camper/test/campsite.sql

-- Test campsite
set client_min_messages to warning;
create extension if not exists pgtap;
reset client_min_messages;

begin;

select plan(53);

set search_path to camper, public;

select has_table('campsite');
select has_pk('campsite');
select col_is_unique('campsite', array['company_id', 'label']);
select table_privs_are('campsite', 'guest', array['SELECT']);
select table_privs_are('campsite', 'employee', array['SELECT']);
select table_privs_are('campsite', 'admin', array['SELECT', 'INSERT', 'UPDATE', 'DELETE']);
select table_privs_are('campsite', 'authenticator', array[]::text[]);

select has_sequence('campsite_campsite_id_seq');
select sequence_privs_are('campsite_campsite_id_seq', 'guest', array[]::text[]);
select sequence_privs_are('campsite_campsite_id_seq', 'employee', array[]::text[]);
select sequence_privs_are('campsite_campsite_id_seq', 'admin', array['USAGE']);
select sequence_privs_are('campsite_campsite_id_seq', 'authenticator', array[]::text[]);

select has_column('campsite', 'campsite_id');
select col_is_pk('campsite', 'campsite_id');
select col_type_is('campsite', 'campsite_id', 'integer');
select col_not_null('campsite', 'campsite_id');
select col_has_default('campsite', 'campsite_id');
select col_default_is('campsite', 'campsite_id', 'nextval(''campsite_campsite_id_seq''::regclass)');

select has_column('campsite', 'company_id');
select col_is_fk('campsite', 'company_id');
select fk_ok('campsite', 'company_id', 'company', 'company_id');
select col_type_is('campsite', 'company_id', 'integer');
select col_not_null('campsite', 'company_id');
select col_hasnt_default('campsite', 'company_id');

select has_column('campsite', 'campsite_type_id');
select col_is_fk('campsite', 'campsite_type_id');
select fk_ok('campsite', 'campsite_type_id', 'campsite_type', 'campsite_type_id');
select col_type_is('campsite', 'campsite_type_id', 'integer');
select col_not_null('campsite', 'campsite_type_id');
select col_hasnt_default('campsite', 'campsite_type_id');

select has_column('campsite', 'label');
select col_type_is('campsite', 'label', 'text');
select col_not_null('campsite', 'label');
select col_hasnt_default('campsite', 'label');

select has_column('campsite', 'active');
select col_type_is('campsite', 'active', 'boolean');
select col_not_null('campsite', 'active');
select col_has_default('campsite', 'active');
select col_default_is('campsite', 'active', 'true');


set client_min_messages to warning;
truncate campsite cascade;
truncate campsite_type cascade;
truncate media cascade;
truncate media_content cascade;
truncate company_host cascade;
truncate company_user cascade;
truncate company cascade;
truncate auth."user" cascade;
reset client_min_messages;


insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at)
values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')
     , (5, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')
;

insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code, currency_code, default_lang_tag)
values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', 'ES', 'EUR', 'ca')
     , (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', 'FR', 'USD', 'ca')
;

insert into company_user (company_id, user_id, role)
values (2, 1, 'admin')
     , (4, 5, 'admin')
;

insert into company_host (company_id, host)
values (2, 'co2')
     , (4, 'co4')
;

insert into media_content (media_type, bytes)
values ('image/x-xpixmap', 'static char *s[]={"1 1 1 1","a c #ffffff","a"};')
;

insert into media (media_id, company_id, original_filename, content_hash)
values (6, 2, 'cover2.xpm', sha256('static char *s[]={"1 1 1 1","a c #ffffff","a"};'))
     , (8, 4, 'cover4.xpm', sha256('static char *s[]={"1 1 1 1","a c #ffffff","a"};'))
;

insert into campsite_type (campsite_type_id, company_id, media_id, name)
values (22, 2, 6, 'Wooden lodge')
     , (44, 4, 8, 'Bungalow')
;

insert into campsite (company_id, campsite_type_id, label)
values (2, 22, 'W1')
     , (4, 44, 'B1')
;

prepare campsite_data as
select company_id, label
from campsite
order by company_id, label;

set role guest;
select bag_eq(
	'campsite_data',
	$$ values (2, 'W1')
	        , (4, 'B1')
	$$,
	'Everyone should be able to list all campsites across all companies'
);
reset role;

select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2');

select lives_ok(
	$$ insert into campsite(company_id, campsite_type_id, label) values (2, 22, 'w2' ) $$,
	'Admin from company 2 should be able to insert a new campsite to that company.'
);

select bag_eq(
	'campsite_data',
	$$ values (2, 'W1')
	        , (2, 'w2')
	        , (4, 'B1')
	$$,
	'The new row should have been added'
);

select lives_ok(
	$$ update campsite set label = 'W2' where company_id = 2 and label = 'w2' $$,
	'Admin from company 2 should be able to update campsites of that company.'
);

select bag_eq(
	'campsite_data',
	$$ values (2, 'W1')
	        , (2, 'W2')
	        , (4, 'B1')
	$$,
	'The row should have been updated.'
);

select lives_ok(
	$$ delete from campsite where company_id = 2 and label = 'W2' $$,
	'Admin from company 2 should be able to delete campsites from that company.'
);

select bag_eq(
	'campsite_data',
	$$ values (2, 'W1')
	        , (4, 'B1')
	$$,
	'The row should have been deleted.'
);

select throws_ok(
	$$ insert into campsite (company_id, campsite_type_id, label) values (4, 44, 'W3' ) $$,
	'42501', 'new row violates row-level security policy for table "campsite"',
	'Admin from company 2 should NOT be able to insert new campsites to company 4.'
);

select lives_ok(
	$$ update campsite set label = 'Nope' where company_id = 4 $$,
	'Admin from company 2 should NOT be able to update campsite types of company 4, but no error if company_id is not changed.'
);

select bag_eq(
	'campsite_data',
	$$ values (2, 'W1')
	        , (4, 'B1')
	$$,
	'No row should have been changed.'
);

select throws_ok(
	$$ update campsite set company_id = 4 where company_id = 2 $$,
	'42501', 'new row violates row-level security policy for table "campsite"',
	'Admin from company 2 should NOT be able to move campsites to company 4'
);

select lives_ok(
	$$ delete from campsite where company_id = 4 $$,
	'Admin from company 2 should NOT be able to delete campsite types from company 4, but not error is thrown'
);

select bag_eq(
	'campsite_data',
	$$ values (2, 'W1')
	        , (4, 'B1')
	$$,
	'No row should have been changed'
);

select throws_ok(
	$$ insert into campsite (company_id, campsite_type_id, label) values (2, 22, '  ' ) $$,
	'23514', 'new row for relation "campsite" violates check constraint "label_not_empty"',
	'Should not be able to insert campsites with a blank label.'
);

reset role;

select *
from finish();

rollback;
Add the campsite relation, HTTP handlers, and form For now, there is only the label, type, and active fields. We will need some field to hold the area on the map, but this requires #4, and possibly #6, to be finished. Part of #27. 2023-08-14 18:18:26 +00:00			`-- Test campsite`
			`set client_min_messages to warning;`
			`create extension if not exists pgtap;`
			`reset client_min_messages;`

			`begin;`

Add campsite map in SVG I intend to use the same SVG file for customers and employees, so i had to change Oriol’s design to add a class to layers that are supposed to be only for customers, like trees. These are hidden in the admin area. I understood that customers and employees have to click on a campsite to select it, and then they can book or whatever they need to do to them. Since customers and employees most certainly will need to have different listeners on campsites, i decided to add the link with JavaScript. To do so, i need a custom XML attribute with the campsite’s identifier. Since i have seen that all campsites have a label, i changed the “identifier” to the unique combination (company_id, label). The company_id is there because different companies could have the same label; i left the campsite_id primary key for foreign constraints. In this case, as a test, i add an <a> element to the campsite with a link to edit it; we’ll discuss with Oriol what exactly it needs to do. However, the original design had the labels in a different layer, that interfered with the link, as the numbers must be above the path and the link must wrap the path in order to “inherit” its shape. I had no other recourse than to move the labels in the same layer as the paths’. 2023-09-24 01:17:13 +00:00			`select plan(53);`
Add the campsite relation, HTTP handlers, and form For now, there is only the label, type, and active fields. We will need some field to hold the area on the map, but this requires #4, and possibly #6, to be finished. Part of #27. 2023-08-14 18:18:26 +00:00
			`set search_path to camper, public;`

			`select has_table('campsite');`
			`select has_pk('campsite');`
Add campsite map in SVG I intend to use the same SVG file for customers and employees, so i had to change Oriol’s design to add a class to layers that are supposed to be only for customers, like trees. These are hidden in the admin area. I understood that customers and employees have to click on a campsite to select it, and then they can book or whatever they need to do to them. Since customers and employees most certainly will need to have different listeners on campsites, i decided to add the link with JavaScript. To do so, i need a custom XML attribute with the campsite’s identifier. Since i have seen that all campsites have a label, i changed the “identifier” to the unique combination (company_id, label). The company_id is there because different companies could have the same label; i left the campsite_id primary key for foreign constraints. In this case, as a test, i add an <a> element to the campsite with a link to edit it; we’ll discuss with Oriol what exactly it needs to do. However, the original design had the labels in a different layer, that interfered with the link, as the numbers must be above the path and the link must wrap the path in order to “inherit” its shape. I had no other recourse than to move the labels in the same layer as the paths’. 2023-09-24 01:17:13 +00:00			`select col_is_unique('campsite', array['company_id', 'label']);`
Add the campsite relation, HTTP handlers, and form For now, there is only the label, type, and active fields. We will need some field to hold the area on the map, but this requires #4, and possibly #6, to be finished. Part of #27. 2023-08-14 18:18:26 +00:00			`select table_privs_are('campsite', 'guest', array['SELECT']);`
			`select table_privs_are('campsite', 'employee', array['SELECT']);`
			`select table_privs_are('campsite', 'admin', array['SELECT', 'INSERT', 'UPDATE', 'DELETE']);`
			`select table_privs_are('campsite', 'authenticator', array[]::text[]);`

			`select has_sequence('campsite_campsite_id_seq');`
			`select sequence_privs_are('campsite_campsite_id_seq', 'guest', array[]::text[]);`
			`select sequence_privs_are('campsite_campsite_id_seq', 'employee', array[]::text[]);`
			`select sequence_privs_are('campsite_campsite_id_seq', 'admin', array['USAGE']);`
			`select sequence_privs_are('campsite_campsite_id_seq', 'authenticator', array[]::text[]);`

			`select has_column('campsite', 'campsite_id');`
			`select col_is_pk('campsite', 'campsite_id');`
			`select col_type_is('campsite', 'campsite_id', 'integer');`
			`select col_not_null('campsite', 'campsite_id');`
			`select col_has_default('campsite', 'campsite_id');`
			`select col_default_is('campsite', 'campsite_id', 'nextval(''campsite_campsite_id_seq''::regclass)');`

			`select has_column('campsite', 'company_id');`
			`select col_is_fk('campsite', 'company_id');`
			`select fk_ok('campsite', 'company_id', 'company', 'company_id');`
			`select col_type_is('campsite', 'company_id', 'integer');`
			`select col_not_null('campsite', 'company_id');`
			`select col_hasnt_default('campsite', 'company_id');`

			`select has_column('campsite', 'campsite_type_id');`
			`select col_is_fk('campsite', 'campsite_type_id');`
			`select fk_ok('campsite', 'campsite_type_id', 'campsite_type', 'campsite_type_id');`
			`select col_type_is('campsite', 'campsite_type_id', 'integer');`
			`select col_not_null('campsite', 'campsite_type_id');`
			`select col_hasnt_default('campsite', 'campsite_type_id');`

			`select has_column('campsite', 'label');`
			`select col_type_is('campsite', 'label', 'text');`
			`select col_not_null('campsite', 'label');`
			`select col_hasnt_default('campsite', 'label');`

			`select has_column('campsite', 'active');`
			`select col_type_is('campsite', 'active', 'boolean');`
			`select col_not_null('campsite', 'active');`
			`select col_has_default('campsite', 'active');`
			`select col_default_is('campsite', 'active', 'true');`


			`set client_min_messages to warning;`
			`truncate campsite cascade;`
			`truncate campsite_type cascade;`
Add cover media to campsite types This is the image that is shown at the home page, and maybe other pages in the future. We can not use a static file because this image can be changed by the customer, not us; just like name and description. I decided to keep the actual media content in the database, but to copy this file out to the file system the first time it is accessed. This is because we are going to replicate the database to a public instance that must show exactly the same image, but the customer will update the image from the private instance, behind a firewall. We could also synchronize the folder where they upload the images, the same way we will replicate, but i thought that i would make the whole thing a little more brittle: this way if it can replicate the update of the media, it is impossible to not have its contents; dumping it to a file is to improve subsequent requests to the same media. I use the hex representation of the media’s hash as the URL to the resource, because PostgreSQL’s base64 is not URL save (i.e., it uses RFC2045’s charset that includes the forward slash[0]), and i did not feel necessary write a new function just to slightly reduce the URLs’ length. Before checking if the file exists, i make sure that the given hash is an hex string, like i do for UUID, otherwise any other check is going to fail for sure. I moved out hex.Valid function from UUID to check for valid hex values, but the actual hash check is inside app/media because i doubt it will be used outside that module. [0]: https://datatracker.ietf.org/doc/html/rfc2045#section-6.8 2023-09-10 01:04:18 +00:00			`truncate media cascade;`
Manage all media uploads in a single place It made no sense to have a file upload in each form that needs a media, because to reuse an existing media users would need to upload the exact same file again; this is very unusual and unfriendly. A better option is to have a “centralized” media section, where people can upload files there, and then have a picker to select from there. Ideally, there would be an upload option in the picker, but i did not add it yet. I’ve split the content from the media because i want users to have the option to update a media, for instance when they need to upload a reduced or cropped version of the same photo, without an edit they would need to upload the file as a new media and then update all places where the old version was used. And i did not want to trouble people that uploads the same photo twice: without the separate relation, doing so would throw a constraint error. I do not believe there is any security problem to have all companies link their media to the same file, as they were already readable by everyone and could upload the data from a different company to their own; in other words, it is not worse than it was now. 2023-09-20 23:56:44 +00:00			`truncate media_content cascade;`
Add the campsite relation, HTTP handlers, and form For now, there is only the label, type, and active fields. We will need some field to hold the area on the map, but this requires #4, and possibly #6, to be finished. Part of #27. 2023-08-14 18:18:26 +00:00			`truncate company_host cascade;`
			`truncate company_user cascade;`
			`truncate company cascade;`
			`truncate auth."user" cascade;`
			`reset client_min_messages;`


			`insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at)`
			`values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')`
			`, (5, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')`
			`;`

			`insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code, currency_code, default_lang_tag)`
			`values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', 'ES', 'EUR', 'ca')`
			`, (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', 'FR', 'USD', 'ca')`
			`;`

			`insert into company_user (company_id, user_id, role)`
			`values (2, 1, 'admin')`
			`, (4, 5, 'admin')`
			`;`

			`insert into company_host (company_id, host)`
			`values (2, 'co2')`
			`, (4, 'co4')`
			`;`

Manage all media uploads in a single place It made no sense to have a file upload in each form that needs a media, because to reuse an existing media users would need to upload the exact same file again; this is very unusual and unfriendly. A better option is to have a “centralized” media section, where people can upload files there, and then have a picker to select from there. Ideally, there would be an upload option in the picker, but i did not add it yet. I’ve split the content from the media because i want users to have the option to update a media, for instance when they need to upload a reduced or cropped version of the same photo, without an edit they would need to upload the file as a new media and then update all places where the old version was used. And i did not want to trouble people that uploads the same photo twice: without the separate relation, doing so would throw a constraint error. I do not believe there is any security problem to have all companies link their media to the same file, as they were already readable by everyone and could upload the data from a different company to their own; in other words, it is not worse than it was now. 2023-09-20 23:56:44 +00:00			`insert into media_content (media_type, bytes)`
			`values ('image/x-xpixmap', 'static char *s[]={"1 1 1 1","a c #ffffff","a"};')`
			`;`

			`insert into media (media_id, company_id, original_filename, content_hash)`
			`values (6, 2, 'cover2.xpm', sha256('static char *s[]={"1 1 1 1","a c #ffffff","a"};'))`
			`, (8, 4, 'cover4.xpm', sha256('static char *s[]={"1 1 1 1","a c #ffffff","a"};'))`
Add cover media to campsite types This is the image that is shown at the home page, and maybe other pages in the future. We can not use a static file because this image can be changed by the customer, not us; just like name and description. I decided to keep the actual media content in the database, but to copy this file out to the file system the first time it is accessed. This is because we are going to replicate the database to a public instance that must show exactly the same image, but the customer will update the image from the private instance, behind a firewall. We could also synchronize the folder where they upload the images, the same way we will replicate, but i thought that i would make the whole thing a little more brittle: this way if it can replicate the update of the media, it is impossible to not have its contents; dumping it to a file is to improve subsequent requests to the same media. I use the hex representation of the media’s hash as the URL to the resource, because PostgreSQL’s base64 is not URL save (i.e., it uses RFC2045’s charset that includes the forward slash[0]), and i did not feel necessary write a new function just to slightly reduce the URLs’ length. Before checking if the file exists, i make sure that the given hash is an hex string, like i do for UUID, otherwise any other check is going to fail for sure. I moved out hex.Valid function from UUID to check for valid hex values, but the actual hash check is inside app/media because i doubt it will be used outside that module. [0]: https://datatracker.ietf.org/doc/html/rfc2045#section-6.8 2023-09-10 01:04:18 +00:00			`;`

			`insert into campsite_type (campsite_type_id, company_id, media_id, name)`
			`values (22, 2, 6, 'Wooden lodge')`
			`, (44, 4, 8, 'Bungalow')`
Add the campsite relation, HTTP handlers, and form For now, there is only the label, type, and active fields. We will need some field to hold the area on the map, but this requires #4, and possibly #6, to be finished. Part of #27. 2023-08-14 18:18:26 +00:00			`;`

			`insert into campsite (company_id, campsite_type_id, label)`
			`values (2, 22, 'W1')`
			`, (4, 44, 'B1')`
			`;`

			`prepare campsite_data as`
			`select company_id, label`
			`from campsite`
			`order by company_id, label;`

			`set role guest;`
			`select bag_eq(`
			`'campsite_data',`
			`$$ values (2, 'W1')`
			`, (4, 'B1')`
			`$$,`
			`'Everyone should be able to list all campsites across all companies'`
			`);`
			`reset role;`

			`select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2');`

			`select lives_ok(`
			`$$ insert into campsite(company_id, campsite_type_id, label) values (2, 22, 'w2' ) $$,`
			`'Admin from company 2 should be able to insert a new campsite to that company.'`
			`);`

			`select bag_eq(`
			`'campsite_data',`
			`$$ values (2, 'W1')`
			`, (2, 'w2')`
			`, (4, 'B1')`
			`$$,`
			`'The new row should have been added'`
			`);`

			`select lives_ok(`
			`$$ update campsite set label = 'W2' where company_id = 2 and label = 'w2' $$,`
			`'Admin from company 2 should be able to update campsites of that company.'`
			`);`

			`select bag_eq(`
			`'campsite_data',`
			`$$ values (2, 'W1')`
			`, (2, 'W2')`
			`, (4, 'B1')`
			`$$,`
			`'The row should have been updated.'`
			`);`

			`select lives_ok(`
			`$$ delete from campsite where company_id = 2 and label = 'W2' $$,`
			`'Admin from company 2 should be able to delete campsites from that company.'`
			`);`

			`select bag_eq(`
			`'campsite_data',`
			`$$ values (2, 'W1')`
			`, (4, 'B1')`
			`$$,`
			`'The row should have been deleted.'`
			`);`

			`select throws_ok(`
			`$$ insert into campsite (company_id, campsite_type_id, label) values (4, 44, 'W3' ) $$,`
			`'42501', 'new row violates row-level security policy for table "campsite"',`
			`'Admin from company 2 should NOT be able to insert new campsites to company 4.'`
			`);`

			`select lives_ok(`
			`$$ update campsite set label = 'Nope' where company_id = 4 $$,`
			`'Admin from company 2 should NOT be able to update campsite types of company 4, but no error if company_id is not changed.'`
			`);`

			`select bag_eq(`
			`'campsite_data',`
			`$$ values (2, 'W1')`
			`, (4, 'B1')`
			`$$,`
			`'No row should have been changed.'`
			`);`

			`select throws_ok(`
			`$$ update campsite set company_id = 4 where company_id = 2 $$,`
			`'42501', 'new row violates row-level security policy for table "campsite"',`
			`'Admin from company 2 should NOT be able to move campsites to company 4'`
			`);`

			`select lives_ok(`
			`$$ delete from campsite where company_id = 4 $$,`
			`'Admin from company 2 should NOT be able to delete campsite types from company 4, but not error is thrown'`
			`);`

			`select bag_eq(`
			`'campsite_data',`
			`$$ values (2, 'W1')`
			`, (4, 'B1')`
			`$$,`
			`'No row should have been changed'`
			`);`

			`select throws_ok(`
			`$$ insert into campsite (company_id, campsite_type_id, label) values (2, 22, ' ' ) $$,`
			`'23514', 'new row for relation "campsite" violates check constraint "label_not_empty"',`
			`'Should not be able to insert campsites with a blank label.'`
			`);`

			`reset role;`

			`select *`
			`from finish();`

			`rollback;`