94 lines
3.2 KiB
PL/PgSQL
94 lines
3.2 KiB
PL/PgSQL
begin;
|
|
create extension "basejump-supabase_test_helpers" version '0.0.6';
|
|
|
|
select no_plan();
|
|
|
|
select makerkit.set_identifier('primary_owner', 'test@makerkit.dev');
|
|
select makerkit.set_identifier('owner', 'owner@makerkit.dev');
|
|
select makerkit.set_identifier('member', 'member@makerkit.dev');
|
|
select makerkit.set_identifier('custom', 'custom@makerkit.dev');
|
|
|
|
-- another user not in the team
|
|
select tests.create_supabase_user('test', 'test@supabase.com');
|
|
|
|
-- an owner cannot remove the primary owner
|
|
select makerkit.authenticate_as('owner');
|
|
|
|
select throws_ok(
|
|
$$ delete from public.accounts_memberships
|
|
where account_id = makerkit.get_account_id_by_slug('makerkit')
|
|
and user_id = '31a03e74-1639-45b6-bfa7-77447f1a4762' $$,
|
|
'The primary account owner cannot be actioned'
|
|
);
|
|
|
|
-- an owner can remove accounts with lower roles
|
|
select lives_ok(
|
|
$$ delete from public.accounts_memberships
|
|
where account_id = makerkit.get_account_id_by_slug('makerkit')
|
|
and user_id = '6b83d656-e4ab-48e3-a062-c0c54a427368' $$,
|
|
'Owner should be able to remove a member'
|
|
);
|
|
|
|
-- a member cannot remove a member with a higher role
|
|
select makerkit.authenticate_as('member');
|
|
|
|
-- delete a membership record where the user is a higher role than the current user
|
|
select throws_ok(
|
|
$$ delete from public.accounts_memberships
|
|
where account_id = makerkit.get_account_id_by_slug('makerkit')
|
|
and user_id = '5c064f1b-78ee-4e1c-ac3b-e99aa97c99bf' $$,
|
|
'You do not have permission to action a member from this account'
|
|
);
|
|
|
|
-- an primary_owner cannot remove themselves
|
|
select makerkit.authenticate_as('primary_owner');
|
|
|
|
select throws_ok(
|
|
$$ delete from public.accounts_memberships
|
|
where account_id = makerkit.get_account_id_by_slug('makerkit')
|
|
and user_id = '31a03e74-1639-45b6-bfa7-77447f1a4762' $$,
|
|
'The primary account owner cannot be removed from the account membership list'
|
|
);
|
|
|
|
-- a primary_owner can remove another member
|
|
select lives_ok(
|
|
$$ delete from public.accounts_memberships
|
|
where account_id = makerkit.get_account_id_by_slug('makerkit')
|
|
and user_id = 'b73eb03e-fb7a-424d-84ff-18e2791ce0b4'; $$,
|
|
'Primary owner should be able to remove another member'
|
|
);
|
|
|
|
-- foreigners
|
|
|
|
-- a user not in the account cannot remove a member
|
|
|
|
select makerkit.authenticate_as('test');
|
|
|
|
select throws_ok(
|
|
$$ delete from public.accounts_memberships
|
|
where account_id = '5deaa894-2094-4da3-b4fd-1fada0809d1c'
|
|
and user_id = tests.get_supabase_uid('owner'); $$,
|
|
'You do not have permission to action a member from this account'
|
|
);
|
|
|
|
select makerkit.authenticate_as('owner');
|
|
|
|
select isnt_empty(
|
|
$$ select 1 from public.accounts_memberships
|
|
where account_id = '5deaa894-2094-4da3-b4fd-1fada0809d1c'
|
|
and user_id = tests.get_supabase_uid('owner'); $$,
|
|
'Foreigners should not be able to remove members');
|
|
|
|
select makerkit.authenticate_as('test');
|
|
|
|
-- a user not in the account cannot remove themselves
|
|
select throws_ok(
|
|
$$ delete from public.accounts_memberships
|
|
where account_id = makerkit.get_account_id_by_slug('makerkit')
|
|
and user_id = auth.uid(); $$,
|
|
'You do not have permission to action a member from this account'
|
|
);
|
|
|
|
select * from finish();
|
|
|
|
rollback; |