Mercurial > gemma

view schema/auth_tests.sql @ 3252:fccb28813159

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
client: wterlevel diagram: improved performance By not rendering points that are outside of the visible area of the chart, performance was significantly improved. But still the chart is not really very responsive and smooth when viewing large data sets.
author Markus Kottlaender <markus@intevation.de>
date Tue, 14 May 2019 12:24:14 +0200
parents 5470aa3ffb9a
children ec6163c6687d
line wrap: on
line source

-- This is Free Software under GNU Affero General Public License v >= 3.0
-- without warranty, see README.md and license for details.

-- SPDX-License-Identifier: AGPL-3.0-or-later
-- License-Filename: LICENSES/AGPL-3.0.txt

-- Copyright (C) 2018 by via donau
--   – Österreichische Wasserstraßen-Gesellschaft mbH
-- Software engineering by Intevation GmbH

-- Author(s):
--  * Tom Gottfried <tom@intevation.de>

--
-- pgTAP test script for privileges and RLS policies
--

CREATE FUNCTION test_privs() RETURNS SETOF TEXT AS
$$
DECLARE the_schema CONSTANT varchar = 'waterway';
DECLARE the_table varchar;
BEGIN
    FOR the_table IN
        SELECT table_name
            FROM information_schema.tables
            WHERE table_schema = the_schema
    LOOP
        RETURN NEXT table_privs_are(
            the_schema,
            the_table,
            'waterway_user',
            ARRAY['SELECT'],
            format('waterway_user can SELECT from %I.%I',
                the_schema, the_table));
    END LOOP;
END;
$$ LANGUAGE plpgsql;
SELECT * FROM test_privs();

--
-- Run tests as unprivileged user
--
SET SESSION AUTHORIZATION test_user_at;

SELECT throws_ok($$
    CREATE TABLE test()
    $$,
    42501, NULL,
    'No objects can be created');

SELECT isnt_empty($$
    SELECT * FROM waterway.bottlenecks
    $$,
    'Staged data should be visible');

SELECT is_empty($$
    SELECT * FROM waterway.bottlenecks WHERE NOT staging_done
    $$,
    'Only staged data should be visible');

SELECT isnt_empty($$
    SELECT * FROM users.templates
    $$,
    'User should see templates associated to his country');

SELECT ok(
    users.current_user_country() = ALL(
        SELECT country FROM users.templates),
    'User should only see templates associated to his country');

--
-- Run tests as waterway administrator
--
SET SESSION AUTHORIZATION test_admin_at;

PREPARE bn_insert (varchar, geometry(MULTIPOLYGON, 4326)) AS
    INSERT INTO waterway.bottlenecks (
        bottleneck_id, fk_g_fid, stretch, area, rb, lb, responsible_country,
        revisiting_time, limiting, source_organization)
        VALUES (
            $1,
            ('AT', 'XXX', '00001', 'G0001', 1)::isrs,
            isrsrange(('AT', 'XXX', '00001', '00000', 0)::isrs,
                ('AT', 'XXX', '00001', '00000', 2)::isrs),
            $2, 'AT', 'AT', 'AT',
            1, 'depth', 'testorganization'
        );
SELECT lives_ok($$
    EXECUTE bn_insert(
        'test1',
        ST_geomfromtext('MULTIPOLYGON(((0 0, 0 1, 1 1, 1 0, 0 0)))', 4326))
    $$,
    'Waterway admin can insert data within his region');
SELECT throws_ok($$
    EXECUTE bn_insert(
        'test2',
        ST_geomfromtext('MULTIPOLYGON(((1 0, 1 1, 2 1, 2 0, 1 0)))', 4326))
    $$,
    42501, NULL,
    'Waterway admin cannot insert data outside his region');

-- template management
SELECT results_eq($$
    SELECT users.current_user_country()
    $$,
    $$
    INSERT INTO users.templates (template_name, template_data)
        VALUES ('New AT', '\x')
        RETURNING country
    $$,
    'Waterway admin can add templates for his country');

SELECT throws_ok($$
    INSERT INTO users.templates (template_name, template_data, country)
        VALUES ('New RO', '\x', 'RO')
    $$,
    42501, NULL,
    'Waterway admin cannot add template for other country');

SELECT isnt_empty($$
    UPDATE users.templates SET template_data = '\xDABE'
        WHERE template_name = 'AT' RETURNING *
    $$,
    'Waterway admin can alter templates for own country');

SELECT is_empty($$
    UPDATE users.templates SET template_data = '\xDABE'
        WHERE template_name = 'RO' RETURNING *
    $$,
    'Waterway admin cannot alter templates for other country');

SELECT isnt_empty($$
    DELETE FROM users.templates WHERE template_name = 'AT' RETURNING *
    $$,
    'Waterway admin can delete templates for own country');

SELECT is_empty($$
    DELETE FROM users.templates WHERE template_name = 'RO' RETURNING *
    $$,
    'Waterway admin cannot delete templates for other country');

-- import management
SELECT lives_ok($$
    WITH
    job AS (
        INSERT INTO import.imports (kind, username, data) VALUES (
            'test', current_user, 'test') RETURNING id),
    log AS (
        INSERT INTO import.import_logs (import_id, msg)
            SELECT id, 'test' FROM job)
    INSERT INTO import.track_imports
        SELECT id, 'waterway.bottlenecks', 0 FROM job
    $$,
    'Waterway admin can add import job and related data');

SET SESSION AUTHORIZATION test_admin_at2;
SELECT bag_has($$
    SELECT username FROM users.list_users
    $$,
    $$
    WITH job AS (
        UPDATE import.imports SET state = 'accepted'
            RETURNING id, username),
    log AS (
        INSERT INTO import.import_logs (import_id, msg)
            SELECT id, 'test continued' FROM job)
    SELECT username FROM job
    $$,
    'Waterway admin can edit import jobs from his country only');

SELECT lives_ok($$
    WITH
    config AS (
        INSERT INTO import.import_configuration (kind, username) VALUES (
            'test', current_user) RETURNING id)
    INSERT INTO import.import_configuration_attributes
        SELECT id, 'test key', 'test value' FROM config
    $$,
    'Waterway admin can add import config and related data');

SET SESSION AUTHORIZATION test_admin_at;
SELECT bag_has($$
    SELECT username FROM users.list_users
    $$,
    $$
    WITH config AS (
        UPDATE import.import_configuration SET kind = 'test'
            RETURNING id, username),
    attrib AS (
        INSERT INTO import.import_configuration_attributes
            SELECT id, 'test continued', 'test value' FROM config),
    attrib_upd AS (
        UPDATE import.import_configuration_attributes SET v = 'test v'
            WHERE import_configuration_id = (SELECT id FROM config))
    SELECT username FROM config
    $$,
    'Waterway admin can edit import config from his country only');

SET SESSION AUTHORIZATION test_admin_ro;
SELECT throws_ok($$
    INSERT INTO import.import_logs (import_id, msg)
        VALUES (currval(pg_get_serial_sequence('import.imports', 'id')),
            'test')
    $$,
    42501, NULL,
    'Waterway admin cannot add log messages to other countries imports');

SELECT throws_ok($$
    DELETE FROM import.track_imports
        WHERE import_id = currval(
            pg_get_serial_sequence('import.imports', 'id'))
    $$,
    42501, NULL,
    'Waterway admin cannot delete tracking data of other countries imports');

SELECT throws_ok($$
    INSERT INTO import.import_configuration_attributes
        VALUES (currval(pg_get_serial_sequence(
                'import.import_configuration', 'id')),
            'test', 'test value')
    $$,
    42501, NULL,
    'Waterway admin cannot add attributes to other countries import config');

SELECT throws_ok($$
    UPDATE import.import_configuration_attributes SET v = 'evil'
        WHERE import_configuration_id = currval(
            pg_get_serial_sequence('import.import_configuration', 'id'))
    $$,
    42501, NULL,
    'Waterway admin cannot overwrite attributes of other countries config');