quantranhong1999 commented on code in PR #2646:
URL: https://github.com/apache/james-project/pull/2646#discussion_r1967200177
##########
server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/MailboxSetMethodContract.scala:
##########
@@ -8202,48 +8305,74 @@ trait MailboxSetMethodContract {
|}
|""".stripMargin
- val response = `given`
+ `given`
.header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
.body(request)
.when
.post
.`then`
.log().ifValidationFails()
.statusCode(SC_OK)
- .contentType(JSON)
- .extract
- .body
- .asString
+ .body("methodResponses[0][1].updated", hasKey(mailboxId.serialize))
+ }
- assertThatJson(response)
- .whenIgnoringPaths("methodResponses[0][1].oldState",
"methodResponses[0][1].newState")
- .isEqualTo(
- s"""{
- | "sessionState": "${SESSION_STATE.value}",
- | "methodResponses": [
- | ["Mailbox/set", {
- | "accountId":
"29883977c13473ae7cb7678ef767cbfbaffc8a44a6e463d971d23a65c1dc4af6",
- | "notUpdated": {
- | "${mailboxId.serialize}": {
- | "type": "notFound",
- | "description": "#private:an...@domain.tld:mailbox"
- | }
- | }
- | }, "c2"]
- | ]
- |}""".stripMargin)
+ @Test
+ def
updateShouldFailWhenUpdateParentIdFromSharedMailboxAndDoesNotHasDeleteMailboxRight(server:
GuiceJamesServer): Unit = {
+ val mailboxProbe = server.getProbe(classOf[MailboxProbeImpl])
+ val path = MailboxPath.forUser(ANDRE, "mailbox")
+ val mailboxId: MailboxId = mailboxProbe.createMailbox(path)
+ val parentPath = MailboxPath.forUser(BOB, "parent")
+ val parentId = mailboxProbe.createMailbox(parentPath)
+
+ val aCLProbeImpl = server.getProbe(classOf[ACLProbeImpl])
+ aCLProbeImpl.replaceRights(path, BOB.asString,
MailboxACL.FULL_RIGHTS.except(new
MailboxACL.Rfc4314Rights(Right.DeleteMailbox)))
+
+ val request = s"""
+ |{
+ | "using": [ "urn:ietf:params:jmap:core",
"urn:ietf:params:jmap:mail" ],
+ | "methodCalls": [
+ | [
+ | "Mailbox/set",
+ | {
+ | "accountId":
"29883977c13473ae7cb7678ef767cbfbaffc8a44a6e463d971d23a65c1dc4af6",
+ | "update": {
+ | "${mailboxId.serialize}": {
+ | "parentId": "${parentId.serialize}"
+ | }
+ | }
+ | },
+ | "c2"
+ | ]
+ | ]
+ |}
+ |""".stripMargin
+
+ `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(request)
+ .when
+ .post
+ .`then`
+ .log().ifValidationFails()
+ .statusCode(SC_OK)
+ .body("methodResponses[0][1].notUpdated", hasKey(mailboxId.serialize))
+ .body("methodResponses[0][1].notUpdated." + mailboxId.serialize,
+ jsonEquals(s"""{
+ | "type": "invalidArguments",
Review Comment:
Should we take a chance to review the response error for this missing rights
case?
IMO we should return the `forbidden` SetError instead of `invalidArguments`.
```
forbidden: The method and arguments are valid, but executing the method
would violate an Access Control List (ACL) or other permissions policy.
```
cf https://jmap.io/spec-core.html
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org
