mirror of
https://github.com/archtechx/tenancy.git
synced 2025-12-12 14:34:04 +00:00
[4.x] Make forcing RLS configurable (#1293)
* Add `$forceRls` static property to tenants:rls * Set `$forceRls` in tests where scoping is tested, add non-superuser, non-bypassrls table owner test * Move DROP TABLE statement * Remove try/catch * Put DROP OWNED BY into try/catch * Static property cleanup in afterEach * Make with() matrix syntax more clear by using with() multiple times * Fix typo, improve comment * Move and update force RLS comment * Add test for `$forceRls = false`, refactor BYPASSRLS test * Update link in test comment * Add a dataset for `$forceRls` in the table owner test, fix BYPASSRLS test * Correct PR link comment * minor fixes * Add test that makes the bypassrls/forceRls behavior clear * Delete redundant test * cleanup * Update tests/RLS/TableManagerTest.php Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Samuel Štancl <samuel@archte.ch> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
lukinovec
GitHub
parent
e74e1f92e1
commit
2057e1e5ae
4 changed files with 181 additions and 20 deletions
|
|
@ -28,6 +28,7 @@ use Stancl\Tenancy\Database\Concerns\BelongsToPrimaryModel;
|
|||
use function Stancl\Tenancy\Tests\pest;
|
||||
|
||||
beforeEach(function () {
|
||||
CreateUserWithRLSPolicies::$forceRls = true;
|
||||
TraitRLSManager::$implicitRLS = true;
|
||||
TraitRLSManager::$modelDirectories = [__DIR__ . '/Etc'];
|
||||
TraitRLSManager::$excludedModels = [Article::class];
|
||||
|
|
@ -78,6 +79,10 @@ beforeEach(function () {
|
|||
});
|
||||
});
|
||||
|
||||
afterEach(function () {
|
||||
CreateUserWithRLSPolicies::$forceRls = true;
|
||||
});
|
||||
|
||||
test('correct rls policies get created with the correct hash using trait manager', function () {
|
||||
$manager = app(TraitRLSManager::class);
|
||||
|
||||
|
|
@ -149,7 +154,8 @@ test('global scope is not applied when using rls with single db traits', functio
|
|||
expect(NonRLSComment::make()->hasGlobalScope(ParentModelScope::class))->toBeFalse();
|
||||
});
|
||||
|
||||
test('queries are correctly scoped using RLS with trait rls manager', function (bool $implicitRLS) {
|
||||
test('queries are correctly scoped using RLS with trait rls manager', function (bool $implicitRLS, bool $forceRls) {
|
||||
CreateUserWithRLSPolicies::$forceRls = $forceRls;
|
||||
TraitRLSManager::$implicitRLS = $implicitRLS;
|
||||
|
||||
$postModel = $implicitRLS ? NonRLSPost::class : Post::class;
|
||||
|
|
@ -263,10 +269,7 @@ test('queries are correctly scoped using RLS with trait rls manager', function (
|
|||
|
||||
expect(fn () => DB::statement("INSERT INTO comments (text, post_id) VALUES ('third comment', {$post1->id})"))
|
||||
->toThrow(QueryException::class);
|
||||
})->with([
|
||||
true,
|
||||
false
|
||||
]);
|
||||
})->with([true, false])->with([true, false]);
|
||||
|
||||
test('trait rls manager generates queries correctly', function() {
|
||||
/** @var TraitRLSManager $manager */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue