From 741af3929c5f5003a01a73be753ffee466c73404 Mon Sep 17 00:00:00 2001
From: lukinovec <lukinovec@gmail.com>
Date: Wed, 14 Jun 2023 09:40:55 +0200
Subject: [PATCH] Add test for granting permissions to new Postgres users

---
 tests/PostgresRLSTest.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/PostgresRLSTest.php b/tests/PostgresRLSTest.php
index 07adca53..80702c64 100644
--- a/tests/PostgresRLSTest.php
+++ b/tests/PostgresRLSTest.php
@@ -38,6 +38,8 @@ beforeEach(function () {
     config(['tenancy.models.tenant_key_column' => 'tenant_id']);
     config(['tenancy.models.tenant' => $tenantClass = Tenant::class]);
 
+    CreatePostgresUserForTenant::$permissions = ['ALL'];
+
     $tenantModel = new $tenantClass;
     $primaryModel = new Post;
     $secondaryModel = new ScopedComment;
@@ -205,6 +207,18 @@ test('queries are correctly scoped using RLS', function() {
     tenancy()->end();
 });
 
+test('users created by CreatePostgresUserForTenant are only granted the permissions specified in the static property', function() {
+    CreatePostgresUserForTenant::$permissions = ['INSERT', 'SELECT', 'UPDATE'];
+    $tenant = Tenant::create();
+    $name = $tenant->getTenantKey();
+    CreatePostgresUserForTenant::dispatchSync($tenant);
+
+    $grants = array_map(fn (object $grant) => $grant->privilege_type, DB::select("SELECT * FROM information_schema.role_table_grants WHERE grantee = '$name';"));
+
+    expect($grants)->toContain(...CreatePostgresUserForTenant::$permissions)
+        ->not()->toContain('DELETE');
+});
+
 trait UsesUuidAsPrimaryKey
 {
     use HasUuids;