Closed ScharfViktor closed 1 week ago
Related issue https://github.com/owncloud/web/issues/11579
need also prevent adding members to space using "https://ocis-server:9200/graph/v1beta1/drives/spaceUUID/items/spaceUUID/invite" endpoint added test apiOcm/share.feature:231 and linked issue
Version 6.3.0 web 10.2.0
ocm setup, see here https://owncloud.dev/ocis/development/testing/#running-test-suite-with-federated-sharing-ocm
Steps:
Expected: 403 Forbidden Actual:
curl -k -X POST 'https://ocis-server:9200/graph/v1beta1/drives/space_uuid/root/invite' -u admin:admin -d '{"roles":["a8d5fe5e-96e3-418d-825b-534dbdf22b99"],"recipients":[{"objectId":"external_user_uuid: ","@libre.graph.recipient.type":"user"}]}' -v
gets 200 OK - but user hasn't access to space