104 lines
3.1 KiB
PL/PgSQL
104 lines
3.1 KiB
PL/PgSQL
BEGIN;
|
|
create extension "basejump-supabase_test_helpers" version '0.0.6';
|
|
|
|
select no_plan();
|
|
|
|
--- we insert a user into auth.users and return the id into user_id to use
|
|
|
|
select tests.create_supabase_user('test1', 'test1@test.com');
|
|
|
|
select tests.create_supabase_user('test2');
|
|
|
|
-- Create an team account
|
|
|
|
select makerkit.authenticate_as('test1');
|
|
|
|
select public.create_team_account('Test');
|
|
|
|
-- the owner account has permissions to manage members
|
|
select row_eq(
|
|
$$ select public.has_permission(
|
|
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
|
|
row(true::boolean),
|
|
'The owner of the team account should have the members.manage permission'
|
|
);
|
|
|
|
-- the owner account has permissions to manage billing
|
|
select row_eq(
|
|
$$ select public.has_permission(
|
|
auth.uid(), makerkit.get_account_id_by_slug('test'), 'billing.manage'::app_permissions) $$,
|
|
row(true::boolean),
|
|
'The owner of the team account should have the billing.manage permission'
|
|
);
|
|
|
|
-- Foreigner should not have permissions to manage members
|
|
|
|
select makerkit.authenticate_as('test2');
|
|
|
|
select row_eq(
|
|
$$ select public.has_permission(
|
|
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
|
|
row(false::boolean),
|
|
'Foreigners should not have the members.manage permission'
|
|
);
|
|
|
|
-- Custom roles
|
|
-- New roles created for the app
|
|
|
|
set local role postgres;
|
|
|
|
-- the name should be unique
|
|
|
|
select throws_ok(
|
|
$$ insert into public.roles (name, hierarchy_level) values ('owner', 4) $$,
|
|
'duplicate key value violates unique constraint "roles_pkey"'
|
|
);
|
|
|
|
-- the hierarchy level should be unique
|
|
select throws_ok(
|
|
$$ insert into public.roles (name, hierarchy_level) values ('custom-role-2', 1) $$,
|
|
'duplicate key value violates unique constraint "roles_hierarchy_level_key"'
|
|
);
|
|
|
|
-- Custom Account Role
|
|
|
|
set local role postgres;
|
|
|
|
-- the names should be unique
|
|
select throws_ok(
|
|
$$ insert into public.roles (name, hierarchy_level) values ('owner', 1) $$,
|
|
'duplicate key value violates unique constraint "roles_pkey"'
|
|
);
|
|
|
|
-- update user role to custom role
|
|
update public.accounts_memberships
|
|
set account_role = 'custom-role'
|
|
where account_id = makerkit.get_account_id_by_slug('test')
|
|
and user_id = tests.get_supabase_uid('test1');
|
|
|
|
set local role postgres;
|
|
|
|
-- insert permissions for the custom role
|
|
insert into public.role_permissions (role, permission) values ('custom-role', 'members.manage');
|
|
|
|
select makerkit.authenticate_as('test1');
|
|
|
|
-- the custom role does not have permissions to manage billing
|
|
select row_eq(
|
|
$$ select public.has_permission(
|
|
auth.uid(), makerkit.get_account_id_by_slug('test'), 'billing.manage'::app_permissions) $$,
|
|
row(false::boolean),
|
|
'The custom role should not have the billing.manage permission'
|
|
);
|
|
|
|
-- the custom role can manage members
|
|
select row_eq(
|
|
$$ select public.has_permission(
|
|
auth.uid(), makerkit.get_account_id_by_slug('test'), 'members.manage'::app_permissions) $$,
|
|
row(true::boolean),
|
|
'The custom role should have the members.manage permission'
|
|
);
|
|
|
|
select * from finish();
|
|
|
|
rollback; |