tandem/camper
tandem
/
camper
2
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases Wiki Activity
camper/test/user_profile.sql

189 lines
6.9 KiB
MySQL
Raw Normal View History

Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
-- Test user_profile
set client_min_messages to warning;
create extension if not exists pgtap;
reset client_min_messages;
begin;
select plan(53);
set search_path to camper, auth, public;
select has_view('user_profile');
select table_privs_are('user_profile', 'guest', array ['SELECT']);
select table_privs_are('user_profile', 'employee', array ['SELECT']);
select table_privs_are('user_profile', 'admin', array ['SELECT']);
select table_privs_are('user_profile', 'authenticator', array []::text[]);
select has_column('user_profile', 'user_id');
select col_type_is('user_profile', 'user_id', 'integer');
select column_privs_are('user_profile', 'user_id', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'user_id', 'employee', array ['SELECT']);
select column_privs_are('user_profile', 'user_id', 'admin', array ['SELECT']);
select column_privs_are('user_profile', 'user_id', 'authenticator', array []::text[]);
select has_column('user_profile', 'email');
select col_type_is('user_profile', 'email', 'email');
select column_privs_are('user_profile', 'email', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'email', 'employee', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'email', 'admin', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'email', 'authenticator', array []::text[]);
select has_column('user_profile', 'name');
select col_type_is('user_profile', 'name', 'text');
select column_privs_are('user_profile', 'name', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'name', 'employee', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'name', 'admin', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'name', 'authenticator', array []::text[]);
select has_column('user_profile', 'role');
select col_type_is('user_profile', 'role', 'name');
select column_privs_are('user_profile', 'role', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'role', 'employee', array ['SELECT']);
select column_privs_are('user_profile', 'role', 'admin', array ['SELECT']);
select column_privs_are('user_profile', 'role', 'authenticator', array []::text[]);
select has_column('user_profile', 'lang_tag');
select col_type_is('user_profile', 'lang_tag', 'text');
select column_privs_are('user_profile', 'lang_tag', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'lang_tag', 'employee', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'lang_tag', 'admin', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'lang_tag', 'authenticator', array []::text[]);
select has_column('user_profile', 'csrf_token');
select col_type_is('user_profile', 'csrf_token', 'text');
select column_privs_are('user_profile', 'csrf_token', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'csrf_token', 'employee', array ['SELECT']);
select column_privs_are('user_profile', 'csrf_token', 'admin', array ['SELECT']);
select column_privs_are('user_profile', 'csrf_token', 'authenticator', array []::text[]);
set client_min_messages to warning;
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
truncate company_host cascade;
truncate company_user cascade;
truncate company cascade;
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
truncate auth."user" cascade;
reset client_min_messages;
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at, lang_tag)
values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month', 'ca')
, (5, 'admin@tandem.blog', 'Admin', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month', 'es')
, (7, 'another@tandem.blog', 'Another Admin', 'test', default, default, default)
;
insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code, currency_code, default_lang_tag)
values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', 'ES', 'EUR', 'ca')
, (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', 'FR', 'USD', 'es')
;
insert into company_user (company_id, user_id, role)
values (2, 1, 'employee')
, (4, 5, 'admin')
, (4, 7, 'admin')
;
insert into company_host (company_id, host)
values (2, 'co2')
, (4, 'co4')
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
;
prepare profile as
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
select user_id, company_id, email, name, role, lang_tag, csrf_token
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
from user_profile;
select set_config('request.user.cookie', '', false);
select results_eq(
'profile',
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
$$ values (0, 0, null::email, '', 'guest'::name, 'und', '') $$,
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
'Should be set up with the guest user when no user logged in yet.'
);
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2');
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
select results_eq(
'profile',
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
$$ values (1, 2, 'demo@tandem.blog'::email, 'Demo', 'employee'::name, 'ca', '44facbb30d') $$,
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
'Should only see the profile of the first user'
);
select lives_ok($$
update user_profile
set email = 'demo+update@tandem.blog'
, name = 'Demo Update'
, lang_tag = 'es';
$$,
'Should be able to update the first profile'
);
select throws_ok(
$$ update user_profile set user_id = 123 $$,
'42501', 'permission denied for view user_profile',
'Should not be able to change the ID'
);
select throws_ok(
$$ update user_profile set role = 'admin' $$,
'42501', 'permission denied for view user_profile',
'Should not be able to change the ID'
);
select results_eq(
'profile',
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
$$ values (1, 2, 'demo+update@tandem.blog'::email, 'Demo Update', 'employee'::name, 'es', '44facbb30d') $$,
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
'Should see the changed profile of the first user'
);
reset role;
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
select set_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog', 'co4');
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
select results_eq(
'profile',
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
$$ values (5, 4, 'admin@tandem.blog'::email, 'Admin', 'admin'::name, 'es', '12af4c88b5') $$,
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
'Should only see the profile of the second user'
);
select lives_ok($$
update user_profile
set email = 'admin+update@tandem.blog'
, name = 'Admin Update'
, lang_tag = 'ca';
$$,
'Should be able to update the second profile'
);
select throws_ok(
$$ update user_profile set user_id = 123 $$,
'42501', 'permission denied for view user_profile',
'Should not be able to change the ID'
);
select throws_ok(
$$ update user_profile set role = 'employee' $$,
'42501', 'permission denied for view user_profile',
'Should not be able to change the ID'
);
select results_eq(
'profile',
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
2023-08-08 00:22:16 +00:00
$$ values (5, 4, 'admin+update@tandem.blog'::email, 'Admin Update', 'admin'::name, 'ca', '12af4c88b5') $$,
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1
2023-07-21 23:59:12 +00:00
'Should see the changed profile of the first user'
);
reset role;
select results_eq(
$$ select user_id, email, name, lang_tag from auth."user" order by user_id $$,
$$ values (1, 'demo+update@tandem.blog'::email, 'Demo Update', 'es')
, (5, 'admin+update@tandem.blog'::email, 'Admin Update', 'ca')
, (7, 'another@tandem.blog'::email, 'Another Admin', 'und')
$$,
'Should have updated the base tables data'
);
select *
from finish();
rollback;