zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce RLS when user opted in to MFA. (#188)

Browse Source 
* Allow Super Admin to view tables using RLS
* Replace previous usages of the Admin client using the authed client using the new RLS
* Enforce MFA for Super Admin users
* Enforce RLS when user opted in to MFA.
* Add Super Admin Access Policies and Update Database Types
* Consolidate super admin logic into a single function that uses the RPC is_super_admin
* Added Super Admin E2E tests
* Fixes and improvements
* Bump version to 2.5.0
This commit is contained in:
Giancarlo Buomprisco
2025-03-02 10:21:01 +07:00
committed by GitHub
parent 9cf7bf0aac
commit 131b1061e6
61 changed files with 2193 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/web/supabase/tests/database/delete-membership.test.sql
View File

@@ -12,7 +12,7 @@ select makerkit.set_identifier('custom', 'custom@makerkit.dev');
select tests.create_supabase_user('test', 'test@supabase.com');
-- an owner cannot remove the primary owner
select tests.authenticate_as('owner');
select makerkit.authenticate_as('owner');
select throws_ok(
$$ delete from public.accounts_memberships
@@ -30,7 +30,7 @@ select lives_ok(
);
-- a member cannot remove a member with a higher role
select tests.authenticate_as('member');
select makerkit.authenticate_as('member');
-- delete a membership record where the user is a higher role than the current user
select throws_ok(
@@ -41,7 +41,7 @@ select throws_ok(
);
-- an primary_owner cannot remove themselves
select tests.authenticate_as('primary_owner');
select makerkit.authenticate_as('primary_owner');
select throws_ok(
$$ delete from public.accounts_memberships
@@ -62,7 +62,7 @@ select lives_ok(
-- a user not in the account cannot remove a member
select tests.authenticate_as('test');
select makerkit.authenticate_as('test');
select throws_ok(
$$ delete from public.accounts_memberships
@@ -71,7 +71,7 @@ select throws_ok(
'You do not have permission to action a member from this account'
);
select tests.authenticate_as('owner');
select makerkit.authenticate_as('owner');
select isnt_empty(
$$ select 1 from public.accounts_memberships
@@ -79,7 +79,7 @@ select isnt_empty(
and user_id = tests.get_supabase_uid('owner'); $$,
'Foreigners should not be able to remove members');
select tests.authenticate_as('test');
select makerkit.authenticate_as('test');
-- a user not in the account cannot remove themselves
select throws_ok(