Mercurial > gemma
view schema/auth_tests.sql @ 435:7d2afdc263b5
Don't panic if we have no metamorphic db user.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Mon, 20 Aug 2018 16:58:55 +0200 |
parents | 72062ca52746 |
children | 642df1164aca |
line wrap: on
line source
-- -- pgTAP test script for privileges and RLS policies -- -- -- Run tests as unprivileged user -- SET SESSION AUTHORIZATION test_user_at; SELECT throws_ok('CREATE TABLE test()', 42501, NULL, 'No objects can be created'); SELECT isnt_empty('SELECT * FROM waterway.bottlenecks', 'Staged data should be visible'); SELECT is_empty('SELECT * FROM waterway.bottlenecks WHERE NOT staging_done', 'Only staged data should be visible'); SELECT isnt_empty('SELECT * FROM users.templates', 'User should see templates associated to him'); SELECT is_empty('SELECT * FROM users.templates JOIN users.user_templates USING (template_name) WHERE username <> current_user', 'User should only see templates associated to him'); -- -- Run tests as waterway administrator -- SET SESSION AUTHORIZATION test_admin_at; PREPARE bn_insert (varchar, geometry(POLYGON, 4326)) AS INSERT INTO waterway.bottlenecks ( bottleneck_id, fk_g_fid, stretch, area, rb, lb, responsible_country, revisiting_time, limiting, source_organization) VALUES ( $1, ('AT', 'XXX', '00001', '00000', 1)::isrs, isrsrange(('AT', 'XXX', '00001', '00000', 0)::isrs, ('AT', 'XXX', '00001', '00000', 2)::isrs), $2, 'AT', 'AT', 'AT', 1, 'depth', 'testorganization' ); SELECT lives_ok('EXECUTE bn_insert( ''test1'', ST_geomfromtext(''POLYGON((0 0, 0 1, 1 1, 1 0, 0 0))'', 4326))', 'Waterway admin can insert data within his region'); SELECT throws_ok('EXECUTE bn_insert( ''test2'', ST_geomfromtext(''POLYGON((1 0, 1 1, 2 1, 2 0, 1 0))'', 4326))', 42501, NULL, 'Waterway admin cannot insert data outside his region'); -- template management SELECT isnt_empty('SELECT * FROM users.templates JOIN users.user_templates USING (template_name) WHERE username <> current_user', 'Waterway admin should see templates of other users'); SELECT lives_ok('INSERT INTO users.templates (template_name, template_data) VALUES (''New AT'', ''\x''); INSERT INTO users.user_templates VALUES (''test_user_at'', ''New AT'')', 'Waterway admin can add templates for users in his country'); SELECT throws_ok('INSERT INTO users.user_templates VALUES (''waterway_user2'', ''AT'')', 42501, NULL, 'Waterway admin cannot add template for other country'); SELECT isnt_empty('UPDATE users.templates SET template_data = ''\xDABE'' WHERE template_name = ''AT'' RETURNING *', 'Waterway admin can alter templates for own country'); SELECT is_empty('UPDATE users.templates SET template_data = ''\xDABE'' WHERE template_name = ''RO'' RETURNING *', 'Waterway admin cannot alter templates for other country'); SELECT isnt_empty('DELETE FROM users.templates WHERE template_name = ''AT'' RETURNING *', 'Waterway admin can delete templates for own country'); SELECT is_empty('DELETE FROM users.templates WHERE template_name = ''RO'' RETURNING *', 'Waterway admin cannot delete templates for other country');