Mercurial > gemma
changeset 1904:931b15be6d7f
Complement authorisation tests for import management
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Fri, 18 Jan 2019 17:01:19 +0100 |
parents | c4af342be999 |
children | 4f58bada50b8 32c56e6c089a |
files | schema/auth_tests.sql schema/manage_users_tests.sql schema/run_tests.sh schema/tap_tests_data.sql |
diffstat | 4 files changed, 81 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/schema/auth_tests.sql Fri Jan 18 16:11:08 2019 +0100 +++ b/schema/auth_tests.sql Fri Jan 18 17:01:19 2019 +0100 @@ -136,6 +136,21 @@ $$, 'Waterway admin can add import job and related data'); +SET SESSION AUTHORIZATION test_admin_at2; +SELECT bag_has($$ + SELECT username FROM users.list_users + $$, + $$ + WITH job AS ( + UPDATE waterway.imports SET state = 'accepted' + RETURNING id, username), + log AS ( + INSERT INTO waterway.import_logs (import_id, msg) + SELECT id, 'test continued' FROM job) + SELECT username FROM job + $$, + 'Waterway admin can edit import jobs from his country only'); + SELECT lives_ok($$ WITH config AS ( @@ -146,11 +161,54 @@ $$, 'Waterway admin can add import config and related data'); +SET SESSION AUTHORIZATION test_admin_at; +SELECT bag_has($$ + SELECT username FROM users.list_users + $$, + $$ + WITH config AS ( + UPDATE waterway.import_configuration SET send_email = true + RETURNING id, username), + attrib AS ( + INSERT INTO waterway.import_configuration_attributes + SELECT id, 'test continued', 'test value' FROM config), + attrib_upd AS ( + UPDATE waterway.import_configuration_attributes SET v = 'test v' + WHERE import_configuration_id = (SELECT id FROM config)) + SELECT username FROM config + $$, + 'Waterway admin can edit import config from his country only'); + SET SESSION AUTHORIZATION test_admin_ro; - SELECT throws_ok($$ INSERT INTO waterway.import_logs (import_id, msg) - VALUES (1, 'test') + VALUES (currval(pg_get_serial_sequence('waterway.imports', 'id')), + 'test') $$, 42501, NULL, 'Waterway admin cannot add log messages to other countries imports'); + +SELECT throws_ok($$ + DELETE FROM waterway.track_imports + WHERE import_id = currval( + pg_get_serial_sequence('waterway.imports', 'id')) + $$, + 42501, NULL, + 'Waterway admin cannot delete tracking data of other countries imports'); + +SELECT throws_ok($$ + INSERT INTO waterway.import_configuration_attributes + VALUES (currval(pg_get_serial_sequence( + 'waterway.import_configuration', 'id')), + 'test', 'test value') + $$, + 42501, NULL, + 'Waterway admin cannot add attributes to other countries import config'); + +SELECT throws_ok($$ + UPDATE waterway.import_configuration_attributes SET v = 'evil' + WHERE import_configuration_id = currval( + pg_get_serial_sequence('waterway.import_configuration', 'id')) + $$, + 42501, NULL, + 'Waterway admin cannot overwrite attributes of other countries config');
--- a/schema/manage_users_tests.sql Fri Jan 18 16:11:08 2019 +0100 +++ b/schema/manage_users_tests.sql Fri Jan 18 17:01:19 2019 +0100 @@ -40,7 +40,7 @@ SELECT set_eq($$ SELECT count(*) FROM users.list_users $$, - ARRAY[5], + ARRAY[6], 'System admin can see all users'); --
--- a/schema/run_tests.sh Fri Jan 18 16:11:08 2019 +0100 +++ b/schema/run_tests.sh Fri Jan 18 17:01:19 2019 +0100 @@ -28,7 +28,7 @@ -c 'SET client_min_messages TO WARNING' \ -c "DROP ROLE IF EXISTS $TEST_ROLES" \ -f tap_tests_data.sql \ - -c 'SELECT plan(50)' \ + -c 'SELECT plan(55)' \ -f isrs_tests.sql \ -f auth_tests.sql \ -f manage_users_tests.sql \
--- a/schema/tap_tests_data.sql Fri Jan 18 16:11:08 2019 +0100 +++ b/schema/tap_tests_data.sql Fri Jan 18 17:01:19 2019 +0100 @@ -29,6 +29,8 @@ INSERT INTO users.list_users VALUES ( 'waterway_admin', 'test_admin_at', 'admin_at1$', 'AT', NULL, 'yyy'); INSERT INTO users.list_users VALUES ( + 'waterway_admin', 'test_admin_at2', 'admin_at2$', 'AT', NULL, 'yyy'); +INSERT INTO users.list_users VALUES ( 'waterway_admin', 'test_admin_ro', 'admin_ro1$', 'RO', NULL, 'yyx'); INSERT INTO users.list_users VALUES ( 'sys_admin', 'test_sys_admin1', 'sys_admin1$', 'AT', NULL, 'zzz'); @@ -90,3 +92,20 @@ VALUES ('AT', '\x'), ('RO', '\x'); INSERT INTO users.user_templates VALUES ('test_user_at', 'AT'), ('test_user_ro', 'RO'); + +WITH +job AS ( + INSERT INTO waterway.imports (kind, username, data) VALUES ( + 'test', 'test_admin_ro', 'test') RETURNING id), +log AS ( + INSERT INTO waterway.import_logs (import_id, msg) + SELECT id, 'test' FROM job) +INSERT INTO waterway.track_imports + SELECT id, 'waterway.bottlenecks', 1 FROM job; + +WITH +config AS ( + INSERT INTO waterway.import_configuration (kind, username) VALUES ( + 'test', 'test_admin_ro') RETURNING id) +INSERT INTO waterway.import_configuration_attributes + SELECT id, 'test key', 'test value' FROM config;