Mercurial > gemma
comparison schema/auth_tests.sql @ 207:88d21c29cf04
Care for the fact that role attributes are not inherited
Tests are now run with login roles instead of abstract base roles.
create_user has become a SECURITY DEFINER function, thus circumventing
RLS policies and that a sys_admin cannot CREATE ROLEs by himself. A test
has been added to showcase the intentional error in case the name of
an abstract base role is used as a new username.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Mon, 23 Jul 2018 11:29:41 +0200 |
parents | b67208d82543 |
children | 57dfab80973c |
comparison
equal
deleted
inserted
replaced
206:cd6ad5eaef8d | 207:88d21c29cf04 |
---|---|
3 -- | 3 -- |
4 | 4 |
5 -- | 5 -- |
6 -- Run tests as unprivileged user | 6 -- Run tests as unprivileged user |
7 -- | 7 -- |
8 SET SESSION AUTHORIZATION waterway_user; | 8 SET SESSION AUTHORIZATION user_at; |
9 | 9 |
10 SELECT throws_ok('CREATE TABLE test()', 42501, NULL, | 10 SELECT throws_ok('CREATE TABLE test()', 42501, NULL, |
11 'No objects can be created'); | 11 'No objects can be created'); |
12 | 12 |
13 SELECT isnt_empty('SELECT * FROM waterway.bottlenecks', | 13 SELECT isnt_empty('SELECT * FROM waterway.bottlenecks', |
29 'User should only see templates associated to him'); | 29 'User should only see templates associated to him'); |
30 | 30 |
31 -- | 31 -- |
32 -- Run tests as waterway administrator | 32 -- Run tests as waterway administrator |
33 -- | 33 -- |
34 SET SESSION AUTHORIZATION waterway_admin; | 34 SET SESSION AUTHORIZATION admin_at; |
35 | 35 |
36 PREPARE bn_insert (varchar, geometry(POLYGON, 4326)) AS | 36 PREPARE bn_insert (varchar, geometry(POLYGON, 4326)) AS |
37 INSERT INTO waterway.bottlenecks ( | 37 INSERT INTO waterway.bottlenecks ( |
38 bottleneck_id, fk_g_fid, stretch, area, rb, lb, responsible_country, | 38 bottleneck_id, fk_g_fid, stretch, area, rb, lb, responsible_country, |
39 revisiting_time, limiting, source_organization) | 39 revisiting_time, limiting, source_organization) |
64 'Waterway admin should see templates of other users'); | 64 'Waterway admin should see templates of other users'); |
65 | 65 |
66 SELECT lives_ok('INSERT INTO users.templates (template_name, template_data) | 66 SELECT lives_ok('INSERT INTO users.templates (template_name, template_data) |
67 VALUES (''New AT'', ''\x''); | 67 VALUES (''New AT'', ''\x''); |
68 INSERT INTO users.user_templates | 68 INSERT INTO users.user_templates |
69 VALUES (''waterway_user'', ''New AT'')', | 69 VALUES (''user_at'', ''New AT'')', |
70 'Waterway admin can add templates for users in his country'); | 70 'Waterway admin can add templates for users in his country'); |
71 | 71 |
72 SELECT throws_ok('INSERT INTO users.user_templates | 72 SELECT throws_ok('INSERT INTO users.user_templates |
73 VALUES (''waterway_user2'', ''AT'')', | 73 VALUES (''waterway_user2'', ''AT'')', |
74 42501, NULL, | 74 42501, NULL, |