Add the invoice relation

2023-02-09 11:42:31 +01:00 · 2023-02-09 11:42:31 +01:00 · aad0d33c47
parent b2971e3a09
commit aad0d33c47
5 changed files with 238 additions and 0 deletions
--- a/deploy/invoice.sql
+++ b/deploy/invoice.sql
@ -0,0 +1,44 @@
+-- Deploy numerus:invoice to pg
+-- requires: schema_numerus
+-- requires: company
+-- requires: contact
+-- requires: invoice_status
+-- requires: currency
+
+begin;
+
+set search_path to numerus, public;
+
+create table invoice (
+	invoice_id serial primary key,
+	company_id integer not null references company,
+	slug uuid not null unique default gen_random_uuid(),
+	invoice_number text not null,
+	invoice_date date not null default current_date,
+	contact_id integer not null references contact,
+	invoice_status text not null default 'created' references invoice_status,
+	notes text not null default '',
+	currency_code text not null references currency,
+	created_at timestamptz not null default current_timestamp
+);
+
+grant select, insert, update, delete on table invoice to invoicer;
+grant select, insert, update, delete on table invoice to admin;
+
+grant usage on sequence invoice_invoice_id_seq to invoicer;
+grant usage on sequence invoice_invoice_id_seq to admin;
+
+alter table invoice enable row level security;
+
+create policy company_policy
+on invoice
+using (
+	exists(
+		select 1
+		from company_user
+		join user_profile using (user_id)
+		where company_user.company_id = invoice.company_id
+	)
+);
+
+commit;
--- a/revert/invoice.sql
+++ b/revert/invoice.sql
@ -0,0 +1,7 @@
+-- Revert numerus:invoice from pg
+
+begin;
+
+drop table if exists numerus.invoice;
+
+commit;
--- a/sqitch.plan
+++ b/sqitch.plan
@ -46,3 +46,4 @@ invoice_status [schema_numerus] 2023-02-07T14:50:26Z jordi fita mas <jordi@tande
 invoice_status_i18n [schema_numerus invoice_status language] 2023-02-07T14:56:18Z jordi fita mas <jordi@tandem.blog> # Add relation for invoice status’ translatable texts
 available_invoice_status [schema_numerus invoice_status invoice_status_i18n] 2023-02-07T15:07:06Z jordi fita mas <jordi@tandem.blog> # Add the list of available invoice status
 product_tax [schema_numerus product tax] 2023-02-08T11:36:49Z jordi fita mas <jordi@tandem.blog> # Add relation of product taxes
+invoice [schema_numerus company contact invoice_status currency] 2023-02-09T09:52:21Z jordi fita mas <jordi@tandem.blog> # Add relation for invoice
--- a/test/invoice.sql
+++ b/test/invoice.sql
@ -0,0 +1,165 @@
+-- Test invoice
+set client_min_messages to warning;
+create extension if not exists pgtap;
+reset client_min_messages;
+
+begin;
+
+select plan(71);
+
+set search_path to numerus, auth, public;
+
+select has_table('invoice');
+select has_pk('invoice' );
+select table_privs_are('invoice', 'guest', array []::text[]);
+select table_privs_are('invoice', 'invoicer', array ['SELECT', 'INSERT', 'UPDATE', 'DELETE']);
+select table_privs_are('invoice', 'admin', array ['SELECT', 'INSERT', 'UPDATE', 'DELETE']);
+select table_privs_are('invoice', 'authenticator', array []::text[]);
+
+select has_sequence('invoice_invoice_id_seq');
+select sequence_privs_are('invoice_invoice_id_seq', 'guest', array[]::text[]);
+select sequence_privs_are('invoice_invoice_id_seq', 'invoicer', array['USAGE']);
+select sequence_privs_are('invoice_invoice_id_seq', 'admin', array['USAGE']);
+select sequence_privs_are('invoice_invoice_id_seq', 'authenticator', array[]::text[]);
+
+select has_column('invoice', 'invoice_id');
+select col_is_pk('invoice', 'invoice_id');
+select col_type_is('invoice', 'invoice_id', 'integer');
+select col_not_null('invoice', 'invoice_id');
+select col_has_default('invoice', 'invoice_id');
+select col_default_is('invoice', 'invoice_id', 'nextval(''invoice_invoice_id_seq''::regclass)');
+
+select has_column('invoice', 'company_id');
+select col_is_fk('invoice', 'company_id');
+select fk_ok('invoice', 'company_id', 'company', 'company_id');
+select col_type_is('invoice', 'company_id', 'integer');
+select col_not_null('invoice', 'company_id');
+select col_hasnt_default('invoice', 'company_id');
+
+select has_column('invoice', 'slug');
+select col_is_unique('invoice', 'slug');
+select col_type_is('invoice', 'slug', 'uuid');
+select col_not_null('invoice', 'slug');
+select col_has_default('invoice', 'slug');
+select col_default_is('invoice', 'slug', 'gen_random_uuid()');
+
+select has_column('invoice', 'invoice_number');
+select col_type_is('invoice', 'invoice_number', 'text');
+select col_not_null('invoice', 'invoice_number');
+select col_hasnt_default('invoice', 'invoice_number');
+
+select has_column('invoice', 'invoice_date');
+select col_type_is('invoice', 'invoice_date', 'date');
+select col_not_null('invoice', 'invoice_date');
+select col_has_default('invoice', 'invoice_date');
+select col_default_is('invoice', 'invoice_date', current_date);
+
+select has_column('invoice', 'contact_id');
+select col_is_fk('invoice', 'contact_id');
+select fk_ok('invoice', 'contact_id', 'contact', 'contact_id');
+select col_type_is('invoice', 'contact_id', 'integer');
+select col_not_null('invoice', 'contact_id');
+select col_hasnt_default('invoice', 'contact_id');
+
+select has_column('invoice', 'invoice_status');
+select col_is_fk('invoice', 'invoice_status');
+select fk_ok('invoice', 'invoice_status', 'invoice_status', 'invoice_status');
+select col_type_is('invoice', 'invoice_status', 'text');
+select col_not_null('invoice', 'invoice_status');
+select col_has_default('invoice', 'invoice_status');
+select col_default_is('invoice', 'invoice_status', 'created');
+
+select has_column('invoice', 'notes');
+select col_type_is('invoice', 'notes', 'text');
+select col_not_null('invoice', 'notes');
+select col_has_default('invoice', 'notes');
+select col_default_is('invoice', 'notes', '');
+
+select has_column('invoice', 'currency_code');
+select col_is_fk('invoice', 'currency_code');
+select fk_ok('invoice', 'currency_code', 'currency', 'currency_code');
+select col_type_is('invoice', 'currency_code', 'text');
+select col_not_null('invoice', 'currency_code');
+select col_hasnt_default('invoice', 'currency_code');
+
+select has_column('invoice', 'created_at');
+select col_type_is('invoice', 'created_at', 'timestamp with time zone');
+select col_not_null('invoice', 'created_at');
+select col_has_default('invoice', 'created_at');
+select col_default_is('invoice', 'created_at', current_timestamp);
+
+
+set client_min_messages to warning;
+truncate contact cascade;
+truncate company_user cascade;
+truncate company cascade;
+truncate auth."user" cascade;
+reset client_min_messages;
+
+insert into auth."user" (user_id, email, name, password, role, cookie, cookie_expires_at)
+values (1, 'demo@tandem.blog', 'Demo', 'test', 'invoicer', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')
+     , (5, 'admin@tandem.blog', 'Demo', 'test', 'admin', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')
+;
+
+insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code, currency_code)
+values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', 'ES', 'EUR')
+     , (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', 'FR', 'USD')
+;
+
+insert into company_user (company_id, user_id)
+values (2, 1)
+     , (4, 5)
+;
+
+insert into contact (contact_id, company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, country_code)
+values (6, 2, 'Contact 1', 'XX555', '', '777-777-777', 'c@c', '', '', '', '', '', 'ES')
+     , (8, 4, 'Contact 2', 'XX666', '', '888-888-888', 'd@d', '', '', '', '', '', 'ES')
+;
+
+insert into invoice (company_id, invoice_number, contact_id, currency_code)
+values (2, 'INV020001', 6, 'EUR')
+     , (4, 'INV040001', 8, 'EUR')
+;
+
+
+prepare invoice_data as
+select company_id, invoice_number
+from invoice
+order by company_id, invoice_number;
+
+set role invoicer;
+select is_empty('invoice_data', 'Should show no data when cookie is not set yet');
+reset role;
+
+select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog');
+select bag_eq(
+	'invoice_data',
+	$$ values (2, 'INV020001')
+	$$,
+	'Should only list invoices of the companies where demo@tandem.blog is user of'
+);
+reset role;
+
+select set_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog');
+select bag_eq(
+	'invoice_data',
+	$$ values (4, 'INV040001')
+	$$,
+	'Should only list invoices of the companies where admin@tandem.blog is user of'
+);
+reset role;
+
+select set_cookie('not-a-cookie');
+select throws_ok(
+	'invoice_data',
+	'42501', 'permission denied for table invoice',
+	'Should not allow select to guest users'
+);
+reset role;
+
+
+select *
+from finish();
+
+rollback;
+
--- a/verify/invoice.sql
+++ b/verify/invoice.sql
@ -0,0 +1,21 @@
+-- Verify numerus:invoice on pg
+
+begin;
+
+select invoice_id
+     , company_id
+     , slug
+     , invoice_number
+     , invoice_date
+     , contact_id
+     , invoice_status
+     , notes
+     , currency_code
+     , created_at
+from numerus.invoice
+where false;
+
+select 1 / count(*) from pg_class where oid = 'numerus.invoice'::regclass and relrowsecurity;
+select 1 / count(*) from pg_policy where polname = 'company_policy' and polrelid = 'numerus.invoice'::regclass;
+
+rollback;