{ "description": "check author table permissions", "depends": [ "permission.json" ], "items": [ { "name": "create author as user", "url": "/api/1/query", "role": "user", "user_id": "1", "response": {"path":"$","error":"insert on \"author\" for role \"user\" is not allowed. "}, "status_code": 400, "request": { "kind": "insert", "body": { "table": "author", "objects": [ { "name": "Balaji", "auth_id": 1, "email": "google@balaji.com" } ], "returning": [ "id" ] } }, "method": "POST" }, { "name": "create author B1 as admin", "url": "/api/1/table/author/insert", "role": "admin", "user_id": "1", "status_code": 200, "request": { "objects": [ { "name": "B1", "auth_id": 1, "email": "google@gmail.com" } ], "returning": [ "id" ] }, "response": { "affected_rows": 1, "returning": [ { "id": 1 } ] }, "method": "POST" }, { "name": "create author B2 as admin", "url": "/api/1/table/author/insert", "role": "admin", "user_id": "1", "status_code": 200, "request": { "objects": [ { "name": "B2", "auth_id": 2, "email": "google@balaji.com" } ], "returning": [ "id" ] }, "response": { "affected_rows": 1, "returning": [ { "id": 2 } ] }, "method": "POST" }, { "name": "get author as admin", "url": "/api/1/query", "role": "admin", "user_id": "1", "status_code": 200, "request": { "kind": "select", "body": { "table": "author", "columns": [ "name" ] } }, "response": [ { "name": "B1" }, { "name": "B2" } ], "method": "POST" }, { "name": "select as user id 1", "url": "/api/1/query", "role": "user", "user_id": "1", "status_code": 200, "request": { "kind": "select", "body": { "table": "author", "columns": [ "name" ] } }, "response": [ { "name": "B1" } ], "method": "POST" }, { "name": "select as user id 2", "url": "/api/1/query", "role": "user", "user_id": "2", "status_code": 200, "request": { "kind": "select", "body": { "table": "author", "columns": [ "name" ] } }, "response": [ { "name": "B2" } ], "method": "POST" }, { "name": "update B1 as user 1", "url": "/api/1/table/author/update", "role": "user", "user_id": "1", "status_code": 200, "method": "POST", "response": { "affected_rows": 1 }, "request": { "where": { "name": "B1" }, "$set": { "name": "B1 (new)" } } }, { "name": "update B1 as user 2", "url": "/api/1/table/author/update", "role": "user", "user_id": "2", "status_code": 200, "method": "POST", "response": { "affected_rows": 0 }, "request": { "where": { "name": "B1" }, "$set": { "name": "B1 sucks" } } }, { "name": "update email as user", "url": "/api/1/query", "role": "user", "user_id": "1", "status_code": 400, "response": { "path": "$.$set", "error": "role \"user\" does not have permission to update column \"email\"" }, "method": "POST", "request": { "kind": "update", "body": { "table": "author", "where": { "name": "B1" }, "$set": { "email": "B1@gmail.com" } } } } ] }