Mercurial > gemma
diff schema/manage_users_tests.sql @ 207:88d21c29cf04
Care for the fact that role attributes are not inherited
Tests are now run with login roles instead of abstract base roles.
create_user has become a SECURITY DEFINER function, thus circumventing
RLS policies and that a sys_admin cannot CREATE ROLEs by himself. A test
has been added to showcase the intentional error in case the name of
an abstract base role is used as a new username.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Mon, 23 Jul 2018 11:29:41 +0200 |
| parents | b67208d82543 |
| children | 57dfab80973c |
line wrap: on
line diff
--- a/schema/manage_users_tests.sql Sun Jul 22 10:40:17 2018 +0200 +++ b/schema/manage_users_tests.sql Mon Jul 23 11:29:41 2018 +0200 @@ -4,7 +4,7 @@ SET search_path TO public, gemma, gemma_waterway, gemma_fairway; -SET SESSION AUTHORIZATION waterway_admin; +SET SESSION AUTHORIZATION admin_at; SELECT throws_ok($$ SELECT sys_admin.create_user( @@ -13,7 +13,7 @@ 42501, NULL, 'Less privileged user cannot call function in schema sys_admin'); -SET SESSION AUTHORIZATION sys_admin; +SET SESSION AUTHORIZATION sys_admin1; SELECT lives_ok($$ SELECT sys_admin.create_user( @@ -40,6 +40,13 @@ SELECT sys_admin.create_user( 'waterway_user', 'waterway_user', 'secret', 'AT', NULL, 'test4') $$, + 42710, NULL, + 'Reserved role names cannot be used as username'); + +SELECT throws_ok($$ + SELECT sys_admin.create_user( + 'waterway_user', 'user_at', 'secret', 'AT', NULL, 'test4') + $$, 23505, NULL, 'No duplicate user name is allowed');