Mercurial > gemma
comparison schema/auth_tests.sql @ 207:88d21c29cf04
Care for the fact that role attributes are not inherited
Tests are now run with login roles instead of abstract base roles.
create_user has become a SECURITY DEFINER function, thus circumventing
RLS policies and that a sys_admin cannot CREATE ROLEs by himself. A test
has been added to showcase the intentional error in case the name of
an abstract base role is used as a new username.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Mon, 23 Jul 2018 11:29:41 +0200 |
| parents | b67208d82543 |
| children | 57dfab80973c |
comparison
equal
deleted
inserted
replaced
| 206:cd6ad5eaef8d | 207:88d21c29cf04 |
|---|---|
| 3 -- | 3 -- |
| 4 | 4 |
| 5 -- | 5 -- |
| 6 -- Run tests as unprivileged user | 6 -- Run tests as unprivileged user |
| 7 -- | 7 -- |
| 8 SET SESSION AUTHORIZATION waterway_user; | 8 SET SESSION AUTHORIZATION user_at; |
| 9 | 9 |
| 10 SELECT throws_ok('CREATE TABLE test()', 42501, NULL, | 10 SELECT throws_ok('CREATE TABLE test()', 42501, NULL, |
| 11 'No objects can be created'); | 11 'No objects can be created'); |
| 12 | 12 |
| 13 SELECT isnt_empty('SELECT * FROM waterway.bottlenecks', | 13 SELECT isnt_empty('SELECT * FROM waterway.bottlenecks', |
| 29 'User should only see templates associated to him'); | 29 'User should only see templates associated to him'); |
| 30 | 30 |
| 31 -- | 31 -- |
| 32 -- Run tests as waterway administrator | 32 -- Run tests as waterway administrator |
| 33 -- | 33 -- |
| 34 SET SESSION AUTHORIZATION waterway_admin; | 34 SET SESSION AUTHORIZATION admin_at; |
| 35 | 35 |
| 36 PREPARE bn_insert (varchar, geometry(POLYGON, 4326)) AS | 36 PREPARE bn_insert (varchar, geometry(POLYGON, 4326)) AS |
| 37 INSERT INTO waterway.bottlenecks ( | 37 INSERT INTO waterway.bottlenecks ( |
| 38 bottleneck_id, fk_g_fid, stretch, area, rb, lb, responsible_country, | 38 bottleneck_id, fk_g_fid, stretch, area, rb, lb, responsible_country, |
| 39 revisiting_time, limiting, source_organization) | 39 revisiting_time, limiting, source_organization) |
| 64 'Waterway admin should see templates of other users'); | 64 'Waterway admin should see templates of other users'); |
| 65 | 65 |
| 66 SELECT lives_ok('INSERT INTO users.templates (template_name, template_data) | 66 SELECT lives_ok('INSERT INTO users.templates (template_name, template_data) |
| 67 VALUES (''New AT'', ''\x''); | 67 VALUES (''New AT'', ''\x''); |
| 68 INSERT INTO users.user_templates | 68 INSERT INTO users.user_templates |
| 69 VALUES (''waterway_user'', ''New AT'')', | 69 VALUES (''user_at'', ''New AT'')', |
| 70 'Waterway admin can add templates for users in his country'); | 70 'Waterway admin can add templates for users in his country'); |
| 71 | 71 |
| 72 SELECT throws_ok('INSERT INTO users.user_templates | 72 SELECT throws_ok('INSERT INTO users.user_templates |
| 73 VALUES (''waterway_user2'', ''AT'')', | 73 VALUES (''waterway_user2'', ''AT'')', |
| 74 42501, NULL, | 74 42501, NULL, |