Mercurial > gemma
comparison schema/manage_users_tests.sql @ 207:88d21c29cf04
Care for the fact that role attributes are not inherited
Tests are now run with login roles instead of abstract base roles.
create_user has become a SECURITY DEFINER function, thus circumventing
RLS policies and that a sys_admin cannot CREATE ROLEs by himself. A test
has been added to showcase the intentional error in case the name of
an abstract base role is used as a new username.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Mon, 23 Jul 2018 11:29:41 +0200 |
| parents | b67208d82543 |
| children | 57dfab80973c |
comparison
equal
deleted
inserted
replaced
| 206:cd6ad5eaef8d | 207:88d21c29cf04 |
|---|---|
| 2 -- pgTAP test script for user management functions | 2 -- pgTAP test script for user management functions |
| 3 -- | 3 -- |
| 4 | 4 |
| 5 SET search_path TO public, gemma, gemma_waterway, gemma_fairway; | 5 SET search_path TO public, gemma, gemma_waterway, gemma_fairway; |
| 6 | 6 |
| 7 SET SESSION AUTHORIZATION waterway_admin; | 7 SET SESSION AUTHORIZATION admin_at; |
| 8 | 8 |
| 9 SELECT throws_ok($$ | 9 SELECT throws_ok($$ |
| 10 SELECT sys_admin.create_user( | 10 SELECT sys_admin.create_user( |
| 11 'waterway_user', 'test0', 'secret', 'AT', NULL, 'test0') | 11 'waterway_user', 'test0', 'secret', 'AT', NULL, 'test0') |
| 12 $$, | 12 $$, |
| 13 42501, NULL, | 13 42501, NULL, |
| 14 'Less privileged user cannot call function in schema sys_admin'); | 14 'Less privileged user cannot call function in schema sys_admin'); |
| 15 | 15 |
| 16 SET SESSION AUTHORIZATION sys_admin; | 16 SET SESSION AUTHORIZATION sys_admin1; |
| 17 | 17 |
| 18 SELECT lives_ok($$ | 18 SELECT lives_ok($$ |
| 19 SELECT sys_admin.create_user( | 19 SELECT sys_admin.create_user( |
| 20 'waterway_user', 'test1', 'secret', 'AT', NULL, 'test1') | 20 'waterway_user', 'test1', 'secret', 'AT', NULL, 'test1') |
| 21 $$, | 21 $$, |
| 38 | 38 |
| 39 SELECT throws_ok($$ | 39 SELECT throws_ok($$ |
| 40 SELECT sys_admin.create_user( | 40 SELECT sys_admin.create_user( |
| 41 'waterway_user', 'waterway_user', 'secret', 'AT', NULL, 'test4') | 41 'waterway_user', 'waterway_user', 'secret', 'AT', NULL, 'test4') |
| 42 $$, | 42 $$, |
| 43 42710, NULL, | |
| 44 'Reserved role names cannot be used as username'); | |
| 45 | |
| 46 SELECT throws_ok($$ | |
| 47 SELECT sys_admin.create_user( | |
| 48 'waterway_user', 'user_at', 'secret', 'AT', NULL, 'test4') | |
| 49 $$, | |
| 43 23505, NULL, | 50 23505, NULL, |
| 44 'No duplicate user name is allowed'); | 51 'No duplicate user name is allowed'); |
| 45 | 52 |
| 46 SELECT throws_ok($$ | 53 SELECT throws_ok($$ |
| 47 SELECT sys_admin.create_user( | 54 SELECT sys_admin.create_user( |