jordi fita mas
97cf117da3
It made no sense to have a file upload in each form that needs a media, because to reuse an existing media users would need to upload the exact same file again; this is very unusual and unfriendly. A better option is to have a “centralized” media section, where people can upload files there, and then have a picker to select from there. Ideally, there would be an upload option in the picker, but i did not add it yet. I’ve split the content from the media because i want users to have the option to update a media, for instance when they need to upload a reduced or cropped version of the same photo, without an edit they would need to upload the file as a new media and then update all places where the old version was used. And i did not want to trouble people that uploads the same photo twice: without the separate relation, doing so would throw a constraint error. I do not believe there is any security problem to have all companies link their media to the same file, as they were already readable by everyone and could upload the data from a different company to their own; in other words, it is not worse than it was now.
187 lines
5.5 KiB
PL/PgSQL
187 lines
5.5 KiB
PL/PgSQL
-- Test services_carousel
|
|
set client_min_messages to warning;
|
|
create extension if not exists pgtap;
|
|
reset client_min_messages;
|
|
|
|
begin;
|
|
|
|
select plan(30);
|
|
|
|
set search_path to camper, public;
|
|
|
|
select has_table('services_carousel');
|
|
select has_pk('services_carousel');
|
|
select table_privs_are('services_carousel', 'guest', array['SELECT']);
|
|
select table_privs_are('services_carousel', 'employee', array['SELECT']);
|
|
select table_privs_are('services_carousel', 'admin', array['SELECT', 'INSERT', 'UPDATE', 'DELETE']);
|
|
select table_privs_are('services_carousel', 'authenticator', array[]::text[]);
|
|
|
|
select has_column('services_carousel', 'media_id');
|
|
select col_is_pk('services_carousel', 'media_id');
|
|
select col_is_fk('services_carousel', 'media_id');
|
|
select fk_ok('services_carousel', 'media_id', 'media', 'media_id');
|
|
select col_type_is('services_carousel', 'media_id', 'integer');
|
|
select col_not_null('services_carousel', 'media_id');
|
|
select col_hasnt_default('services_carousel', 'media_id');
|
|
|
|
select has_column('services_carousel', 'caption');
|
|
select col_type_is('services_carousel', 'caption', 'text');
|
|
select col_not_null('services_carousel', 'caption');
|
|
select col_hasnt_default('services_carousel', 'caption');
|
|
|
|
set client_min_messages to warning;
|
|
truncate services_carousel cascade;
|
|
truncate media cascade;
|
|
truncate media_content cascade;
|
|
truncate company_host cascade;
|
|
truncate company_user cascade;
|
|
truncate company cascade;
|
|
truncate auth."user" cascade;
|
|
reset client_min_messages;
|
|
|
|
insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at)
|
|
values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')
|
|
, (5, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')
|
|
;
|
|
|
|
insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code, currency_code, default_lang_tag)
|
|
values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', 'ES', 'EUR', 'ca')
|
|
, (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', 'FR', 'USD', 'ca')
|
|
;
|
|
|
|
insert into company_user (company_id, user_id, role)
|
|
values (2, 1, 'admin')
|
|
, (4, 5, 'admin')
|
|
;
|
|
|
|
insert into company_host (company_id, host)
|
|
values (2, 'co2')
|
|
, (4, 'co4')
|
|
;
|
|
|
|
insert into media_content (media_type, bytes)
|
|
values ('text/plain', 'content2')
|
|
, ('text/plain', 'content3')
|
|
, ('text/plain', 'content4')
|
|
, ('text/plain', 'content5')
|
|
;
|
|
|
|
insert into media (media_id, company_id, original_filename, content_hash)
|
|
values ( 7, 2, 'text2.txt', sha256('content2'))
|
|
, ( 8, 2, 'text3.txt', sha256('content3'))
|
|
, ( 9, 4, 'text4.txt', sha256('content4'))
|
|
, (10, 4, 'text5.txt', sha256('content5'))
|
|
;
|
|
|
|
insert into services_carousel (media_id, caption)
|
|
values (7, 'Caption 7')
|
|
, (9, 'Caption 9')
|
|
;
|
|
|
|
prepare carousel_data as
|
|
select media_id, caption
|
|
from services_carousel
|
|
order by media_id, caption;
|
|
|
|
set role guest;
|
|
select bag_eq(
|
|
'carousel_data',
|
|
$$ values (7, 'Caption 7')
|
|
, (9, 'Caption 9')
|
|
$$,
|
|
'Everyone should be able to list all carousel media across all companies'
|
|
);
|
|
reset role;
|
|
|
|
select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2');
|
|
|
|
select lives_ok(
|
|
$$ insert into services_carousel(media_id, caption)
|
|
values (8, 'Caption 8') $$,
|
|
'Admin from company 2 should be able to insert a new carousel media to that company.'
|
|
);
|
|
|
|
select bag_eq(
|
|
'carousel_data',
|
|
$$ values (7, 'Caption 7')
|
|
, (8, 'Caption 8')
|
|
, (9, 'Caption 9')
|
|
$$,
|
|
'The new row should have been added'
|
|
);
|
|
|
|
select lives_ok(
|
|
$$ update services_carousel set caption = 'Caption 8.8' where media_id = 8 $$,
|
|
'Admin from company 2 should be able to update carousel media of that company.'
|
|
);
|
|
|
|
select bag_eq(
|
|
'carousel_data',
|
|
$$ values (7, 'Caption 7')
|
|
, (8, 'Caption 8.8')
|
|
, (9, 'Caption 9')
|
|
$$,
|
|
'The row should have been updated.'
|
|
);
|
|
|
|
select lives_ok(
|
|
$$ delete from services_carousel where media_id = 8 $$,
|
|
'Admin from company 2 should be able to delete carousel media from that company.'
|
|
);
|
|
|
|
select bag_eq(
|
|
'carousel_data',
|
|
$$ values (7, 'Caption 7')
|
|
, (9, 'Caption 9')
|
|
$$,
|
|
'The row should have been deleted.'
|
|
);
|
|
|
|
select throws_ok(
|
|
$$ insert into services_carousel (media_id, caption)
|
|
values (10, 'Caption 10') $$,
|
|
'42501', 'new row violates row-level security policy for table "services_carousel"',
|
|
'Admin from company 2 should NOT be able to insert new media to company 4.'
|
|
);
|
|
|
|
select lives_ok(
|
|
$$ update services_carousel set caption = 'Nope' where media_id = 9 $$,
|
|
'Admin from company 2 should not be able to update new carousel media of company 4, but no error if media_id is not changed.'
|
|
);
|
|
|
|
select bag_eq(
|
|
'carousel_data',
|
|
$$ values (7, 'Caption 7')
|
|
, (9, 'Caption 9')
|
|
$$,
|
|
'No row should have been changed.'
|
|
);
|
|
|
|
select throws_ok(
|
|
$$ update services_carousel set media_id = 10 where media_id = 7 $$,
|
|
'42501', 'new row violates row-level security policy for table "services_carousel"',
|
|
'Admin from company 2 should NOT be able to move carousel media to company 4'
|
|
);
|
|
|
|
select lives_ok(
|
|
$$ delete from services_carousel where media_id = 9 $$,
|
|
'Admin from company 2 should NOT be able to delete carousel media from company 4, but no error is thrown'
|
|
);
|
|
|
|
select bag_eq(
|
|
'carousel_data',
|
|
$$ values (7, 'Caption 7')
|
|
, (9, 'Caption 9')
|
|
$$,
|
|
'No row should have been changed'
|
|
);
|
|
|
|
reset role;
|
|
|
|
|
|
select *
|
|
from finish();
|
|
|
|
rollback;
|
|
|