zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f7fe67f7f7fcde615c48094c1ebf3d33dd5dc9e3
myeasycms-v2/apps/web/supabase/tests/database/account-permissions.test.sql
giancarlo f7fe67f7f7 Update test cases and improve account actioning 
This commit refactors Supabase test cases to reflect the updated account actioning mechanism. The "makerkit.get_user_id" function calls were replaced with the new "tests.get_supabase_uid" function, aligning with the testing structure update. It also introduces new policies which further refine user role actions with more precise checks, replacing the old 'delete' policy with the more comprehensive 'can_action_account_member' function. New test cases for updating memberships and deleting memberships have also been added.
2024-04-20 23:22:18 +08:00

105 lines
3.2 KiB
PL/PgSQL
Raw Blame History

BEGIN;
create extension "basejump-supabase_test_helpers" version '0.0.6';
select no_plan();
--- we insert a user into auth.users and return the id into user_id to use
select tests.create_supabase_user('test1', 'test1@test.com');
select tests.create_supabase_user('test2');
-- Create an team account
select tests.authenticate_as('test1');
select public.create_team_account('Test');
-- the owner account has permissions to manage members
select row_eq(
$$ select public.has_permission(
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
row(true::boolean),
'The owner of the team account should have the members.manage permission'
);
-- the owner account has permissions to manage billing
select row_eq(
$$ select public.has_permission(
auth.uid(), makerkit.get_account_id_by_slug('test'), 'billing.manage'::app_permissions) $$,
row(true::boolean),
'The owner of the team account should have the billing.manage permission'
);
-- Foreigner should not have permissions to manage members
select tests.authenticate_as('test2');
select row_eq(
$$ select public.has_permission(
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
row(false::boolean),
'Foreigners should not have the members.manage permission'
);
-- Custom roles
-- New roles created for the app
set local role service_role;
-- the name should be unique
select throws_ok(
$$ insert into public.roles (name, hierarchy_level) values ('owner', 4) $$,
'duplicate key value violates unique constraint "roles_pkey"'
);
-- the hierarchy level should be unique
select throws_ok(
$$ insert into public.roles (name, hierarchy_level) values ('custom-role-2', 1) $$,
'duplicate key value violates unique constraint "idx_unique_hierarchy_per_account"'
);
-- Custom Account Role
-- Roles created specifically for the account
set local role service_role;
-- the names should be unique
select throws_ok(
$$ insert into public.roles (name, hierarchy_level, account_id) values ('owner', 1, makerkit.get_account_id_by_slug('test')) $$,
'duplicate key value violates unique constraint "roles_pkey"'
);
-- update user role to custom role
update public.accounts_memberships
set account_role = 'custom-role'
where account_id = makerkit.get_account_id_by_slug('test')
and user_id = tests.get_supabase_uid('test1');
set local role postgres;
-- insert permissions for the custom role
insert into public.role_permissions (role, permission) values ('custom-role', 'members.manage');
select tests.authenticate_as('test1');
-- the custom role does not have permissions to manage billing
select row_eq(
$$ select public.has_permission(
auth.uid(), makerkit.get_account_id_by_slug('test'), 'billing.manage'::app_permissions) $$,
row(false::boolean),
'The custom role should not have the billing.manage permission'
);
-- the custom role can manage members
select row_eq(
$$ select public.has_permission(
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
row(true::boolean),
'The custom role should have the members.manage permission'
);
select * from finish();
rollback;
Reference in New Issue View Git Blame Copy Permalink