# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: AGPL-3.0-or-later Feature: contacts-menu Scenario: users can be searched by display name Given user "user0" exists And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "1" contacts And searched contact "0" is named "Test name" Scenario: users can be searched by email Given user "user0" exists And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | email | | value | test@example.com | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "1" contacts And searched contact "0" is named "user1" Scenario: users can not be searched by id Given user "user0" exists And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | When Logging in using web as "user0" And searching for contacts matching with "user" Then the list of searched contacts has "0" contacts Scenario: search several users Given user "user0" exists And user "user1" exists And user "user2" exists And user "user3" exists And user "user4" exists And user "user5" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | And sending "PUT" to "/cloud/users/user2" with | key | email | | value | test@example.com | And sending "PUT" to "/cloud/users/user3" with | key | displayname | | value | Unmatched name | And sending "PUT" to "/cloud/users/user4" with | key | email | | value | unmatched@example.com | And sending "PUT" to "/cloud/users/user5" with | key | displayname | | value | Another test name | And sending "PUT" to "/cloud/users/user5" with | key | email | | value | another_test@example.com | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "3" contacts # Results are sorted alphabetically And searched contact "0" is named "Another test name" And searched contact "1" is named "Test name" And searched contact "2" is named "user2" Scenario: users can not be searched by display name when searcher belongs to a group excluded from sharing Given user "user0" exists And group "ExcludedGroup" exists And user "user0" belongs to group "ExcludedGroup" And parameter "shareapi_exclude_groups" of app "core" is set to "yes" And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "0" contacts Scenario: users can not be searched by email when searcher belongs to a group excluded from sharing Given user "user0" exists And group "ExcludedGroup" exists And user "user0" belongs to group "ExcludedGroup" And parameter "shareapi_exclude_groups" of app "core" is set to "yes" And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | email | | value | test@example.com | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "0" contacts Scenario: users can be searched by display name when searcher belongs to both a group excluded from sharing and another group Given user "user0" exists And group "ExcludedGroup" exists And user "user0" belongs to group "ExcludedGroup" And group "AnotherGroup" exists And user "user0" belongs to group "AnotherGroup" And parameter "shareapi_exclude_groups" of app "core" is set to "yes" And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "1" contacts And searched contact "0" is named "Test name" Scenario: users can be searched by email when searcher belongs to both a group excluded from sharing and another group Given user "user0" exists And group "ExcludedGroup" exists And user "user0" belongs to group "ExcludedGroup" And group "AnotherGroup" exists And user "user0" belongs to group "AnotherGroup" And parameter "shareapi_exclude_groups" of app "core" is set to "yes" And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | email | | value | test@example.com | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "1" contacts And searched contact "0" is named "user1" Scenario: users can not be searched by display name when searcher does not belong to a group allowed to share Given user "user0" exists And group "AllowedGroup" exists And parameter "shareapi_exclude_groups" of app "core" is set to "allow" And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "0" contacts Scenario: users can not be searched by email when searcher does not belong to a group allowed to share Given user "user0" exists And group "AllowedGroup" exists And parameter "shareapi_exclude_groups" of app "core" is set to "allow" And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | email | | value | test@example.com | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "0" contacts Scenario: users can be searched by display name when searcher belongs to both a group allowed to share and another group Given user "user0" exists And group "AllowedGroup" exists And user "user0" belongs to group "AllowedGroup" And group "AnotherGroup" exists And user "user0" belongs to group "AnotherGroup" And parameter "shareapi_exclude_groups" of app "core" is set to "allow" And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "1" contacts And searched contact "0" is named "Test name" Scenario: users can be searched by email when searcher belongs to both a group allowed to share and another group Given user "user0" exists And group "AllowedGroup" exists And user "user0" belongs to group "AllowedGroup" And group "AnotherGroup" exists And user "user0" belongs to group "AnotherGroup" And parameter "shareapi_exclude_groups" of app "core" is set to "allow" And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup" And user "user1" exists And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | email | | value | test@example.com | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "1" contacts And searched contact "0" is named "user1" Scenario: users can not be found by display name if visibility is private Given user "user0" exists And user "user1" exists And user "user2" exists And Logging in using web as "user1" And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | displayname | Test name | | displaynameScope | v2-private | And Logging in using web as "user2" And Sending a "PUT" to "/settings/users/user2/settings" with requesttoken | displayname | Another test name | | displaynameScope | v2-federated | When Logging in using web as "user0" And searching for contacts matching with "test" # Disabled because it regularly fails on drone: # Then the list of searched contacts has "1" contacts # And searched contact "0" is named "Another test name" Scenario: users can not be found by email if visibility is private Given user "user0" exists And user "user1" exists And user "user2" exists And Logging in using web as "user1" And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | email | test@example.com | | emailScope | v2-private | And Logging in using web as "user2" And Sending a "PUT" to "/settings/users/user2/settings" with requesttoken | email | another_test@example.com | | emailScope | v2-federated | # Disabled because it regularly fails on drone: # When Logging in using web as "user0" # And searching for contacts matching with "test" # Then the list of searched contacts has "1" contacts # And searched contact "0" is named "user2" Scenario: users can be found by other properties if the visibility of one is private Given user "user0" exists And user "user1" exists And user "user2" exists And Logging in using web as "user1" And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | displayname | Test name | | displaynameScope | v2-federated | | email | test@example.com | | emailScope | v2-private | And Logging in using web as "user2" And Sending a "PUT" to "/settings/users/user2/settings" with requesttoken | displayname | Another test name | | displaynameScope | v2-private | | email | another_test@example.com | | emailScope | v2-federated | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "2" contacts # Disabled because it regularly fails on drone: # And searched contact "0" is named "" And searched contact "1" is named "Test name" Scenario: users can be searched by display name if visibility is increased again Given user "user0" exists And user "user1" exists And Logging in using web as "user1" And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | displayname | Test name | | displaynameScope | v2-private | And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | displaynameScope | v2-federated | When Logging in using web as "user0" And searching for contacts matching with "test" Then the list of searched contacts has "1" contacts And searched contact "0" is named "Test name" Scenario: users can be searched by email if visibility is increased again Given user "user0" exists And user "user1" exists And Logging in using web as "user1" And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | email | test@example.com | | emailScope | v2-private | And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | emailScope | v2-federated | # Disabled because it regularly fails on drone: # When Logging in using web as "user0" # And searching for contacts matching with "test" # Then the list of searched contacts has "1" contacts # And searched contact "0" is named "user1" Scenario: users can not be searched by display name if visibility is private even if updated with provisioning Given user "user0" exists And user "user1" exists And Logging in using web as "user1" And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | displaynameScope | v2-private | And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | displayname | | value | Test name | When Logging in using web as "user0" And searching for contacts matching with "test" # Disabled because it regularly fails on drone: # Then the list of searched contacts has "0" contacts Scenario: users can not be searched by email if visibility is private even if updated with provisioning Given user "user0" exists And user "user1" exists And Logging in using web as "user1" And Sending a "PUT" to "/settings/users/user1/settings" with requesttoken | emailScope | v2-private | And As an "admin" And sending "PUT" to "/cloud/users/user1" with | key | email | | value | test@example.com | When Logging in using web as "user0" And searching for contacts matching with "test" # Disabled because it regularly fails on drone: # Then the list of searched contacts has "0" contacts Scenario: users cannot list other users from the system address book Given user "user0" exists And user "user1" exists And invoking occ with "config:app:set dav system_addressbook_exposed --value false" And Logging in using web as "user1" And searching for contacts matching with "" Then the list of searched contacts has "1" contacts And invoking occ with "config:app:delete dav system_addressbook_exposed" Scenario: users can list other users from the system address book Given user "user0" exists And user "user1" exists And Logging in using web as "user1" And searching for contacts matching with "" Then the list of searched contacts has "2" contacts