hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-14 17:02:49 +03:00
Code Issues Projects Releases Wiki Activity

Remove postMetadata permission command calls

Browse Source 
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/8336
GitOrigin-RevId: 588e0e46177ec18ee851a507cadba0f8f95ab457
This commit is contained in:
Tom Harding 2023-03-16 12:04:54 +00:00 committed by hasura-bot
parent 8d21bf207e
commit 080fbe8c5c
5 changed files with 169 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
server/lib/api-tests/src/Test/Regression/RemoteRelationshipStringifyNum8387Spec.hs
View File

@ -220,8 +220,12 @@ lhsPostgresSetup rhsTableName (testEnvironment, _) = do
Schema.trackTable (Text.unpack lhsSourceName_) track testEnvironmentPostgres
-- Setup metadata
Permissions.createPermission testEnvironmentPostgres lhsRole1
Permissions.createPermission testEnvironmentPostgres lhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironmentPostgres lhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironmentPostgres lhsRole2
createRemoteRelationship rhsTableName testEnvironmentPostgres
--------------------------------------------------------------------------------
@ -316,8 +320,11 @@ rhsPostgresSetup (testEnvironment, _) = do
Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironmentPostgres
-- setup metadata
Permissions.createPermission testEnvironmentPostgres rhsRole1
Permissions.createPermission testEnvironmentPostgres rhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironmentPostgres rhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironmentPostgres rhsRole2
--------------------------------------------------------------------------------
-- Tests

57
server/lib/api-tests/src/Test/Schema/ComputedFields/TableSpec.hs
View File

@ -226,41 +226,44 @@ setupMetadata testEnvironment =
},
Fixture.SetupAction
{ Fixture.setupAction =
-- Role user_1 has select permissions on author and article tables.
-- user_1 can query search_articles computed field.
Permission.createPermission
testEnvironment
$ SelectPermission
selectPermission
{ selectPermissionTable = "author",
selectPermissionRole = "user_1",
selectPermissionColumns = (["id", "name"] :: [Text])
},
GraphqlEngine.postMetadata_ testEnvironment do
-- Role user_1 has select permissions on author and article tables.
-- user_1 can query search_articles computed field.
Permission.createPermissionCommand
testEnvironment
$ SelectPermission
selectPermission
{ selectPermissionTable = "author",
selectPermissionRole = "user_1",
selectPermissionColumns = (["id", "name"] :: [Text])
},
Fixture.teardownAction = \_ -> pure ()
},
Fixture.SetupAction
{ Fixture.setupAction =
Permission.createPermission
testEnvironment
$ SelectPermission
selectPermission
{ selectPermissionTable = "article",
selectPermissionRole = "user_1",
selectPermissionColumns = (["id", "title", "content", "author_id"] :: [Text])
},
GraphqlEngine.postMetadata_ testEnvironment do
Permission.createPermissionCommand
testEnvironment
$ SelectPermission
selectPermission
{ selectPermissionTable = "article",
selectPermissionRole = "user_1",
selectPermissionColumns = (["id", "title", "content", "author_id"] :: [Text])
},
Fixture.teardownAction = \_ -> pure ()
},
Fixture.SetupAction
{ Fixture.setupAction =
-- Role user_2 has select permissions only on author table.
Permission.createPermission
testEnvironment
$ SelectPermission
selectPermission
{ selectPermissionTable = "author",
selectPermissionRole = "user_2",
selectPermissionColumns = (["id", "name"] :: [Text])
},
GraphqlEngine.postMetadata_ testEnvironment do
-- Role user_2 has select permissions only on author table.
Permission.createPermissionCommand
testEnvironment
$ SelectPermission
selectPermission
{ selectPermissionTable = "author",
selectPermissionRole = "user_2",
selectPermissionColumns = (["id", "name"] :: [Text])
},
Fixture.teardownAction = \_ -> pure ()
}
]

56
server/lib/api-tests/src/Test/Schema/RemoteRelationships/XToDBArrayRelationshipSpec.hs
View File

@ -319,8 +319,11 @@ lhsPostgresSetup rhsTableName (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment lhsRole1
Permissions.createPermission testEnvironment lhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole2
createRemoteRelationship rhsTableName testEnvironment
@ -342,8 +345,11 @@ lhsCockroachSetup rhsTableName (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment lhsRole1
Permissions.createPermission testEnvironment lhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole2
createRemoteRelationship rhsTableName testEnvironment
@ -364,8 +370,11 @@ lhsCitusSetup rhsTableName (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment lhsRole1
Permissions.createPermission testEnvironment lhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole2
createRemoteRelationship rhsTableName testEnvironment
@ -386,8 +395,11 @@ lhsSQLServerSetup rhsTableName (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment lhsRole1
Permissions.createPermission testEnvironment lhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment lhsRole2
createRemoteRelationship rhsTableName testEnvironment
@ -593,8 +605,11 @@ rhsPostgresSetup (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment rhsRole1
Permissions.createPermission testEnvironment rhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole2
--------------------------------------------------------------------------------
-- RHS Cockroach
@ -613,8 +628,11 @@ rhsCockroachSetup (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment rhsRole1
Permissions.createPermission testEnvironment rhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole2
--------------------------------------------------------------------------------
-- RHS Citus
@ -633,8 +651,11 @@ rhsCitusSetup (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment rhsRole1
Permissions.createPermission testEnvironment rhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole2
--------------------------------------------------------------------------------
-- RHS SQLServer
@ -653,8 +674,11 @@ rhsSQLServerSetup (wholeTestEnvironment, _) = do
Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment
-- Setup permissions
Permissions.createPermission testEnvironment rhsRole1
Permissions.createPermission testEnvironment rhsRole2
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole1
GraphqlEngine.postMetadata_ testEnvironment do
Permissions.createPermissionCommand testEnvironment rhsRole2
--------------------------------------------------------------------------------
-- Tests

165
server/lib/test-harness/src/Harness/Test/Permissions.hs
View File

@ -11,8 +11,8 @@ module Harness.Test.Permissions
SelectPermissionDetails (..),
UpdatePermissionDetails (..),
InsertPermissionDetails (..),
createPermission,
dropPermission,
createPermissionCommand,
dropPermissionCommand,
selectPermission,
updatePermission,
insertPermission,
@ -153,10 +153,14 @@ withPermissions (toList -> permissions) = mapSpecForest (map go)
let permissions' :: [Permission]
permissions' = fmap (withRole "success") permissions
traverse_ (createPermission testEnvironment) permissions'
for_ permissions' \permission ->
GraphqlEngine.postMetadata_ testEnvironment do
createPermissionCommand testEnvironment permission
test testEnvironment {testingRole = Just "success"}
`finally` traverse_ (dropPermission testEnvironment) permissions'
`finally` for_ permissions' \permission ->
GraphqlEngine.postMetadata_ testEnvironment do
dropPermissionCommand testEnvironment permission
failing :: (ActionWith TestEnvironment -> IO ()) -> ActionWith TestEnvironment -> IO ()
failing k test = k \testEnvironment -> do
@ -164,9 +168,12 @@ withPermissions (toList -> permissions) = mapSpecForest (map go)
-- they lead to test failures.
for_ (subsequences permissions) \subsequence ->
unless (subsequence == permissions) do
let permissions' = map (withRole "failure") subsequence
let permissions' :: [Permission]
permissions' = map (withRole "failure") subsequence
traverse_ (createPermission testEnvironment) permissions'
for_ permissions' \permission ->
GraphqlEngine.postMetadata_ testEnvironment do
createPermissionCommand testEnvironment permission
let attempt :: IO () -> IO ()
attempt x =
@ -181,7 +188,9 @@ withPermissions (toList -> permissions) = mapSpecForest (map go)
pure ()
attempt (test testEnvironment {testingRole = Just "failure"})
`finally` traverse_ (dropPermission testEnvironment) permissions'
`finally` for_ permissions' \permission ->
GraphqlEngine.postMetadata_ testEnvironment do
dropPermissionCommand testEnvironment permission
-- | Update the role on a given permission.
withRole :: Text -> Permission -> Permission
@ -193,8 +202,8 @@ withRole role = \case
-- | Send a JSON payload of the common `*_create_*_permission` form.
-- Backends where the format of this api call deviates significantly from this
-- should implement their own variation in its harness module.
createPermission :: TestEnvironment -> Permission -> IO ()
createPermission testEnvironment (InsertPermission InsertPermissionDetails {..}) = do
createPermissionCommand :: TestEnvironment -> Permission -> Aeson.Value
createPermissionCommand testEnvironment (InsertPermission InsertPermissionDetails {..}) = do
let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment
schemaName = Schema.getSchemaName testEnvironment
backendType = BackendType.backendTypeString backendTypeMetadata
@ -205,21 +214,19 @@ createPermission testEnvironment (InsertPermission InsertPermissionDetails {..})
insertPermissionSource
requestType = backendType <> "_create_insert_permission"
qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName insertPermissionTable
GraphqlEngine.postMetadata_
testEnvironment
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *insertPermissionRole
permission:
columns: *insertPermissionColumns
filter: *insertPermissionRows
check: {}
set: {}
|]
createPermission testEnvironment (UpdatePermission UpdatePermissionDetails {..}) = do
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *insertPermissionRole
permission:
columns: *insertPermissionColumns
filter: *insertPermissionRows
check: {}
set: {}
|]
createPermissionCommand testEnvironment (UpdatePermission UpdatePermissionDetails {..}) = do
let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment
schemaName = Schema.getSchemaName testEnvironment
backendType = BackendType.backendTypeString backendTypeMetadata
@ -230,21 +237,19 @@ createPermission testEnvironment (UpdatePermission UpdatePermissionDetails {..})
updatePermissionSource
requestType = backendType <> "_create_update_permission"
qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName updatePermissionTable
GraphqlEngine.postMetadata_
testEnvironment
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *updatePermissionRole
permission:
columns: *updatePermissionColumns
filter: *updatePermissionRows
check: {}
set: {}
|]
createPermission testEnvironment (SelectPermission SelectPermissionDetails {..}) = do
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *updatePermissionRole
permission:
columns: *updatePermissionColumns
filter: *updatePermissionRows
check: {}
set: {}
|]
createPermissionCommand testEnvironment (SelectPermission SelectPermissionDetails {..}) = do
let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment
schemaName = Schema.getSchemaName testEnvironment
backendType = BackendType.backendTypeString backendTypeMetadata
@ -255,67 +260,59 @@ createPermission testEnvironment (SelectPermission SelectPermissionDetails {..})
selectPermissionSource
requestType = backendType <> "_create_select_permission"
qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName selectPermissionTable
GraphqlEngine.postMetadata_
testEnvironment
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *selectPermissionRole
permission:
columns: *selectPermissionColumns
filter: *selectPermissionRows
allow_aggregations: *selectPermissionAllowAggregations
limit: *selectPermissionLimit
|]
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *selectPermissionRole
permission:
columns: *selectPermissionColumns
filter: *selectPermissionRows
allow_aggregations: *selectPermissionAllowAggregations
limit: *selectPermissionLimit
|]
dropPermission :: TestEnvironment -> Permission -> IO ()
dropPermission env (InsertPermission InsertPermissionDetails {..}) = do
dropPermissionCommand :: TestEnvironment -> Permission -> Aeson.Value
dropPermissionCommand env (InsertPermission InsertPermissionDetails {..}) = do
let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env
schemaName = Schema.getSchemaName env
backendType = BackendType.backendTypeString backendTypeMetadata
requestType = backendType <> "_drop_insert_permission"
sourceName = BackendType.backendSourceName backendTypeMetadata
qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName insertPermissionTable
GraphqlEngine.postMetadata_
env
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *insertPermissionRole
|]
dropPermission env (SelectPermission SelectPermissionDetails {..}) = do
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *insertPermissionRole
|]
dropPermissionCommand env (SelectPermission SelectPermissionDetails {..}) = do
let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env
schemaName = Schema.getSchemaName env
backendType = BackendType.backendTypeString backendTypeMetadata
sourceName = BackendType.backendSourceName backendTypeMetadata
requestType = backendType <> "_drop_select_permission"
qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName selectPermissionTable
GraphqlEngine.postMetadata_
env
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *selectPermissionRole
|]
dropPermission env (UpdatePermission UpdatePermissionDetails {..}) = do
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *selectPermissionRole
|]
dropPermissionCommand env (UpdatePermission UpdatePermissionDetails {..}) = do
let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env
schemaName = Schema.getSchemaName env
backendType = BackendType.backendTypeString backendTypeMetadata
sourceName = BackendType.backendSourceName backendTypeMetadata
requestType = backendType <> "_drop_update_permission"
qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName updatePermissionTable
GraphqlEngine.postMetadata_
env
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *updatePermissionRole
|]
[yaml|
type: *requestType
args:
table: *qualifiedTable
source: *sourceName
role: *updatePermissionRole
|]

10
server/lib/test-harness/src/Harness/Test/SetupAction.hs
View File

@ -10,7 +10,7 @@ where
import Control.Exception.Safe (catchAny)
import Harness.GraphqlEngine qualified as GraphqlEngine
import Harness.Test.Permissions (Permission, createPermission, dropPermission)
import Harness.Test.Permissions (Permission, createPermissionCommand, dropPermissionCommand)
import Harness.TestEnvironment (TestEnvironment (..))
import Hasura.Prelude
@ -52,6 +52,10 @@ permitTeardownFail SetupAction {teardownAction = ta, setupAction = sa} =
setupPermissionsAction :: [Permission] -> TestEnvironment -> SetupAction
setupPermissionsAction permissions testEnvironment =
SetupAction
{ setupAction = traverse_ (createPermission testEnvironment) permissions,
teardownAction = const $ traverse_ (dropPermission testEnvironment) permissions
{ setupAction = for_ permissions \permission ->
GraphqlEngine.postMetadata_ testEnvironment do
createPermissionCommand testEnvironment permission,
teardownAction = const $ for_ permissions \permission ->
GraphqlEngine.postMetadata_ testEnvironment do
dropPermissionCommand testEnvironment permission
}