Mercurial > gemma
diff schema/auth_tests.sql @ 207:88d21c29cf04
Care for the fact that role attributes are not inherited
Tests are now run with login roles instead of abstract base roles.
create_user has become a SECURITY DEFINER function, thus circumventing
RLS policies and that a sys_admin cannot CREATE ROLEs by himself. A test
has been added to showcase the intentional error in case the name of
an abstract base role is used as a new username.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Mon, 23 Jul 2018 11:29:41 +0200 |
parents | b67208d82543 |
children | 57dfab80973c |
line wrap: on
line diff
--- a/schema/auth_tests.sql Sun Jul 22 10:40:17 2018 +0200 +++ b/schema/auth_tests.sql Mon Jul 23 11:29:41 2018 +0200 @@ -5,7 +5,7 @@ -- -- Run tests as unprivileged user -- -SET SESSION AUTHORIZATION waterway_user; +SET SESSION AUTHORIZATION user_at; SELECT throws_ok('CREATE TABLE test()', 42501, NULL, 'No objects can be created'); @@ -31,7 +31,7 @@ -- -- Run tests as waterway administrator -- -SET SESSION AUTHORIZATION waterway_admin; +SET SESSION AUTHORIZATION admin_at; PREPARE bn_insert (varchar, geometry(POLYGON, 4326)) AS INSERT INTO waterway.bottlenecks ( @@ -66,7 +66,7 @@ SELECT lives_ok('INSERT INTO users.templates (template_name, template_data) VALUES (''New AT'', ''\x''); INSERT INTO users.user_templates - VALUES (''waterway_user'', ''New AT'')', + VALUES (''user_at'', ''New AT'')', 'Waterway admin can add templates for users in his country'); SELECT throws_ok('INSERT INTO users.user_templates