-- Test home_carousel set client_min_messages to warning; create extension if not exists pgtap; reset client_min_messages; begin; select plan(30); set search_path to camper, public; select has_table('home_carousel'); select has_pk('home_carousel'); select table_privs_are('home_carousel', 'guest', array['SELECT']); select table_privs_are('home_carousel', 'employee', array['SELECT']); select table_privs_are('home_carousel', 'admin', array['SELECT', 'INSERT', 'UPDATE', 'DELETE']); select table_privs_are('home_carousel', 'authenticator', array[]::text[]); select has_column('home_carousel', 'media_id'); select col_is_pk('home_carousel', 'media_id'); select col_is_fk('home_carousel', 'media_id'); select fk_ok('home_carousel', 'media_id', 'media', 'media_id'); select col_type_is('home_carousel', 'media_id', 'integer'); select col_not_null('home_carousel', 'media_id'); select col_hasnt_default('home_carousel', 'media_id'); select has_column('home_carousel', 'caption'); select col_type_is('home_carousel', 'caption', 'text'); select col_not_null('home_carousel', 'caption'); select col_hasnt_default('home_carousel', 'caption'); set client_min_messages to warning; truncate home_carousel cascade; truncate media cascade; truncate company_host cascade; truncate company_user cascade; truncate company cascade; truncate auth."user" cascade; reset client_min_messages; insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at) values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month') , (5, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month') ; insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code, currency_code, default_lang_tag) values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', 'ES', 'EUR', 'ca') , (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', 'FR', 'USD', 'ca') ; insert into company_user (company_id, user_id, role) values (2, 1, 'admin') , (4, 5, 'admin') ; insert into company_host (company_id, host) values (2, 'co2') , (4, 'co4') ; insert into media (media_id, company_id, original_filename, media_type, content) values ( 7, 2, 'text2.txt', 'text/plain', 'content2') , ( 8, 2, 'text3.txt', 'text/plain', 'content3') , ( 9, 4, 'text4.txt', 'text/plain', 'content4') , (10, 4, 'text5.txt', 'text/plain', 'content5') ; insert into home_carousel (media_id, caption) values (7, 'Caption 7') , (9, 'Caption 9') ; prepare carousel_data as select media_id, caption from home_carousel order by media_id, caption; set role guest; select bag_eq( 'carousel_data', $$ values (7, 'Caption 7') , (9, 'Caption 9') $$, 'Everyone should be able to list all carousel media across all companies' ); reset role; select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2'); select lives_ok( $$ insert into home_carousel(media_id, caption) values (8, 'Caption 8') $$, 'Admin from company 2 should be able to insert a new carousel media to that company.' ); select bag_eq( 'carousel_data', $$ values (7, 'Caption 7') , (8, 'Caption 8') , (9, 'Caption 9') $$, 'The new row should have been added' ); select lives_ok( $$ update home_carousel set caption = 'Caption 8.8' where media_id = 8 $$, 'Admin from company 2 should be able to update carousel media of that company.' ); select bag_eq( 'carousel_data', $$ values (7, 'Caption 7') , (8, 'Caption 8.8') , (9, 'Caption 9') $$, 'The row should have been updated.' ); select lives_ok( $$ delete from home_carousel where media_id = 8 $$, 'Admin from company 2 should be able to delete carousel media from that company.' ); select bag_eq( 'carousel_data', $$ values (7, 'Caption 7') , (9, 'Caption 9') $$, 'The row should have been deleted.' ); select throws_ok( $$ insert into home_carousel (media_id, caption) values (10, 'Caption 10') $$, '42501', 'new row violates row-level security policy for table "home_carousel"', 'Admin from company 2 should NOT be able to insert new media to company 4.' ); select lives_ok( $$ update home_carousel set caption = 'Nope' where media_id = 9 $$, 'Admin from company 2 should not be able to update new carousel media of company 4, but no error if media_id is not changed.' ); select bag_eq( 'carousel_data', $$ values (7, 'Caption 7') , (9, 'Caption 9') $$, 'No row should have been changed.' ); select throws_ok( $$ update home_carousel set media_id = 10 where media_id = 7 $$, '42501', 'new row violates row-level security policy for table "home_carousel"', 'Admin from company 2 should NOT be able to move carousel media to company 4' ); select lives_ok( $$ delete from home_carousel where media_id = 9 $$, 'Admin from company 2 should NOT be able to delete carousel media from company 4, but no error is thrown' ); select bag_eq( 'carousel_data', $$ values (7, 'Caption 7') , (9, 'Caption 9') $$, 'No row should have been changed' ); reset role; select * from finish(); rollback;