Mercurial > gemma

view schema/auth_tests.sql @ 2230:4374d942b23d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Remove debris and associate templates to country While the original idea was to associate templates to users, managed by a waterway admin per country, the new intention was to share templates between users per country. Just removing any constraints on readability and management of the templates did not fulfill this idea.
author Tom Gottfried <tom@intevation.de>
date Wed, 13 Feb 2019 10:52:14 +0100
parents b66cfcde8ff7
children 5470aa3ffb9a
line wrap: on
line source

-- This is Free Software under GNU Affero General Public License v >= 3.0
-- without warranty, see README.md and license for details.

-- SPDX-License-Identifier: AGPL-3.0-or-later
-- License-Filename: LICENSES/AGPL-3.0.txt

-- Copyright (C) 2018 by via donau
--   – Österreichische Wasserstraßen-Gesellschaft mbH
-- Software engineering by Intevation GmbH

-- Author(s):
--  * Tom Gottfried <tom@intevation.de>

--
-- pgTAP test script for privileges and RLS policies
--

--
-- Run tests as unprivileged user
--
SET SESSION AUTHORIZATION test_user_at;

SELECT throws_ok($$
    CREATE TABLE test()
    $$,
    42501, NULL,
    'No objects can be created');

SELECT isnt_empty($$
    SELECT * FROM waterway.bottlenecks
    $$,
    'Staged data should be visible');

SELECT is_empty($$
    SELECT * FROM waterway.bottlenecks WHERE NOT staging_done
    $$,
    'Only staged data should be visible');

SELECT isnt_empty($$
    SELECT * FROM users.templates
    $$,
    'User should see templates associated to his country');

SELECT ok(
    users.current_user_country() = ALL(
        SELECT country FROM users.templates),
    'User should only see templates associated to his country');

--
-- Run tests as waterway administrator
--
SET SESSION AUTHORIZATION test_admin_at;

PREPARE bn_insert (varchar, geometry(MULTIPOLYGON, 4326)) AS
    INSERT INTO waterway.bottlenecks (
        bottleneck_id, fk_g_fid, stretch, area, rb, lb, responsible_country,
        revisiting_time, limiting, source_organization)
        VALUES (
            $1,
            ('AT', 'XXX', '00001', 'G0001', 1)::isrs,
            isrsrange(('AT', 'XXX', '00001', '00000', 0)::isrs,
                ('AT', 'XXX', '00001', '00000', 2)::isrs),
            $2, 'AT', 'AT', 'AT',
            1, 'depth', 'testorganization'
        );
SELECT lives_ok($$
    EXECUTE bn_insert(
        'test1',
        ST_geomfromtext('MULTIPOLYGON(((0 0, 0 1, 1 1, 1 0, 0 0)))', 4326))
    $$,
    'Waterway admin can insert data within his region');
SELECT throws_ok($$
    EXECUTE bn_insert(
        'test2',
        ST_geomfromtext('MULTIPOLYGON(((1 0, 1 1, 2 1, 2 0, 1 0)))', 4326))
    $$,
    42501, NULL,
    'Waterway admin cannot insert data outside his region');

-- template management
SELECT results_eq($$
    SELECT users.current_user_country()
    $$,
    $$
    INSERT INTO users.templates (template_name, template_data)
        VALUES ('New AT', '\x')
        RETURNING country
    $$,
    'Waterway admin can add templates for his country');

SELECT throws_ok($$
    INSERT INTO users.templates (template_name, template_data, country)
        VALUES ('New RO', '\x', 'RO')
    $$,
    42501, NULL,
    'Waterway admin cannot add template for other country');

SELECT isnt_empty($$
    UPDATE users.templates SET template_data = '\xDABE'
        WHERE template_name = 'AT' RETURNING *
    $$,
    'Waterway admin can alter templates for own country');

SELECT is_empty($$
    UPDATE users.templates SET template_data = '\xDABE'
        WHERE template_name = 'RO' RETURNING *
    $$,
    'Waterway admin cannot alter templates for other country');

SELECT isnt_empty($$
    DELETE FROM users.templates WHERE template_name = 'AT' RETURNING *
    $$,
    'Waterway admin can delete templates for own country');

SELECT is_empty($$
    DELETE FROM users.templates WHERE template_name = 'RO' RETURNING *
    $$,
    'Waterway admin cannot delete templates for other country');

-- import management
SELECT lives_ok($$
    WITH
    job AS (
        INSERT INTO import.imports (kind, username, data) VALUES (
            'test', current_user, 'test') RETURNING id),
    log AS (
        INSERT INTO import.import_logs (import_id, msg)
            SELECT id, 'test' FROM job)
    INSERT INTO import.track_imports
        SELECT id, 'waterway.bottlenecks', 0 FROM job
    $$,
    'Waterway admin can add import job and related data');

SET SESSION AUTHORIZATION test_admin_at2;
SELECT bag_has($$
    SELECT username FROM users.list_users
    $$,
    $$
    WITH job AS (
        UPDATE import.imports SET state = 'accepted'
            RETURNING id, username),
    log AS (
        INSERT INTO import.import_logs (import_id, msg)
            SELECT id, 'test continued' FROM job)
    SELECT username FROM job
    $$,
    'Waterway admin can edit import jobs from his country only');

SELECT lives_ok($$
    WITH
    config AS (
        INSERT INTO import.import_configuration (kind, username) VALUES (
            'test', current_user) RETURNING id)
    INSERT INTO import.import_configuration_attributes
        SELECT id, 'test key', 'test value' FROM config
    $$,
    'Waterway admin can add import config and related data');

SET SESSION AUTHORIZATION test_admin_at;
SELECT bag_has($$
    SELECT username FROM users.list_users
    $$,
    $$
    WITH config AS (
        UPDATE import.import_configuration SET kind = 'test'
            RETURNING id, username),
    attrib AS (
        INSERT INTO import.import_configuration_attributes
            SELECT id, 'test continued', 'test value' FROM config),
    attrib_upd AS (
        UPDATE import.import_configuration_attributes SET v = 'test v'
            WHERE import_configuration_id = (SELECT id FROM config))
    SELECT username FROM config
    $$,
    'Waterway admin can edit import config from his country only');

SET SESSION AUTHORIZATION test_admin_ro;
SELECT throws_ok($$
    INSERT INTO import.import_logs (import_id, msg)
        VALUES (currval(pg_get_serial_sequence('import.imports', 'id')),
            'test')
    $$,
    42501, NULL,
    'Waterway admin cannot add log messages to other countries imports');

SELECT throws_ok($$
    DELETE FROM import.track_imports
        WHERE import_id = currval(
            pg_get_serial_sequence('import.imports', 'id'))
    $$,
    42501, NULL,
    'Waterway admin cannot delete tracking data of other countries imports');

SELECT throws_ok($$
    INSERT INTO import.import_configuration_attributes
        VALUES (currval(pg_get_serial_sequence(
                'import.import_configuration', 'id')),
            'test', 'test value')
    $$,
    42501, NULL,
    'Waterway admin cannot add attributes to other countries import config');

SELECT throws_ok($$
    UPDATE import.import_configuration_attributes SET v = 'evil'
        WHERE import_configuration_id = currval(
            pg_get_serial_sequence('import.import_configuration', 'id'))
    $$,
    42501, NULL,
    'Waterway admin cannot overwrite attributes of other countries config');