Mercurial > gemma
view schema/run_tests.sh @ 410:3f803d64a6ee
Do not rely on session_user for authorization
Privileges are usually checked based on current_user, which
can be changed using SET ROLE, while session_user is based on the actually
logged in user and can only be changed by a superuser using
SET SESSION AUTHORIZATION. Using session_user for authorization purposes
prevents the expected behaviour of SET ROLE.
current_user_country() does not need to be SECURITY DEFINER since a while,
because there is no RLS policy affected by what is mentioned in the
removed comment.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Wed, 15 Aug 2018 16:39:00 +0200 |
| parents | f5087cebc740 |
| children | 5611cf72cc92 |
line wrap: on
line source
#!/bin/sh -e dropdb --if-exists gemma_test ./install-db.sh -d gemma_test psql -qv ON_ERROR_STOP= -c 'CREATE EXTENSION pgtap' -d gemma_test # Collect test roles to be dropped # Concatenate with dummy role to prevent syntax error if there is no test role TEST_ROLES=$(psql -qtc \ "SELECT concat_ws(',', 'test', string_agg(rolname, ',')) FROM pg_roles WHERE rolname LIKE 'test%'") # Drop test roles, add test data and run tests psql -qXv ON_ERROR_STOP= -v -d gemma_test \ -c 'SET client_min_messages TO WARNING' \ -c "DROP ROLE IF EXISTS $TEST_ROLES" \ -f tap_tests_data.sql \ -c 'SELECT plan(45)' \ -f auth_tests.sql \ -f manage_users_tests.sql \ -c 'SELECT * FROM finish()'