Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.
The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.
I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.
Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively. These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 20:46:07 +00:00
|
|
|
-- Test company
|
|
|
|
set client_min_messages to warning;
|
|
|
|
create extension if not exists pgtap;
|
|
|
|
reset client_min_messages;
|
|
|
|
|
|
|
|
begin;
|
|
|
|
|
2023-01-27 20:30:14 +00:00
|
|
|
select plan(79);
|
Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.
The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.
I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.
Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively. These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 20:46:07 +00:00
|
|
|
|
|
|
|
set search_path to numerus, auth, public;
|
|
|
|
|
|
|
|
select has_table('company');
|
|
|
|
select has_pk('company');
|
|
|
|
select table_privs_are('company', 'guest', array []::text[]);
|
2023-01-27 00:08:03 +00:00
|
|
|
select table_privs_are('company', 'invoicer', array ['SELECT', 'UPDATE']);
|
|
|
|
select table_privs_are('company', 'admin', array ['SELECT', 'UPDATE']);
|
Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.
The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.
I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.
Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively. These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 20:46:07 +00:00
|
|
|
select table_privs_are('company', 'authenticator', array []::text[]);
|
|
|
|
|
|
|
|
select has_column('company', 'company_id');
|
|
|
|
select col_is_pk('company', 'company_id');
|
|
|
|
select col_type_is('company', 'company_id', 'integer');
|
|
|
|
select col_not_null('company', 'company_id');
|
|
|
|
select col_has_default('company', 'company_id');
|
|
|
|
select col_default_is('company', 'company_id', 'nextval(''company_company_id_seq''::regclass)');
|
|
|
|
|
|
|
|
select has_column('company', 'slug');
|
|
|
|
select col_is_unique('company', 'slug');
|
|
|
|
select col_type_is('company', 'slug', 'uuid');
|
|
|
|
select col_not_null('company', 'slug');
|
|
|
|
select col_has_default('company', 'slug');
|
|
|
|
select col_default_is('company', 'slug', 'gen_random_uuid()');
|
|
|
|
|
|
|
|
select has_column('company', 'business_name');
|
|
|
|
select col_type_is('company', 'business_name', 'text');
|
|
|
|
select col_not_null('company', 'business_name');
|
|
|
|
select col_hasnt_default('company', 'business_name');
|
|
|
|
|
|
|
|
select has_column('company', 'vatin');
|
|
|
|
select col_type_is('company', 'vatin', 'vatin');
|
|
|
|
select col_not_null('company', 'vatin');
|
|
|
|
select col_hasnt_default('company', 'vatin');
|
|
|
|
|
|
|
|
select has_column('company', 'trade_name');
|
|
|
|
select col_type_is('company', 'trade_name', 'text');
|
|
|
|
select col_not_null('company', 'trade_name');
|
|
|
|
select col_hasnt_default('company', 'trade_name');
|
|
|
|
|
|
|
|
select has_column('company', 'phone');
|
|
|
|
select col_type_is('company', 'phone', 'packed_phone_number');
|
|
|
|
select col_not_null('company', 'phone');
|
|
|
|
select col_hasnt_default('company', 'phone');
|
|
|
|
|
|
|
|
select has_column('company', 'email');
|
|
|
|
select col_type_is('company', 'email', 'email');
|
|
|
|
select col_not_null('company', 'email');
|
|
|
|
select col_hasnt_default('company', 'email');
|
|
|
|
|
|
|
|
select has_column('company', 'web');
|
|
|
|
select col_type_is('company', 'web', 'uri');
|
|
|
|
select col_not_null('company', 'web');
|
|
|
|
select col_hasnt_default('company', 'web');
|
|
|
|
|
|
|
|
select has_column('company', 'address');
|
|
|
|
select col_type_is('company', 'address', 'text');
|
|
|
|
select col_not_null('company', 'address');
|
|
|
|
select col_hasnt_default('company', 'address');
|
|
|
|
|
|
|
|
select has_column('company', 'city');
|
|
|
|
select col_type_is('company', 'city', 'text');
|
|
|
|
select col_not_null('company', 'city');
|
|
|
|
select col_hasnt_default('company', 'city');
|
|
|
|
|
|
|
|
select has_column('company', 'province');
|
|
|
|
select col_type_is('company', 'province', 'text');
|
|
|
|
select col_not_null('company', 'province');
|
|
|
|
select col_hasnt_default('company', 'province');
|
|
|
|
|
|
|
|
select has_column('company', 'postal_code');
|
|
|
|
select col_type_is('company', 'postal_code', 'text');
|
|
|
|
select col_not_null('company', 'postal_code');
|
|
|
|
select col_hasnt_default('company', 'postal_code');
|
|
|
|
|
2023-01-27 20:30:14 +00:00
|
|
|
select has_column('company', 'country_code');
|
|
|
|
select col_type_is('company', 'country_code', 'country_code');
|
|
|
|
select col_is_fk('company', 'country_code');
|
|
|
|
select fk_ok('company', 'country_code', 'country', 'country_code');
|
|
|
|
select col_not_null('company', 'country_code');
|
|
|
|
select col_hasnt_default('company', 'country_code');
|
Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.
The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.
I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.
Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively. These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 20:46:07 +00:00
|
|
|
|
|
|
|
select has_column('company', 'currency_code');
|
|
|
|
select col_is_fk('company', 'currency_code');
|
|
|
|
select fk_ok('company', 'currency_code', 'currency', 'currency_code');
|
|
|
|
select col_type_is('company', 'currency_code', 'currency_code');
|
|
|
|
select col_not_null('company', 'currency_code');
|
|
|
|
select col_hasnt_default('company', 'currency_code');
|
|
|
|
|
|
|
|
select has_column('company', 'created_at');
|
|
|
|
select col_type_is('company', 'created_at', 'timestamp with time zone');
|
|
|
|
select col_not_null('company', 'created_at');
|
|
|
|
select col_has_default('company', 'created_at');
|
|
|
|
select col_default_is('company', 'created_at', current_timestamp);
|
|
|
|
|
|
|
|
|
|
|
|
set client_min_messages to warning;
|
|
|
|
truncate company_user cascade;
|
|
|
|
truncate company cascade;
|
|
|
|
truncate auth."user" cascade;
|
|
|
|
reset client_min_messages;
|
|
|
|
|
|
|
|
insert into auth."user" (user_id, email, name, password, role, cookie, cookie_expires_at)
|
|
|
|
values (1, 'demo@tandem.blog', 'Demo', 'test', 'invoicer', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')
|
|
|
|
, (5, 'admin@tandem.blog', 'Demo', 'test', 'admin', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')
|
|
|
|
;
|
|
|
|
|
2023-01-27 20:30:14 +00:00
|
|
|
insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code, currency_code)
|
|
|
|
values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', 'ES', 'EUR')
|
|
|
|
, (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', 'FR', 'USD')
|
|
|
|
, (6, 'Company 6', 'XX345', '', '777-777-777', 'c@c', '', '', '', '', '', 'DE', 'USD')
|
Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.
The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.
I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.
Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively. These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 20:46:07 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
insert into company_user (company_id, user_id)
|
|
|
|
values (2, 1)
|
|
|
|
, (2, 5)
|
|
|
|
, (4, 1)
|
|
|
|
, (6, 5)
|
|
|
|
;
|
|
|
|
|
|
|
|
prepare company_data as
|
|
|
|
select company_id, business_name
|
|
|
|
from company
|
|
|
|
order by company_id;
|
|
|
|
|
|
|
|
set role invoicer;
|
|
|
|
select is_empty('company_data', 'Should show no data when cookie is not set yet');
|
|
|
|
reset role;
|
|
|
|
|
|
|
|
select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog');
|
|
|
|
select results_eq(
|
|
|
|
'company_data',
|
|
|
|
$$ values ( 2, 'Company 2' )
|
|
|
|
, ( 4, 'Company 4' )
|
|
|
|
$$,
|
|
|
|
'Should only list companies where demo@tandem.blog is user of'
|
|
|
|
);
|
|
|
|
reset role;
|
|
|
|
|
|
|
|
select set_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog');
|
|
|
|
select results_eq(
|
|
|
|
'company_data',
|
|
|
|
$$ values ( 2, 'Company 2' )
|
|
|
|
, ( 6, 'Company 6' )
|
|
|
|
$$,
|
|
|
|
'Should only list companies where admin@tandem.blog is user of'
|
|
|
|
);
|
|
|
|
reset role;
|
|
|
|
|
|
|
|
select set_cookie('not-a-cookie');
|
|
|
|
select throws_ok(
|
|
|
|
'company_data',
|
|
|
|
'42501', 'permission denied for table company',
|
|
|
|
'Should not allow select to guest users'
|
|
|
|
);
|
|
|
|
reset role;
|
|
|
|
|
|
|
|
select finish();
|
|
|
|
rollback;
|