Update localization texts, add permissions check, and seed data
This commit removes the membersTabDescription, updates the deleteAccountDescription text in the localization files, and adds a condition to check permissions in account invitation component. It also includes test credentials in README and provides a significant amount of seed data for testing the database.
This commit is contained in:
giancarlo
@@ -1,9 +1,9 @@
|
||||
create schema if not exists makerkit;
|
||||
|
||||
-- anon, authenticated, and service_role should have access to tests schema
|
||||
-- anon, authenticated, and service_role should have access to makerkit schema
|
||||
grant USAGE on schema makerkit to anon, authenticated, service_role;
|
||||
|
||||
-- Don't allow public to execute any functions in the tests schema
|
||||
-- Don't allow public to execute any functions in the makerkit schema
|
||||
alter default PRIVILEGES in schema makerkit revoke execute on FUNCTIONS from public;
|
||||
|
||||
-- Grant execute to anon, authenticated, and service_role for testing purposes
|
||||
@@ -29,6 +29,57 @@ end;
|
||||
|
||||
$$ language PLPGSQL;
|
||||
|
||||
create or replace function makerkit.get_account_id_by_slug(
|
||||
account_slug text
|
||||
)
|
||||
returns uuid
|
||||
as $$
|
||||
|
||||
begin
|
||||
|
||||
return
|
||||
(select
|
||||
id
|
||||
from
|
||||
accounts
|
||||
where
|
||||
slug = account_slug);
|
||||
|
||||
end;
|
||||
|
||||
$$ language PLPGSQL;
|
||||
|
||||
create or replace function makerkit.get_user_id(
|
||||
user_email text
|
||||
)
|
||||
returns uuid
|
||||
as $$
|
||||
begin
|
||||
|
||||
return
|
||||
(select
|
||||
primary_owner_user_id
|
||||
from
|
||||
accounts
|
||||
where
|
||||
email = user_email);
|
||||
|
||||
end;
|
||||
|
||||
$$ language PLPGSQL;
|
||||
|
||||
begin;
|
||||
|
||||
select plan(1);
|
||||
|
||||
select is_empty($$
|
||||
select
|
||||
*
|
||||
from
|
||||
makerkit.get_account_by_slug('test') $$,
|
||||
'get_account_by_slug should return an empty set when the account does not exist'
|
||||
);
|
||||
|
||||
select
|
||||
*
|
||||
from
|
||||
|
||||
@@ -9,13 +9,92 @@ select tests.create_supabase_user('test1', 'test1@test.com');
|
||||
|
||||
select tests.create_supabase_user('test2');
|
||||
|
||||
-- Create an organization account
|
||||
-- Create an team account
|
||||
|
||||
select tests.authenticate_as('test1');
|
||||
|
||||
select public.create_account('Test');
|
||||
select public.create_team_account('Test');
|
||||
|
||||
-- the owner account has permissions to manage members
|
||||
select row_eq(
|
||||
$$ select public.has_permission(
|
||||
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
|
||||
row(true::boolean),
|
||||
'The owner of the team account should have the members.manage permission'
|
||||
);
|
||||
|
||||
-- the owner account has permissions to manage billing
|
||||
select row_eq(
|
||||
$$ select public.has_permission(
|
||||
auth.uid(), makerkit.get_account_id_by_slug('test'), 'billing.manage'::app_permissions) $$,
|
||||
row(true::boolean),
|
||||
'The owner of the team account should have the billing.manage permission'
|
||||
);
|
||||
|
||||
-- Foreigner should not have permissions to manage members
|
||||
|
||||
select tests.authenticate_as('test2');
|
||||
|
||||
select row_eq(
|
||||
$$ select public.has_permission(
|
||||
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
|
||||
row(false::boolean),
|
||||
'Foreigners should not have the members.manage permission'
|
||||
);
|
||||
|
||||
-- Custom roles
|
||||
-- New roles created for the app
|
||||
|
||||
set local role service_role;
|
||||
|
||||
-- the name should be unique
|
||||
|
||||
select throws_ok(
|
||||
$$ insert into public.roles (name, hierarchy_level) values ('owner', 4) $$,
|
||||
'duplicate key value violates unique constraint "roles_pkey"'
|
||||
);
|
||||
|
||||
-- the hierarchy level should be unique
|
||||
select throws_ok(
|
||||
$$ insert into public.roles (name, hierarchy_level) values ('custom-role-2', 1) $$,
|
||||
'duplicate key value violates unique constraint "idx_unique_hierarchy_per_account"'
|
||||
);
|
||||
|
||||
-- Custom Account Role
|
||||
-- Roles created specifically for the account
|
||||
|
||||
set local role service_role;
|
||||
|
||||
-- the names should be unique
|
||||
select throws_ok(
|
||||
$$ insert into public.roles (name, hierarchy_level, account_id) values ('owner', 1, makerkit.get_account_id_by_slug('test')) $$,
|
||||
'duplicate key value violates unique constraint "roles_pkey"'
|
||||
);
|
||||
|
||||
-- update user role to custom role
|
||||
update public.accounts_memberships
|
||||
set account_role = 'custom-role'
|
||||
where account_id = makerkit.get_account_id_by_slug('test')
|
||||
and user_id = makerkit.get_user_id('test1@test.com');
|
||||
|
||||
select tests.authenticate_as('test1');
|
||||
|
||||
-- the custom role does not have permissions to manage billing
|
||||
select row_eq(
|
||||
$$ select public.has_permission(
|
||||
auth.uid(), makerkit.get_account_id_by_slug('test'), 'billing.manage'::app_permissions) $$,
|
||||
row(false::boolean),
|
||||
'The custom role should not have the billing.manage permission'
|
||||
);
|
||||
|
||||
-- the custom role can manage members
|
||||
select row_eq(
|
||||
$$ select public.has_permission(
|
||||
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
|
||||
row(true::boolean),
|
||||
'The custom role should have the members.manage permission'
|
||||
);
|
||||
|
||||
select * from finish();
|
||||
|
||||
ROLLBACK;
|
||||
rollback;
|
||||
@@ -9,31 +9,31 @@ select tests.create_supabase_user('test1', 'test1@test.com');
|
||||
|
||||
select tests.create_supabase_user('test2');
|
||||
|
||||
-- Create an organization account
|
||||
-- Create an team account
|
||||
|
||||
select tests.authenticate_as('test1');
|
||||
|
||||
select public.create_account('Test');
|
||||
select public.create_account('Test');
|
||||
select public.create_account('Test');
|
||||
select public.create_team_account('Test');
|
||||
select public.create_team_account('Test');
|
||||
select public.create_team_account('Test');
|
||||
|
||||
-- should automatically create slugs for the accounts
|
||||
select row_eq(
|
||||
$$ select slug from public.accounts where name = 'Test' and slug = 'test' $$,
|
||||
row('test'::text),
|
||||
'The first organization account should automatically create a slug named "test"'
|
||||
'The first team account should automatically create a slug named "test"'
|
||||
);
|
||||
|
||||
select row_eq(
|
||||
$$ select slug from public.accounts where name = 'Test' and slug = 'test-1' $$,
|
||||
row('test-1'::text),
|
||||
'The second organization account should automatically create a slug named "test-1"'
|
||||
'The second team account should automatically create a slug named "test-1"'
|
||||
);
|
||||
|
||||
select row_eq(
|
||||
$$ select slug from public.accounts where name = 'Test' and slug = 'test-2' $$,
|
||||
row('test-2'::text),
|
||||
'The third organization account should automatically create a slug named "test-2"'
|
||||
'The third team account should automatically create a slug named "test-2"'
|
||||
);
|
||||
|
||||
-- Should automatically update the slug if the name is updated
|
||||
@@ -42,7 +42,7 @@ update public.accounts set name = 'Test 4' where slug = 'test-2';
|
||||
select row_eq(
|
||||
$$ select slug from public.accounts where name = 'Test 4' $$,
|
||||
row('test-4'::text),
|
||||
'Updating the name of an organization account should update the slug'
|
||||
'Updating the name of a team account should update the slug'
|
||||
);
|
||||
|
||||
-- Should fail if the slug is updated to an existing slug
|
||||
|
||||
@@ -12,12 +12,12 @@ select
|
||||
select
|
||||
tests.create_supabase_user('test2');
|
||||
|
||||
-- Create an organization account
|
||||
-- Create an team account
|
||||
select
|
||||
tests.authenticate_as('test1');
|
||||
|
||||
select
|
||||
public.create_account('Test');
|
||||
public.create_team_account('Test');
|
||||
|
||||
select
|
||||
row_eq($$
|
||||
@@ -25,9 +25,9 @@ select
|
||||
primary_owner_user_id, is_personal_account, slug, name from
|
||||
makerkit.get_account_by_slug('test') $$, row
|
||||
(tests.get_supabase_uid('test1'), false, 'test'::text,
|
||||
'Test'::varchar), 'Users can create an organization account');
|
||||
'Test'::varchar), 'Users can create a team account');
|
||||
|
||||
-- Should be the primary owner of the organization account by default
|
||||
-- Should be the primary owner of the team account by default
|
||||
select
|
||||
row_eq($$
|
||||
select
|
||||
@@ -40,17 +40,17 @@ select
|
||||
where
|
||||
slug = 'test')
|
||||
and user_id = tests.get_supabase_uid('test1') $$, row
|
||||
('owner'::public.account_role), 'The primary owner should have the owner role for the organization account');
|
||||
('owner'::varchar), 'The primary owner should have the owner role for the team account');
|
||||
|
||||
-- Should be able to see the organization account
|
||||
-- Should be able to see the team account
|
||||
select
|
||||
isnt_empty($$
|
||||
select
|
||||
* from public.accounts
|
||||
where
|
||||
primary_owner_user_id = tests.get_supabase_uid('test1') $$, 'The primary owner should be able to see the organization account');
|
||||
primary_owner_user_id = tests.get_supabase_uid('test1') $$, 'The primary owner should be able to see the team account');
|
||||
|
||||
-- Others should not be able to see the organization account
|
||||
-- Others should not be able to see the team account
|
||||
select
|
||||
tests.authenticate_as('test2');
|
||||
|
||||
@@ -59,16 +59,16 @@ select
|
||||
select
|
||||
* from public.accounts
|
||||
where
|
||||
primary_owner_user_id = tests.get_supabase_uid('test1') $$, 'Other users should not be able to see the organization account');
|
||||
primary_owner_user_id = tests.get_supabase_uid('test1') $$, 'Other users should not be able to see the team account');
|
||||
|
||||
-- should not have any role for the organization account
|
||||
-- should not have any role for the team account
|
||||
select
|
||||
is (public.has_role_on_account((
|
||||
select
|
||||
id
|
||||
from makerkit.get_account_by_slug('test'))),
|
||||
false,
|
||||
'Foreign users should not have any role for the organization account');
|
||||
'Foreign users should not have any role for the team account');
|
||||
|
||||
select
|
||||
*
|
||||
@@ -16,7 +16,7 @@ SELECT schema_privs_are('public', 'anon', Array [NULL], 'Anon should not have ac
|
||||
-- set the role to anonymous for verifying access tests
|
||||
set role anon;
|
||||
select throws_ok('select public.get_config()');
|
||||
select throws_ok('select public.is_set(''enable_organization_accounts'')');
|
||||
select throws_ok('select public.is_set(''enable_team_accounts'')');
|
||||
|
||||
-- set the role to the service_role for testing access
|
||||
set role service_role;
|
||||
@@ -26,7 +26,7 @@ select ok(public.get_config() is not null),
|
||||
-- set the role to authenticated for tests
|
||||
set role authenticated;
|
||||
select ok(public.get_config() is not null), 'Makerkit get_config should be accessible to authenticated users';
|
||||
select ok(public.is_set('enable_organization_accounts')),
|
||||
select ok(public.is_set('enable_team_accounts')),
|
||||
'Makerkit is_set should be accessible to authenticated users';
|
||||
select isnt_empty('select * from public.config', 'authenticated users should have access to Makerkit config');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user