mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-16 18:42:30 +03:00
77b4b395ef
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5115 GitOrigin-RevId: 8fa2261cefc3d2932542be6b07499b47df74e9d1
217 lines
5.7 KiB
Haskell
217 lines
5.7 KiB
Haskell
{-# LANGUAGE QuasiQuotes #-}
|
|
|
|
-- | Test select permissions
|
|
module Test.Schema.DataValidation.PermissionSpec (spec) where
|
|
|
|
import Harness.Backend.BigQuery qualified as BigQuery
|
|
import Harness.Exceptions
|
|
import Harness.GraphqlEngine qualified as GraphqlEngine
|
|
import Harness.Quoter.Graphql (graphql)
|
|
import Harness.Quoter.Yaml (shouldReturnYaml, yaml)
|
|
import Harness.Test.Context qualified as Context
|
|
import Harness.Test.Schema (Table (..), table)
|
|
import Harness.Test.Schema qualified as Schema
|
|
import Harness.TestEnvironment (TestEnvironment)
|
|
import Test.Hspec (SpecWith, it)
|
|
import Prelude
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
-- ** Preamble
|
|
|
|
spec :: SpecWith TestEnvironment
|
|
spec =
|
|
Context.run
|
|
[ Context.Context
|
|
{ name = Context.Backend Context.BigQuery,
|
|
mkLocalTestEnvironment = Context.noLocalTestEnvironment,
|
|
setup = bigquerySetup,
|
|
teardown = bigqueryTeardown,
|
|
customOptions = Nothing
|
|
}
|
|
]
|
|
tests
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
-- ** Schema
|
|
|
|
schema :: [Schema.Table]
|
|
schema = [author, article]
|
|
|
|
author :: Schema.Table
|
|
author =
|
|
(table "author")
|
|
{ tableColumns =
|
|
[ Schema.column "id" Schema.TInt,
|
|
Schema.column "name" Schema.TStr
|
|
],
|
|
tablePrimaryKey = ["id"],
|
|
tableData =
|
|
[ [Schema.VInt 1, Schema.VStr "Author 1"],
|
|
[Schema.VInt 2, Schema.VStr "Author 2"]
|
|
]
|
|
}
|
|
|
|
article :: Schema.Table
|
|
article =
|
|
(table "article")
|
|
{ tableColumns =
|
|
[ Schema.column "id" Schema.TInt,
|
|
Schema.column "title" Schema.TStr,
|
|
Schema.columnNull "content" Schema.TStr,
|
|
Schema.column "is_published" Schema.TBool,
|
|
Schema.column "author_id" Schema.TInt
|
|
],
|
|
tablePrimaryKey = ["id"],
|
|
tableReferences = [Schema.Reference "author_id" "author" "id"],
|
|
tableData =
|
|
[ [ Schema.VInt 1,
|
|
Schema.VStr "Article 1",
|
|
Schema.VStr "Sample article content 1",
|
|
Schema.VBool False,
|
|
Schema.VInt 1
|
|
],
|
|
[ Schema.VInt 2,
|
|
Schema.VStr "Article 2",
|
|
Schema.VStr "Sample article content 2",
|
|
Schema.VBool True,
|
|
Schema.VInt 2
|
|
]
|
|
]
|
|
}
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
-- ** Setup and teardown
|
|
|
|
bigquerySetup :: (TestEnvironment, ()) -> IO ()
|
|
bigquerySetup (testEnvironment, ()) = do
|
|
BigQuery.setup schema (testEnvironment, ())
|
|
|
|
-- also setup permissions
|
|
GraphqlEngine.postMetadata_ testEnvironment $
|
|
[yaml|
|
|
type: bulk
|
|
args:
|
|
- type: bigquery_create_select_permission
|
|
args:
|
|
source: bigquery
|
|
table:
|
|
dataset: hasura
|
|
name: article
|
|
role: author
|
|
permission:
|
|
filter:
|
|
author_id:
|
|
_eq: X-Hasura-User-Id
|
|
columns: '*'
|
|
- type: bigquery_create_select_permission
|
|
args:
|
|
source: bigquery
|
|
table:
|
|
dataset: hasura
|
|
name: article
|
|
role: user
|
|
permission:
|
|
filter:
|
|
is_published:
|
|
_eq: true
|
|
columns: '*'
|
|
|]
|
|
|
|
bigqueryTeardown :: (TestEnvironment, ()) -> IO ()
|
|
bigqueryTeardown (testEnvironment, ()) = do
|
|
-- teardown permissions
|
|
let teardownPermissions =
|
|
GraphqlEngine.postMetadata_ testEnvironment $
|
|
[yaml|
|
|
type: bigquery_drop_select_permission
|
|
args:
|
|
table:
|
|
name: article
|
|
dataset: hasura
|
|
role: user
|
|
source: bigquery
|
|
|]
|
|
|
|
finally
|
|
teardownPermissions
|
|
-- and then rest of the teardown
|
|
(BigQuery.teardown schema (testEnvironment, ()))
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
-- * Tests
|
|
|
|
tests :: Context.Options -> SpecWith TestEnvironment
|
|
tests opts = do
|
|
it "Author role cannot select articles with mismatching author_id and X-Hasura-User-Id" $ \testEnvironment -> do
|
|
let userHeaders = [("X-Hasura-Role", "author"), ("X-Hasura-User-Id", "0")]
|
|
shouldReturnYaml
|
|
opts
|
|
( GraphqlEngine.postGraphqlWithHeaders
|
|
testEnvironment
|
|
userHeaders
|
|
[graphql|
|
|
query {
|
|
hasura_article {
|
|
id
|
|
author_id
|
|
}
|
|
}
|
|
|]
|
|
)
|
|
[yaml|
|
|
data:
|
|
hasura_article: []
|
|
|]
|
|
|
|
it "Author role can select articles with matching author_id and X-Hasura-User-Id" $ \testEnvironment -> do
|
|
let userHeaders = [("X-Hasura-Role", "author"), ("X-Hasura-User-Id", "1")]
|
|
shouldReturnYaml
|
|
opts
|
|
( GraphqlEngine.postGraphqlWithHeaders
|
|
testEnvironment
|
|
userHeaders
|
|
[graphql|
|
|
query {
|
|
hasura_article {
|
|
id
|
|
author_id
|
|
}
|
|
}
|
|
|]
|
|
)
|
|
[yaml|
|
|
data:
|
|
hasura_article:
|
|
- id: '1'
|
|
author_id: '1'
|
|
|]
|
|
|
|
it "User role can select published articles only" $ \testEnvironment -> do
|
|
let userHeaders = [("X-Hasura-Role", "user"), ("X-Hasura-User-Id", "2")]
|
|
shouldReturnYaml
|
|
opts
|
|
( GraphqlEngine.postGraphqlWithHeaders
|
|
testEnvironment
|
|
userHeaders
|
|
[graphql|
|
|
query {
|
|
hasura_article {
|
|
title
|
|
content
|
|
author_id
|
|
}
|
|
}
|
|
|]
|
|
)
|
|
[yaml|
|
|
data:
|
|
hasura_article:
|
|
- author_id: '2'
|
|
content: Sample article content 2
|
|
title: Article 2
|
|
|]
|