-- Test user_profile set client_min_messages to warning; create extension if not exists pgtap; reset client_min_messages; begin; select plan(47); set search_path to numerus, auth, public; select has_view('user_profile'); select table_privs_are('user_profile', 'guest', array []::text[]); select table_privs_are('user_profile', 'invoicer', array['SELECT']); select table_privs_are('user_profile', 'admin', array['SELECT']); select table_privs_are('user_profile', 'authenticator', array[]::text[]); select has_column('user_profile', 'user_id'); select col_type_is('user_profile', 'user_id', 'integer'); select column_privs_are('user_profile', 'user_id', 'guest', array []::text[]); select column_privs_are('user_profile', 'user_id', 'invoicer', array['SELECT']); select column_privs_are('user_profile', 'user_id', 'admin', array['SELECT']); select column_privs_are('user_profile', 'user_id', 'authenticator', array[]::text[]); select has_column('user_profile', 'email'); select col_type_is('user_profile', 'email', 'email'); select column_privs_are('user_profile', 'email', 'guest', array []::text[]); select column_privs_are('user_profile', 'email', 'invoicer', array['SELECT', 'UPDATE']); select column_privs_are('user_profile', 'email', 'admin', array['SELECT', 'UPDATE']); select column_privs_are('user_profile', 'email', 'authenticator', array[]::text[]); select has_column('user_profile', 'name'); select col_type_is('user_profile', 'name', 'text'); select column_privs_are('user_profile', 'name', 'guest', array []::text[]); select column_privs_are('user_profile', 'name', 'invoicer', array['SELECT', 'UPDATE']); select column_privs_are('user_profile', 'name', 'admin', array['SELECT', 'UPDATE']); select column_privs_are('user_profile', 'name', 'authenticator', array[]::text[]); select has_column('user_profile', 'role'); select col_type_is('user_profile', 'role', 'name'); select column_privs_are('user_profile', 'role', 'guest', array []::text[]); select column_privs_are('user_profile', 'role', 'invoicer', array['SELECT']); select column_privs_are('user_profile', 'role', 'admin', array['SELECT']); select column_privs_are('user_profile', 'role', 'authenticator', array[]::text[]); select has_column('user_profile', 'lang_tag'); select col_type_is('user_profile', 'lang_tag', 'text'); select column_privs_are('user_profile', 'lang_tag', 'guest', array []::text[]); select column_privs_are('user_profile', 'lang_tag', 'invoicer', array['SELECT', 'UPDATE']); select column_privs_are('user_profile', 'lang_tag', 'admin', array['SELECT', 'UPDATE']); select column_privs_are('user_profile', 'lang_tag', 'authenticator', array[]::text[]); set client_min_messages to warning; truncate auth."user" cascade; reset client_min_messages; insert into auth."user" (user_id, email, name, password, role, cookie, cookie_expires_at, lang_tag) values (1, 'demo@tandem.blog', 'Demo', 'test', 'invoicer', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month', 'ca') , (5, 'admin@tandem.blog', 'Admin', 'test', 'admin', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month', 'es') ; prepare profile as select user_id, email, name, role, lang_tag from user_profile; select is_empty( 'profile', 'Should be empty when no user is logger in' ); select set_cookie( '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog' ); select results_eq( 'profile', $$ values (1, 'demo@tandem.blog'::email, 'Demo', 'invoicer'::name, 'ca') $$, 'Should only see the profile of the first user' ); select lives_ok( $$ update user_profile set email = 'demo+update@tandem.blog' , name = 'Demo Update' , lang_tag = 'es'; $$, 'Should be able to update the first profile' ); select throws_ok( $$ update user_profile set user_id = 123 $$, '42501', 'permission denied for view user_profile', 'Should not be able to change the ID' ); select throws_ok( $$ update user_profile set role = 'admin' $$, '42501', 'permission denied for view user_profile', 'Should not be able to change the ID' ); select results_eq( 'profile', $$ values (1, 'demo+update@tandem.blog'::email, 'Demo Update', 'invoicer'::name, 'es') $$, 'Should see the changed profile of the first user' ); reset role; select set_cookie( '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog' ); select results_eq( 'profile', $$ values (5, 'admin@tandem.blog'::email, 'Admin', 'admin'::name, 'es') $$, 'Should only see the profile of the second user' ); select lives_ok( $$ update user_profile set email = 'admin+update@tandem.blog' , name = 'Admin Update' , lang_tag = 'ca'; $$, 'Should be able to update the second profile' ); select throws_ok( $$ update user_profile set user_id = 123 $$, '42501', 'permission denied for view user_profile', 'Should not be able to change the ID' ); select throws_ok( $$ update user_profile set role = 'invoicer' $$, '42501', 'permission denied for view user_profile', 'Should not be able to change the ID' ); select results_eq( 'profile', $$ values (5, 'admin+update@tandem.blog'::email, 'Admin Update', 'admin'::name, 'ca') $$, 'Should see the changed profile of the first user' ); reset role; select results_eq( $$ select user_id, email, name, lang_tag from auth."user" order by user_id $$, $$ values (1, 'demo+update@tandem.blog'::email, 'Demo Update', 'es') , (5, 'admin+update@tandem.blog'::email, 'Admin Update', 'ca') $$, 'Should have updated the base table’s data' ); select * from finish(); rollback;