diff --git a/server/graphql-engine.cabal b/server/graphql-engine.cabal index b8c8c8f9bea..dcdcf8cace5 100644 --- a/server/graphql-engine.cabal +++ b/server/graphql-engine.cabal @@ -1250,7 +1250,6 @@ test-suite tests-hspec Test.EventTrigger.EventTriggersRunSQLSpec Test.EventTrigger.EventTriggersExtensionSchemaSpec Test.HelloWorldSpec - Test.InsertCheckPermissionSpec Test.InsertDefaultsSpec Test.InsertOnConflictSpec Test.LongIdentifiersSpec @@ -1283,10 +1282,11 @@ test-suite tests-hspec Test.RemoteRelationship.XToDBObjectRelationshipSpec Test.RemoteRelationship.XToRemoteSchemaRelationshipSpec Test.RunSQLSpec + Test.Schema.DataValidation.Permissions.SelectSpec + Test.Schema.DataValidation.Permissions.InsertSpec Test.Schema.CustomFieldNames.MutationSpec Test.Schema.CustomFieldNames.QuerySpec Test.SQLServer.InsertVarcharColumnSpec - Test.Schema.DataValidation.PermissionSpec Test.Schema.DefaultValuesSpec Test.Schema.EnumSpec Test.Schema.TableRelationships.ArrayRelationshipsSpec diff --git a/server/tests-hspec/Test/InsertCheckPermissionSpec.hs b/server/tests-hspec/Test/InsertCheckPermissionSpec.hs deleted file mode 100644 index 89edc1eea02..00000000000 --- a/server/tests-hspec/Test/InsertCheckPermissionSpec.hs +++ /dev/null @@ -1,258 +0,0 @@ -{-# LANGUAGE QuasiQuotes #-} - --- | Test insert check permissions -module Test.InsertCheckPermissionSpec (spec) where - -import Data.List.NonEmpty qualified as NE -import Harness.Backend.Sqlserver qualified as Sqlserver -import Harness.Exceptions -import Harness.GraphqlEngine qualified as GraphqlEngine -import Harness.Quoter.Graphql (graphql) -import Harness.Quoter.Yaml (yaml) -import Harness.Test.Fixture qualified as Fixture -import Harness.Test.Schema (Table (..), table) -import Harness.Test.Schema qualified as Schema -import Harness.TestEnvironment (TestEnvironment) -import Harness.Yaml (shouldReturnYaml) -import Hasura.Prelude -import Test.Hspec (SpecWith, it) - --------------------------------------------------------------------------------- - --- ** Preamble - -spec :: SpecWith TestEnvironment -spec = - Fixture.run - ( NE.fromList - [ (Fixture.fixture $ Fixture.Backend Fixture.SQLServer) - { Fixture.setupTeardown = \(testEnv, _) -> - [mssqlSetupTeardown testEnv] - } - ] - ) - tests - --------------------------------------------------------------------------------- - --- ** Schema - -schema :: [Schema.Table] -schema = [author, article] - -author :: Schema.Table -author = - (table "author") - { tableColumns = - [ Schema.column "id" Schema.TInt, - Schema.column "name" Schema.TStr - ], - tablePrimaryKey = ["id"], - tableData = - [ [Schema.VInt 1, Schema.VStr "Author 1"], - [Schema.VInt 2, Schema.VStr "Author 2"] - ] - } - -article :: Schema.Table -article = - (table "article") - { tableColumns = - [ Schema.column "id" Schema.TInt, - Schema.column "title" Schema.TStr, - Schema.columnNull "content" Schema.TStr, - Schema.column "author_id" Schema.TInt - ], - tablePrimaryKey = ["id"], - tableReferences = [Schema.Reference "author_id" "author" "id"] - } - --------------------------------------------------------------------------------- - --- ** Setup and teardown - -mssqlSetupTeardown :: TestEnvironment -> Fixture.SetupAction -mssqlSetupTeardown testEnv = - Fixture.SetupAction - (mssqlSetup (testEnv, ())) - (const $ mssqlTeardown (testEnv, ())) - -mssqlSetup :: (TestEnvironment, ()) -> IO () -mssqlSetup (testEnvironment, ()) = do - Sqlserver.setup schema (testEnvironment, ()) - - -- also setup permissions - GraphqlEngine.postMetadata_ testEnvironment $ - [yaml| -type: bulk -args: -- type: mssql_create_insert_permission - args: - source: mssql - table: - schema: hasura - name: article - role: user - permission: - check: - author_by_author_id_to_id: - id: X-Hasura-User-Id - columns: - - id - - title - - content - - author_id -- type: mssql_create_select_permission - args: - source: mssql - table: - schema: hasura - name: article - role: user - permission: - filter: - author_by_author_id_to_id: - id: X-Hasura-User-Id - columns: - - id - - title - - content - - author_id -- type: mssql_create_insert_permission - args: - source: mssql - table: - schema: hasura - name: author - role: user - permission: - check: - id: X-Hasura-User-Id - columns: - - id - - name -|] - -mssqlTeardown :: (TestEnvironment, ()) -> IO () -mssqlTeardown (testEnvironment, ()) = do - -- teardown permissions - let teardownPermissions = - GraphqlEngine.postMetadata_ testEnvironment $ - [yaml| -type: bulk -args: -- type: mssql_drop_insert_permission - args: - source: mssql - table: - schema: hasura - name: article - role: user -- type: mssql_drop_select_permission - args: - source: mssql - table: - schema: hasura - name: article - role: user -- type: mssql_drop_insert_permission - args: - source: mssql - table: - schema: hasura - name: author - role: user -|] - - finally - teardownPermissions - -- and then rest of the teardown - (Sqlserver.teardown schema (testEnvironment, ())) - --------------------------------------------------------------------------------- - --- * Tests - -tests :: Fixture.Options -> SpecWith TestEnvironment -tests opts = do - let userHeaders = [("X-Hasura-Role", "user"), ("X-Hasura-User-Id", "2")] - it "Insert article with mismatching author_id and X-Hasura-User-Id" $ \testEnvironment -> - shouldReturnYaml - opts - ( GraphqlEngine.postGraphqlWithHeaders - testEnvironment - userHeaders - [graphql| -mutation { - insert_hasura_article( - objects:[{id: 1, title: "Author 1 article", author_id: 1}] - ){ - affected_rows - } -} -|] - ) - [yaml| -errors: -- extensions: - path: "$" - code: permission-error - message: check constraint of an insert permission has failed -|] - - it "Insert article with matching author_id and X-Hasura-User-Id" $ \testEnvironment -> - shouldReturnYaml - opts - ( GraphqlEngine.postGraphqlWithHeaders - testEnvironment - userHeaders - [graphql| -mutation { - insert_hasura_article( - objects:[{id: 1, title: "Author 2 article", author_id: 2}] - ){ - affected_rows - returning { - id - title - content - author_id - } - } -} -|] - ) - [yaml| -data: - insert_hasura_article: - returning: - - author_id: 2 - content: null - id: 1 - title: Author 2 article - affected_rows: 1 -|] - - it "Insert author with mismatching id and X-Hasura-User-Id" $ \testEnvironment -> - shouldReturnYaml - opts - ( GraphqlEngine.postGraphqlWithHeaders - testEnvironment - userHeaders - [graphql| -mutation { - insert_hasura_author( - objects: [{id: 3, name: "Author 3"}] - ){ - affected_rows - } -} -|] - ) - [yaml| -errors: -- extensions: - path: "$" - code: permission-error - message: check constraint of an insert permission has failed -|] diff --git a/server/tests-hspec/Test/Schema/DataValidation/PermissionSpec.hs b/server/tests-hspec/Test/Schema/DataValidation/PermissionSpec.hs deleted file mode 100644 index 6b4ca13e766..00000000000 --- a/server/tests-hspec/Test/Schema/DataValidation/PermissionSpec.hs +++ /dev/null @@ -1,236 +0,0 @@ -{-# LANGUAGE QuasiQuotes #-} - --- | Test select permissions -module Test.Schema.DataValidation.PermissionSpec (spec) where - -import Data.List.NonEmpty qualified as NE -import Harness.Backend.BigQuery qualified as BigQuery -import Harness.GraphqlEngine qualified as GraphqlEngine -import Harness.Quoter.Graphql (graphql) -import Harness.Quoter.Yaml (interpolateYaml, yaml) -import Harness.Test.Fixture qualified as Fixture -import Harness.Test.Schema (Table (..), table) -import Harness.Test.Schema qualified as Schema -import Harness.TestEnvironment (TestEnvironment) -import Harness.Yaml (shouldReturnYaml) -import Hasura.Prelude -import Test.Hspec (SpecWith, it) - --------------------------------------------------------------------------------- - --- ** Preamble - -spec :: SpecWith TestEnvironment -spec = - Fixture.run - ( NE.fromList - [ (Fixture.fixture $ Fixture.Backend Fixture.BigQuery) - { Fixture.setupTeardown = \(testEnv, _) -> - [ BigQuery.setupTablesAction schema testEnv - ] - <> bigqueryPermissionsSetup testEnv - } - ] - ) - tests - --------------------------------------------------------------------------------- - --- ** Schema - -schema :: [Schema.Table] -schema = [author, article] - -author :: Schema.Table -author = - (table "author") - { tableColumns = - [ Schema.column "id" Schema.TInt, - Schema.column "name" Schema.TStr - ], - tablePrimaryKey = ["id"], - tableData = - [ [Schema.VInt 1, Schema.VStr "Author 1"], - [Schema.VInt 2, Schema.VStr "Author 2"] - ] - } - -article :: Schema.Table -article = - (table "article") - { tableColumns = - [ Schema.column "id" Schema.TInt, - Schema.column "title" Schema.TStr, - Schema.columnNull "content" Schema.TStr, - Schema.column "is_published" Schema.TBool, - Schema.column "author_id" Schema.TInt - ], - tablePrimaryKey = ["id"], - tableReferences = [Schema.Reference "author_id" "author" "id"], - tableData = - [ [ Schema.VInt 1, - Schema.VStr "Article 1", - Schema.VStr "Sample article content 1", - Schema.VBool False, - Schema.VInt 1 - ], - [ Schema.VInt 2, - Schema.VStr "Article 2", - Schema.VStr "Sample article content 2", - Schema.VBool True, - Schema.VInt 2 - ] - ] - } - --------------------------------------------------------------------------------- - --- ** Setup and teardown - -bigqueryPermissionsSetup :: TestEnvironment -> [Fixture.SetupAction] -bigqueryPermissionsSetup testEnvironment = - let schemaName = Schema.getSchemaName testEnvironment - in [ Fixture.SetupAction - { setupAction = - GraphqlEngine.postMetadata_ - testEnvironment - [yaml| - type: bigquery_create_select_permission - args: - source: bigquery - table: - dataset: *schemaName - name: article - role: author - permission: - filter: - author_id: - _eq: X-Hasura-User-Id - columns: '*' - |], - teardownAction = \_ -> - GraphqlEngine.postMetadata_ - testEnvironment - [yaml| - type: bigquery_drop_select_permission - args: - table: - name: article - dataset: *schemaName - role: author - source: bigquery - |] - }, - Fixture.SetupAction - { setupAction = - GraphqlEngine.postMetadata_ - testEnvironment - [yaml| - type: bigquery_create_select_permission - args: - source: bigquery - table: - dataset: *schemaName - name: article - role: user - permission: - filter: - is_published: - _eq: true - columns: '*' - |], - teardownAction = \_ -> - GraphqlEngine.postMetadata_ - testEnvironment - [yaml| - type: bigquery_drop_select_permission - args: - table: - name: article - dataset: *schemaName - role: user - source: bigquery - |] - } - ] - --------------------------------------------------------------------------------- - --- * Tests - -tests :: Fixture.Options -> SpecWith TestEnvironment -tests opts = do - it "Author role cannot select articles with mismatching author_id and X-Hasura-User-Id" $ \testEnvironment -> do - let userHeaders = [("X-Hasura-Role", "author"), ("X-Hasura-User-Id", "0")] - schemaName = Schema.getSchemaName testEnvironment - - shouldReturnYaml - opts - ( GraphqlEngine.postGraphqlWithHeaders - testEnvironment - userHeaders - [graphql| - query { - #{schemaName}_article { - id - author_id - } - } - |] - ) - [interpolateYaml| - data: - #{schemaName}_article: [] - |] - - it "Author role can select articles with matching author_id and X-Hasura-User-Id" $ \testEnvironment -> do - let userHeaders = [("X-Hasura-Role", "author"), ("X-Hasura-User-Id", "1")] - schemaName = Schema.getSchemaName testEnvironment - - shouldReturnYaml - opts - ( GraphqlEngine.postGraphqlWithHeaders - testEnvironment - userHeaders - [graphql| - query { - #{schemaName}_article { - id - author_id - } - } - |] - ) - [interpolateYaml| - data: - #{schemaName}_article: - - id: '1' - author_id: '1' - |] - - it "User role can select published articles only" $ \testEnvironment -> do - let userHeaders = [("X-Hasura-Role", "user"), ("X-Hasura-User-Id", "2")] - schemaName = Schema.getSchemaName testEnvironment - - shouldReturnYaml - opts - ( GraphqlEngine.postGraphqlWithHeaders - testEnvironment - userHeaders - [graphql| - query { - #{schemaName}_article { - title - content - author_id - } - } - |] - ) - [interpolateYaml| - data: - #{schemaName}_article: - - author_id: '2' - content: Sample article content 2 - title: Article 2 - |] diff --git a/server/tests-hspec/Test/Schema/DataValidation/Permissions/InsertSpec.hs b/server/tests-hspec/Test/Schema/DataValidation/Permissions/InsertSpec.hs new file mode 100644 index 00000000000..cfdd42c6ead --- /dev/null +++ b/server/tests-hspec/Test/Schema/DataValidation/Permissions/InsertSpec.hs @@ -0,0 +1,280 @@ +{-# LANGUAGE QuasiQuotes #-} + +-- | Test insert permissions +-- +-- https://hasura.io/docs/latest/schema/bigquery/data-validations/#using-hasura-permissions +-- https://hasura.io/docs/latest/schema/postgres/data-validations/#using-hasura-permissions +module Test.Schema.DataValidation.Permissions.InsertSpec (spec) where + +import Data.Aeson (Value) +import Data.List.NonEmpty qualified as NE +import Harness.Backend.Sqlserver qualified as Sqlserver +import Harness.GraphqlEngine (postGraphqlWithHeaders, postMetadata_) +import Harness.Quoter.Graphql (graphql) +import Harness.Quoter.Yaml (interpolateYaml) +import Harness.Test.Fixture qualified as Fixture +import Harness.Test.Schema (Table (..), table) +import Harness.Test.Schema qualified as Schema +import Harness.TestEnvironment (TestEnvironment) +import Harness.Yaml (shouldReturnYaml) +import Hasura.Prelude +import Test.Hspec (SpecWith, describe, it) + +-- BigQuery should also work if we make a second version of the metadata with +-- "dataset" instead of "schema" as our key name. +spec :: SpecWith TestEnvironment +spec = do + Fixture.run + ( NE.fromList + [ (Fixture.fixture $ Fixture.Backend Fixture.SQLServer) + { Fixture.setupTeardown = \(testEnvironment, _) -> + [ Sqlserver.setupTablesAction schema testEnvironment, + setupMetadata Fixture.SQLServer testEnvironment + ] + } + ] + ) + tests + +-------------------------------------------------------------------------------- + +-- ** Schema + +schema :: [Schema.Table] +schema = + [ (table "author") + { tableColumns = + [ Schema.column "id" Schema.TInt, + Schema.column "name" Schema.TStr + ], + tablePrimaryKey = ["id"], + tableData = + [ [Schema.VInt 1, Schema.VStr "Author 1"], + [Schema.VInt 2, Schema.VStr "Author 2"] + ] + }, + (table "article") + { tableColumns = + [ Schema.column "id" Schema.TInt, + Schema.column "title" Schema.TStr, + Schema.columnNull "content" Schema.TStr, + Schema.column "author_id" Schema.TInt + ], + tablePrimaryKey = ["id"], + tableReferences = [Schema.Reference "author_id" "author" "id"] + } + ] + +-------------------------------------------------------------------------------- +-- Tests + +tests :: Fixture.Options -> SpecWith TestEnvironment +tests opts = do + let shouldBe :: IO Value -> Value -> IO () + shouldBe = shouldReturnYaml opts + + describe "Permissions on mutations" do + it "Rejects insertions by authors on behalf of others" \testEnvironment -> do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + let expected :: Value + expected = + [interpolateYaml| + errors: + - extensions: + path: "$" + code: permission-error + message: check constraint of an insert permission has failed + |] + + actual :: IO Value + actual = + postGraphqlWithHeaders + testEnvironment + [ ("X-Hasura-Role", "user"), + ("X-Hasura-User-Id", "2") + ] + [graphql| + mutation { + insert_#{schemaName}_article(objects: [ + { id: 1, title: "Author 1 article", author_id: 1 } + ]) { + affected_rows + } + } + |] + + actual `shouldBe` expected + + it "Allows authors to insert their own articles" \testEnvironment -> do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + expected :: Value + expected = + [interpolateYaml| + data: + insert_#{schemaName}_article: + returning: + - author_id: 2 + content: null + id: 1 + title: Author 2 article + affected_rows: 1 + |] + + actual :: IO Value + actual = + postGraphqlWithHeaders + testEnvironment + [ ("X-Hasura-Role", "user"), + ("X-Hasura-User-Id", "2") + ] + [graphql| + mutation { + insert_#{schemaName}_article(objects: [ + { id: 1, title: "Author 2 article", author_id: 2 } + ]) { + affected_rows + returning { + id + title + content + author_id + } + } + } + |] + + actual `shouldBe` expected + + it "Authors can't add other authors" $ \testEnvironment -> do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + expected :: Value + expected = + [interpolateYaml| + errors: + - extensions: + path: "$" + code: permission-error + message: check constraint of an insert permission has failed + |] + + actual :: IO Value + actual = + postGraphqlWithHeaders + testEnvironment + [ ("X-Hasura-Role", "user"), + ("X-Hasura-User-Id", "2") + ] + [graphql| + mutation { + insert_#{schemaName}_author(objects: [ + { id: 3, name: "Author 3" } + ]) { + affected_rows + } + } + |] + + actual `shouldBe` expected + +-------------------------------------------------------------------------------- +-- Metadata + +setupMetadata :: Fixture.BackendType -> TestEnvironment -> Fixture.SetupAction +setupMetadata backendType testEnvironment = do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + backend :: String + backend = Fixture.defaultSource backendType + + setup :: IO () + setup = + postMetadata_ + testEnvironment + [interpolateYaml| + type: bulk + args: + - type: #{backend}_create_insert_permission + args: + source: #{backend} + table: + schema: #{schemaName} + name: article + role: user + permission: + check: + author_by_author_id_to_id: + id: X-Hasura-User-Id + columns: + - id + - title + - content + - author_id + - type: #{backend}_create_select_permission + args: + source: #{backend} + table: + schema: #{schemaName} + name: article + role: user + permission: + filter: + author_by_author_id_to_id: + id: X-Hasura-User-Id + columns: + - id + - title + - content + - author_id + - type: #{backend}_create_insert_permission + args: + source: #{backend} + table: + schema: #{schemaName} + name: author + role: user + permission: + check: + id: X-Hasura-User-Id + columns: + - id + - name + |] + + teardown :: IO () + teardown = + postMetadata_ + testEnvironment + [interpolateYaml| + type: bulk + args: + - type: #{backend}_drop_insert_permission + args: + source: #{backend} + table: + schema: #{schemaName} + name: article + role: user + - type: #{backend}_drop_select_permission + args: + source: #{backend} + table: + schema: #{schemaName} + name: article + role: user + - type: #{backend}_drop_insert_permission + args: + source: #{backend} + table: + schema: #{schemaName} + name: author + role: user + |] + + Fixture.SetupAction setup \_ -> teardown diff --git a/server/tests-hspec/Test/Schema/DataValidation/Permissions/SelectSpec.hs b/server/tests-hspec/Test/Schema/DataValidation/Permissions/SelectSpec.hs new file mode 100644 index 00000000000..7962706f217 --- /dev/null +++ b/server/tests-hspec/Test/Schema/DataValidation/Permissions/SelectSpec.hs @@ -0,0 +1,254 @@ +{-# LANGUAGE QuasiQuotes #-} + +-- | Test select permissions +-- +-- https://hasura.io/docs/latest/schema/bigquery/data-validations/#using-hasura-permissions +-- https://hasura.io/docs/latest/schema/postgres/data-validations/#using-hasura-permissions +module Test.Schema.DataValidation.Permissions.SelectSpec (spec) where + +import Data.Aeson (Value) +import Data.List.NonEmpty qualified as NE +import Harness.Backend.BigQuery qualified as BigQuery +import Harness.GraphqlEngine (postGraphqlWithHeaders, postMetadata_) +import Harness.Quoter.Graphql (graphql) +import Harness.Quoter.Yaml (interpolateYaml) +import Harness.Test.Fixture qualified as Fixture +import Harness.Test.Schema (Table (..), table) +import Harness.Test.Schema qualified as Schema +import Harness.TestEnvironment (TestEnvironment) +import Harness.Yaml (shouldReturnYaml) +import Hasura.Prelude +import Test.Hspec (SpecWith, describe, it) + +spec :: SpecWith TestEnvironment +spec = do + Fixture.run + ( NE.fromList + [ (Fixture.fixture $ Fixture.Backend Fixture.BigQuery) + { Fixture.setupTeardown = \(testEnvironment, _) -> + [ BigQuery.setupTablesAction schema testEnvironment, + setupMetadata Fixture.BigQuery testEnvironment + ], + Fixture.customOptions = + Just $ + Fixture.Options + { stringifyNumbers = True + } + } + ] + ) + tests + +-------------------------------------------------------------------------------- +-- Schema + +schema :: [Schema.Table] +schema = + [ (table "author") + { tableColumns = + [ Schema.column "id" Schema.TInt, + Schema.column "name" Schema.TStr + ], + tablePrimaryKey = ["id"], + tableData = + [ [Schema.VInt 1, Schema.VStr "Author 1"], + [Schema.VInt 2, Schema.VStr "Author 2"] + ] + }, + (table "article") + { tableColumns = + [ Schema.column "id" Schema.TInt, + Schema.column "title" Schema.TStr, + Schema.columnNull "content" Schema.TStr, + Schema.column "is_published" Schema.TBool, + Schema.column "author_id" Schema.TInt + ], + tablePrimaryKey = ["id"], + tableReferences = [Schema.Reference "author_id" "author" "id"], + tableData = + [ [ Schema.VInt 1, + Schema.VStr "Article 1", + Schema.VStr "Sample article content 1", + Schema.VBool False, + Schema.VInt 1 + ], + [ Schema.VInt 2, + Schema.VStr "Article 2", + Schema.VStr "Sample article content 2", + Schema.VBool True, + Schema.VInt 2 + ] + ] + } + ] + +-------------------------------------------------------------------------------- +-- Tests + +tests :: Fixture.Options -> SpecWith TestEnvironment +tests opts = do + let shouldBe :: IO Value -> Value -> IO () + shouldBe = shouldReturnYaml opts + + describe "Permissions on queries" do + it "Authors can't select another author's articles" \testEnvironment -> do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + expected :: Value + expected = + [interpolateYaml| + data: + #{schemaName}_article: [] + |] + + actual :: IO Value + actual = + postGraphqlWithHeaders + testEnvironment + [ ("X-Hasura-Role", "author"), + ("X-Hasura-User-Id", "0") + ] + [graphql| + query { + #{schemaName}_article { + id + author_id + } + } + |] + + actual `shouldBe` expected + + it "Authors can select their own articles" \testEnvironment -> do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + expected :: Value + expected = + [interpolateYaml| + data: + #{schemaName}_article: + - id: '1' + author_id: '1' + |] + + actual :: IO Value + actual = + postGraphqlWithHeaders + testEnvironment + [ ("X-Hasura-Role", "author"), + ("X-Hasura-User-Id", "1") + ] + [graphql| + query { + #{schemaName}_article { + id + author_id + } + } + |] + + actual `shouldBe` expected + + it "User role can select published articles only" $ \testEnvironment -> do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + expected :: Value + expected = + [interpolateYaml| + data: + #{schemaName}_article: + - author_id: '2' + content: Sample article content 2 + title: Article 2 + |] + + actual :: IO Value + actual = + postGraphqlWithHeaders + testEnvironment + [ ("X-Hasura-Role", "user"), + ("X-Hasura-User-Id", "2") + ] + [graphql| + query { + #{schemaName}_article { + title + content + author_id + } + } + |] + + actual `shouldBe` expected + +-------------------------------------------------------------------------------- +-- Metadata + +setupMetadata :: Fixture.BackendType -> TestEnvironment -> Fixture.SetupAction +setupMetadata backendType testEnvironment = do + let schemaName :: Schema.SchemaName + schemaName = Schema.getSchemaName testEnvironment + + backend :: String + backend = Fixture.defaultSource backendType + + setup :: IO () + setup = + postMetadata_ + testEnvironment + [interpolateYaml| + type: bulk + args: + - type: #{backend}_create_select_permission + args: + source: #{backend} + table: + dataset: #{schemaName} + name: article + role: author + permission: + filter: + author_id: + _eq: X-Hasura-User-Id + columns: "*" + - type: #{backend}_create_select_permission + args: + source: #{backend} + table: + dataset: #{schemaName} + name: article + role: user + permission: + filter: + is_published: + _eq: true + columns: "*" + |] + + teardown :: IO () + teardown = + postMetadata_ + testEnvironment + [interpolateYaml| + type: bulk + args: + - type: #{backend}_drop_select_permission + args: + source: #{backend} + table: + name: article + dataset: #{schemaName} + role: author + - type: #{backend}_drop_select_permission + args: + source: #{backend} + table: + name: article + dataset: #{schemaName} + role: user + |] + + Fixture.SetupAction setup \_ -> teardown