-- Test location set client_min_messages to warning; create extension if not exists pgtap; reset client_min_messages; begin; select plan(38); set search_path to camper, public; select has_table('location'); select has_pk('location'); select table_privs_are('location', 'guest', array ['SELECT']); select table_privs_are('location', 'employee', array ['SELECT']); select table_privs_are('location', 'admin', array ['SELECT', 'INSERT', 'UPDATE', 'DELETE']); select table_privs_are('location', 'authenticator', array []::text[]); select has_column('location', 'company_id'); select col_is_pk('location', 'company_id'); select col_is_fk('location', 'company_id'); select fk_ok('location', 'company_id', 'company', 'company_id'); select col_type_is('location', 'company_id', 'integer'); select col_not_null('location', 'company_id'); select col_hasnt_default('location', 'company_id'); select has_column('location', 'directions'); select col_type_is('location', 'directions', 'xml'); select col_not_null('location', 'directions'); select col_hasnt_default('location', 'directions'); select has_column('location', 'map_embed'); select col_type_is('location', 'map_embed', 'xml'); select col_not_null('location', 'map_embed'); select col_hasnt_default('location', 'map_embed'); select has_column('location', 'opening_dates'); select col_type_is('location', 'opening_dates', 'xml'); select col_not_null('location', 'opening_dates'); select col_hasnt_default('location', 'opening_dates'); set client_min_messages to warning; truncate location cascade; truncate company_host cascade; truncate company_user cascade; truncate company cascade; truncate auth."user" cascade; reset client_min_messages; insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at) values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month') , (5, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month') ; insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, rtc_number, tourist_tax, tourist_tax_max_days, country_code, currency_code, default_lang_tag) values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', '', 60, 7, 'ES', 'EUR', 'ca') , (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', '', 60, 7, 'FR', 'USD', 'ca') , (8, 'Company 8', 'XX345', '', '777-777-777', 'c@c', '', '', '', '', '', '', 60, 7, 'DE', 'USD', 'en') ; insert into company_user (company_id, user_id, role) values (2, 1, 'admin') , (4, 5, 'admin') ; insert into company_host (company_id, host) values (2, 'co2') , (4, 'co4') ; insert into location (company_id, directions, map_embed, opening_dates) values (2, '

up

', '', '

today

') , (4, '

down

', '', '

yesterday

') ; prepare location_data as select company_id, directions::text, map_embed::text, opening_dates::text from location ; set role guest; select bag_eq( 'location_data', $$ values (2, '

up

', '', '

today

') , (4, '

down

', '', '

yesterday

') $$, 'Everyone should be able to list all location across all companies' ); reset role; select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2'); select lives_ok( $$ delete from location where company_id = 2 $$, 'Admin from company 2 should be able to delete location from that company.' ); select bag_eq( 'location_data', $$ values (4, '

down

', '', '

yesterday

') $$, 'The row should have been deleted.' ); select lives_ok( $$ insert into location(company_id, directions, map_embed, opening_dates) values (2, '

left

', '', '

tomorrow

') $$, 'Admin from company 2 should be able to insert a new location to that company.' ); select bag_eq( 'location_data', $$ values (2, '

left

', '', '

tomorrow

') , (4, '

down

', '', '

yesterday

') $$, 'The new row should have been added' ); select lives_ok( $$ update location set directions = '

up

', map_embed = '', opening_dates = '

today

' where company_id = 2 $$, 'Admin from company 2 should be able to update location of that company.' ); select bag_eq( 'location_data', $$ values (2, '

up

', '', '

today

') , (4, '

down

', '', '

yesterday

') $$, 'The row should have been updated.' ); select throws_ok( $$ insert into location (company_id, directions, map_embed, opening_dates) values (8, '

', '

', '

') $$, '42501', 'new row violates row-level security policy for table "location"', 'Admin from company 2 should NOT be able to insert new location to another company.' ); select lives_ok( $$ update location set opening_dates = '

never

' where company_id = 4 $$, 'Admin from company 2 should not be able to update location of company 4, but no error if company_id is not changed.' ); select bag_eq( 'location_data', $$ values (2, '

up

', '', '

today

') , (4, '

down

', '', '

yesterday

') $$, 'No row should have been changed.' ); select throws_ok( $$ update location set company_id = 4 where company_id = 2 $$, '42501', 'new row violates row-level security policy for table "location"', 'Admin from company 2 should NOT be able to move location to company 4' ); select lives_ok( $$ delete from location where company_id = 4 $$, 'Admin from company 2 should NOT be able to delete location from company 4, but not error is thrown' ); select bag_eq( 'location_data', $$ values (2, '

up

', '', '

today

') , (4, '

down

', '', '

yesterday

') $$, 'No row should have been changed' ); reset role; select * from finish(); rollback;