graphql-engine/server/testcases/check_author_table_permissions.json

{
  "description": "check author table permissions",
  "depends": [
    "permission.json"
  ],
  "items": [
    {
      "name": "create author as user",
      "url": "/api/1/query",
      "role": "user",
      "user_id": "1",
      "response":        {"path":"$","error":"insert  on \"author\" for role \"user\" is not allowed. "},
      "status_code": 400,
      "request": {
        "kind": "insert",
        "body": {
          "table": "author",
          "objects": [
            {
              "name": "Balaji",
              "auth_id": 1,
              "email": "google@balaji.com"
            }
          ],
          "returning": [
            "id"
          ]
        }
      },
      "method": "POST"
    },
    {
      "name": "create author B1 as admin",
      "url": "/api/1/table/author/insert",
      "role": "admin",
      "user_id": "1",
      "status_code": 200,
      "request": {
        "objects": [
          {
            "name": "B1",
            "auth_id": 1,
            "email": "google@gmail.com"
          }
        ],
        "returning": [
          "id"
        ]
      },
      "response": {
        "affected_rows": 1,
        "returning": [
          {
            "id": 1
          }
        ]
      },
      "method": "POST"
    },
    {
      "name": "create author B2 as admin",
      "url": "/api/1/table/author/insert",
      "role": "admin",
      "user_id": "1",
      "status_code": 200,
      "request": {
        "objects": [
          {
            "name": "B2",
            "auth_id": 2,
            "email": "google@balaji.com"
          }
        ],
        "returning": [
          "id"
        ]
      },
      "response": {
        "affected_rows": 1,
        "returning": [
          {
            "id": 2
          }
        ]
      },
      "method": "POST"
    },
    {
      "name": "get author as admin",
      "url": "/api/1/query",
      "role": "admin",
      "user_id": "1",
      "status_code": 200,
      "request": {
        "kind": "select",
        "body": {
          "table": "author",
          "columns": [
            "name"
          ]
        }
      },
      "response": [
        {
          "name": "B1"
        },
        {
          "name": "B2"
        }
      ],
      "method": "POST"
    },
    {
      "name": "select as user id 1",
      "url": "/api/1/query",
      "role": "user",
      "user_id": "1",
      "status_code": 200,
      "request": {
        "kind": "select",
        "body": {
          "table": "author",
          "columns": [
            "name"
          ]
        }
      },
      "response": [
        {
          "name": "B1"
        }
      ],
      "method": "POST"
    },
    {
      "name": "select as user id 2",
      "url": "/api/1/query",
      "role": "user",
      "user_id": "2",
      "status_code": 200,
      "request": {
        "kind": "select",
        "body": {
          "table": "author",
          "columns": [
            "name"
          ]
        }
      },
      "response": [
        {
          "name": "B2"
        }
      ],
      "method": "POST"
    },
    {
      "name": "update B1 as user 1",
      "url": "/api/1/table/author/update",
      "role": "user",
      "user_id": "1",
      "status_code": 200,
      "method": "POST",
      "response": {
        "affected_rows": 1
      },
      "request": {
        "where": {
          "name": "B1"
        },
        "$set": {
          "name": "B1 (new)"
        }
      }
    },
    {
      "name": "update B1 as user 2",
      "url": "/api/1/table/author/update",
      "role": "user",
      "user_id": "2",
      "status_code": 200,
      "method": "POST",
      "response": {
        "affected_rows": 0
      },
      "request": {
        "where": {
          "name": "B1"
        },
        "$set": {
          "name": "B1 sucks"
        }
      }
    },
    {
      "name": "update email as user",
      "url": "/api/1/query",
      "role": "user",
      "user_id": "1",
      "status_code": 400,
      "response": {
        "path": "$.$set",
        "error": "role \"user\" does not have permission to update column \"email\""
      },
      "method": "POST",
      "request": {
        "kind": "update",
        "body": {
          "table": "author",
          "where": {
            "name": "B1"
          },
          "$set": {
            "email": "B1@gmail.com"
          }
        }
      }
    }
  ]
}