diff --git a/apps/web/supabase/tests/database/billing-orders.test.sql b/apps/web/supabase/tests/database/personal-billing-orders.test.sql similarity index 70% rename from apps/web/supabase/tests/database/billing-orders.test.sql rename to apps/web/supabase/tests/database/personal-billing-orders.test.sql index 6f85a58f3..6121e60dc 100644 --- a/apps/web/supabase/tests/database/billing-orders.test.sql +++ b/apps/web/supabase/tests/database/personal-billing-orders.test.sql @@ -44,6 +44,34 @@ SELECT row_eq( 'The subscription items should be updated' ); +select tests.authenticate_as('primary_owner'); + +-- account can read their own subscription +SELECT isnt_empty( + $$ select 1 from orders where id = 'order_test' $$, + 'The account can read their own order' +); + +SELECT isnt_empty( + $$ select * from order_items where order_id = 'order_test' $$, + 'The account can read their own order' +); + +-- foreigners +select tests.create_supabase_user('foreigner'); +select tests.authenticate_as('foreigner'); + +-- account cannot read other's subscription +SELECT is_empty( + $$ select 1 from orders where id = 'order_test' $$, + 'The account cannot read the other account orders' +); + +SELECT is_empty( + $$ select 1 from order_items where order_id = 'order_test' $$, + 'The account cannot read the other account order items' +); + -- Finish the tests and clean up SELECT * FROM finish(); ROLLBACK; diff --git a/apps/web/supabase/tests/database/billing-subscriptions.test.sql b/apps/web/supabase/tests/database/personal-billing-subscriptions.test.sql similarity index 76% rename from apps/web/supabase/tests/database/billing-subscriptions.test.sql rename to apps/web/supabase/tests/database/personal-billing-subscriptions.test.sql index 1efc7aae8..3c08cb60d 100644 --- a/apps/web/supabase/tests/database/billing-subscriptions.test.sql +++ b/apps/web/supabase/tests/database/personal-billing-subscriptions.test.sql @@ -103,7 +103,6 @@ SELECT is( 'The subscription status should be past_due' ); - -- Call the upsert_subscription function again to update the subscription SELECT public.upsert_subscription(tests.get_supabase_uid('primary_owner'), 'cus_test', 'sub_test', true, 'active', 'stripe', false, 'usd', now(), now() + interval '1 month', '[]'); @@ -114,6 +113,40 @@ SELECT is( 'The subscription should be active' ); +select tests.authenticate_as('primary_owner'); + +-- account can read their own subscription +SELECT isnt_empty( + $$ select 1 from subscriptions where id = 'sub_test' $$, + 'The account can read their own subscription' +); + +SELECT isnt_empty( + $$ select * from subscription_items where subscription_id = 'sub_test' $$, + 'The account can read their own subscription items' +); + +-- users cannot manually update subscriptions +select throws_ok( + $$ select public.upsert_subscription(tests.get_supabase_uid('primary_owner'), 'cus_test', 'sub_test', true, 'active', 'stripe', false, 'usd', now(), now() + interval '1 month', '[]') $$, + 'permission denied for function upsert_subscription' +); + +-- foreigners +select tests.create_supabase_user('foreigner'); +select tests.authenticate_as('foreigner'); + +-- account cannot read other's subscription +SELECT is_empty( + $$ select 1 from subscriptions where id = 'sub_test' $$, + 'The account cannot read the other account subscriptions' +); + +SELECT is_empty( + $$ select 1 from subscription_items where subscription_id = 'sub_test' $$, + 'The account cannot read the other account subscription items' +); + -- Finish the tests and clean up select * from finish(); diff --git a/apps/web/supabase/tests/database/team-billing-orders.test.sql b/apps/web/supabase/tests/database/team-billing-orders.test.sql new file mode 100644 index 000000000..d30aaa078 --- /dev/null +++ b/apps/web/supabase/tests/database/team-billing-orders.test.sql @@ -0,0 +1,80 @@ +begin; +create extension "basejump-supabase_test_helpers" version '0.0.6'; + +select no_plan(); + +select makerkit.set_identifier('primary_owner', 'test@makerkit.dev'); +select makerkit.set_identifier('owner', 'owner@makerkit.dev'); +select makerkit.set_identifier('member', 'member@makerkit.dev'); +select makerkit.set_identifier('custom', 'custom@makerkit.dev'); + +INSERT INTO public.billing_customers(account_id, provider, customer_id) +VALUES (makerkit.get_account_id_by_slug('makerkit'), 'stripe', 'cus_test'); + +-- Call the upsert_order function +SELECT public.upsert_order(makerkit.get_account_id_by_slug('makerkit'), 'cus_test', 'order_test', 'pending', 'stripe', 100, 'usd', '[{"product_id": "prod_test", "variant_id": "var_test", "price_amount": 100, "quantity": 1}]'); + +-- Verify that the order was created correctly +SELECT is( + (SELECT status FROM public.orders WHERE id = 'order_test'), + 'pending', + 'The order status should be pending' +); + +-- Verify that the subscription items were created correctly +SELECT row_eq( + $$ select count(*) from order_items where order_id = 'order_test' $$, + row(1::bigint), + 'The order items should be created' +); + +-- Call the upsert_order function again to update the order +SELECT public.upsert_order(makerkit.get_account_id_by_slug('makerkit'), 'cus_test', 'order_test', 'succeeded', 'stripe', 100, 'usd', '[{"product_id": "prod_test", "variant_id": "var_test", "price_amount": 100, "quantity": 10}]'); + +-- Verify that the order was updated correctly +SELECT is( + (SELECT status FROM public.orders WHERE id = 'order_test'), + 'succeeded', + 'The order status should be succeeded' +); + +SELECT row_eq( + $$ select quantity from order_items where variant_id = 'var_test' $$, + row(10::int), + 'The subscription items should be updated' +); + +select tests.authenticate_as('member'); + +-- account can read their own subscription +SELECT isnt_empty( + $$ select 1 from orders where id = 'order_test' $$, + 'The account can read their own order' +); + +SELECT isnt_empty( + $$ select * from order_items where order_id = 'order_test' $$, + 'The account can read their own order' +); + +-- members without permissions + +-- foreigners +select tests.create_supabase_user('foreigner'); +select tests.authenticate_as('foreigner'); + +-- account cannot read other's subscription +SELECT is_empty( + $$ select 1 from orders where id = 'order_test' $$, + 'The account cannot read the other account orders' +); + +SELECT is_empty( + $$ select 1 from order_items where order_id = 'order_test' $$, + 'The account cannot read the other account order items' +); + +-- Finish the tests and clean up +SELECT * FROM finish(); +ROLLBACK; + diff --git a/apps/web/supabase/tests/database/team-billing-subscriptions.test.sql b/apps/web/supabase/tests/database/team-billing-subscriptions.test.sql new file mode 100644 index 000000000..aebc6c705 --- /dev/null +++ b/apps/web/supabase/tests/database/team-billing-subscriptions.test.sql @@ -0,0 +1,147 @@ +begin; +create extension "basejump-supabase_test_helpers" version '0.0.6'; + +select no_plan(); + +select makerkit.set_identifier('primary_owner', 'test@makerkit.dev'); +select makerkit.set_identifier('owner', 'owner@makerkit.dev'); +select makerkit.set_identifier('member', 'member@makerkit.dev'); +select makerkit.set_identifier('custom', 'custom@makerkit.dev'); + +-- Create a test account and billing customer +INSERT INTO public.billing_customers(account_id, provider, customer_id) +VALUES (makerkit.get_account_id_by_slug('makerkit'), 'stripe', 'cus_test'); + +-- Call the upsert_subscription function +SELECT public.upsert_subscription(makerkit.get_account_id_by_slug('makerkit'), 'cus_test', 'sub_test', true, 'active', 'stripe', false, 'usd', now(), now() + interval '1 month', '[ + { + "product_id": "prod_test", + "variant_id": "var_test", + "type": "flat", + "price_amount": 1000, + "quantity": 1, + "interval": "month", + "interval_count": 1 + }, + { + "product_id": "prod_test_2", + "variant_id": "var_test_2", + "type": "flat", + "price_amount": 2000, + "quantity": 2, + "interval": "month", + "interval_count": 1 + } +]'); + +-- Verify that the subscription items were created correctly +SELECT row_eq( + $$ select count(*) from subscription_items where subscription_id = 'sub_test' $$, + row(2::bigint), + 'The subscription items should be created' +); + +-- Verify that the subscription was created correctly +SELECT is( + (SELECT active FROM public.subscriptions WHERE id = 'sub_test'), + true, + 'The subscription should be active' +); + +SELECT is( + (SELECT status FROM public.subscriptions WHERE id = 'sub_test'), + 'active', + 'The subscription status should be active' +); + +-- Call the upsert_subscription function again to update the subscription +SELECT public.upsert_subscription(makerkit.get_account_id_by_slug('makerkit'), 'cus_test', 'sub_test', false, 'past_due', 'stripe', true, 'usd', now(), now() + interval '1 month', '[ + { + "product_id": "prod_test", + "variant_id": "var_test", + "type": "flat", + "price_amount": 2000, + "quantity": 1, + "interval": "month", + "interval_count": 1 + }, + { + "product_id": "prod_test_2", + "variant_id": "var_test_2", + "type": "flat", + "price_amount": 2000, + "quantity": 2, + "interval": "year", + "interval_count": 12 + } +]'); + +-- Verify that the subscription items were updated correctly +SELECT row_eq( + $$ select price_amount from subscription_items where variant_id = 'var_test' $$, + row('2000'::numeric), + 'The subscription items should be updated' +); + +-- Verify that the subscription items were updated correctly +SELECT row_eq( + $$ select interval from subscription_items where variant_id = 'var_test_2' $$, + row('year'::varchar), + 'The subscription items should be updated' +); + +-- Verify that the subscription was updated correctly +SELECT is( + (SELECT active FROM public.subscriptions WHERE id = 'sub_test'), + false, + 'The subscription should be inactive' +); + +SELECT is( + (SELECT status FROM public.subscriptions WHERE id = 'sub_test'), + 'past_due', + 'The subscription status should be past_due' +); + +-- Call the upsert_subscription function again to update the subscription +SELECT public.upsert_subscription(tests.get_supabase_uid('primary_owner'), 'cus_test', 'sub_test', true, 'active', 'stripe', false, 'usd', now(), now() + interval '1 month', '[]'); + +-- Verify that the subscription was updated correctly +SELECT is( + (SELECT active FROM public.subscriptions WHERE id = 'sub_test'), + true, + 'The subscription should be active' +); + +select tests.authenticate_as('member'); + +-- account can read their own subscription +SELECT isnt_empty( + $$ select 1 from subscriptions where id = 'sub_test' $$, + 'The account can read their own subscription' +); + +SELECT isnt_empty( + $$ select * from subscription_items where subscription_id = 'sub_test' $$, + 'The account can read their own subscription items' +); + +-- foreigners +select tests.create_supabase_user('foreigner'); +select tests.authenticate_as('foreigner'); + +-- account cannot read other's subscription +SELECT is_empty( + $$ select 1 from subscriptions where id = 'sub_test' $$, + 'The account cannot read the other account subscriptions' +); + +SELECT is_empty( + $$ select 1 from subscription_items where subscription_id = 'sub_test' $$, + 'The account cannot read the other account subscription items' +); + +-- Finish the tests and clean up +select * from finish(); + +rollback; \ No newline at end of file