Mercurial > gemma
diff schema/manage_users_tests.sql @ 268:72062ca52746
Make user_profiles table invisible for users
users.list_users should be the single point to access user profile data.
Keeping user_profiles visible would imply having to maintain RLS policies
that are otherwise obsolete.
Tests run as superuser still use user_profiles, because list_users does
not show any data to a superuser.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Mon, 30 Jul 2018 11:38:09 +0200 |
parents | 13ad969a9138 |
children | 750a9c9cd965 |
line wrap: on
line diff
--- a/schema/manage_users_tests.sql Mon Jul 30 11:08:17 2018 +0200 +++ b/schema/manage_users_tests.sql Mon Jul 30 11:38:09 2018 +0200 @@ -107,7 +107,7 @@ 'waterway_user', 'test2', 'secret1$', 'AT', NULL, 'test2'); SELECT sys_admin.update_user('test2', 'waterway_user', 'test2_new', 'new_secret1$', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test5') $$, 'Existing user can be updated'); @@ -115,7 +115,7 @@ SELECT throws_ok($$ SELECT sys_admin.update_user('test_non_existent', 'waterway_user', 'test_non_existent', '', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test5') $$, 42704, NULL, @@ -124,7 +124,7 @@ SELECT throws_ok($$ SELECT sys_admin.update_user(CAST(current_user AS varchar), 'waterway_user', 'test_new_name', 'secret1$', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test6') $$, '0A000', NULL, @@ -133,7 +133,7 @@ SELECT throws_ok($$ SELECT sys_admin.update_user('test_user_at', 'invalid', 'test2', 'secret1$', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test2') $$, 42704, NULL, @@ -142,7 +142,7 @@ SELECT throws_ok($$ SELECT sys_admin.update_user('test_user_at', 'waterway_user', NULL, 'secret1$', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test3') $$, 23502, NULL, @@ -152,7 +152,7 @@ SELECT throws_ok($$ SELECT sys_admin.update_user('test_user_at', 'waterway_user', 'waterway_user', 'secret1$', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test4') $$, 42710, NULL, @@ -161,7 +161,7 @@ SELECT throws_ok($$ SELECT sys_admin.update_user('test_user_at', 'waterway_user', 'test_user_ro', 'secret1$', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test4') $$, 23505, NULL, @@ -171,7 +171,7 @@ SELECT throws_ok($$ SELECT sys_admin.update_user('test_user_at', 'waterway_user', 'test_user_at', 'secret', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM users.list_users WHERE username = 'test_user_at'), 'test4') $$, '28P01', NULL, @@ -185,7 +185,7 @@ SELECT sys_admin.update_user('test_user_at', 'waterway_user', 'test_user_at', NULL, 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM internal.user_profiles WHERE username = 'test_user_at'), 'xxx'); SELECT set_eq($$ SELECT rolpassword FROM old_pw_hash @@ -197,7 +197,7 @@ SELECT sys_admin.update_user('test_user_at', 'waterway_user', 'test_user_at', '', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM internal.user_profiles WHERE username = 'test_user_at'), 'xxx'); SELECT set_eq($$ SELECT rolpassword FROM old_pw_hash @@ -209,7 +209,7 @@ SELECT sys_admin.update_user('test_user_at', 'waterway_user', 'test_user_at', 'new_pw1$', 'AT', - (SELECT map_extent FROM users.user_profiles + (SELECT map_extent FROM internal.user_profiles WHERE username = 'test_user_at'), 'xxx'); SELECT set_ne($$ SELECT rolpassword FROM old_pw_hash