-server/playwright'
+
+// The User type from e2e-test-server
+interface User {
+	userId: string
+	password: string
+	language: string
+}
+
+interface SharingUserFixture {
+	owner: User
+	recipient: User
+	pageOwner: Page
+	pageRecipient: Page
+}
+
+/**
+ * This test fixture ensures two new random users are created:
+ * - owner: The user who will be sharing files/folders
+ * - recipient: The user who will receive the shares
+ */
+export const test = base.extend<SharingUserFixture>({
+	owner: async ({ }, use) => {
+		const user = await createRandomUser()
+		await use(user)
+	},
+	recipient: async ({ }, use) => {
+		const user = await createRandomUser()
+		await use(user)
+	},
+	pageOwner: async ({ browser, baseURL, owner }, use) => {
+		const page = await browser.newPage({
+			storageState: undefined,
+			baseURL,
+		})
+
+		await login(page.request, owner)
+
+		await use(page)
+		await page.close()
+	},
+	pageRecipient: async ({ browser, baseURL, recipient }, use) => {
+		const page = await browser.newPage({
+			storageState: undefined,
+			baseURL,
+		})
+
+		await login(page.request, recipient)
+
+		await use(page)
+		await page.close()
+	},
+})
