diff --git a/tests/RLS/TableManagerTest.php b/tests/RLS/TableManagerTest.php index e240aa84..5b1166ed 100644 --- a/tests/RLS/TableManagerTest.php +++ b/tests/RLS/TableManagerTest.php @@ -541,8 +541,8 @@ test('table rls manager generates relationship trees with tables related to the ]); })->with([true, false]); -test('table owner sees all the records when forceRls is false while other users only see records scoped to them', function() { - CreateUserWithRLSPolicies::$forceRls = false; +test('table owner sees all the records when forceRls is false while other users only see records scoped to them', function(bool $forceRls) { + CreateUserWithRLSPolicies::$forceRls = $forceRls; // Drop all tables created in beforeEach DB::statement("DROP TABLE authors, categories, posts, comments, reactions, articles;"); @@ -571,12 +571,17 @@ test('table owner sees all the records when forceRls is false while other users pest()->artisan('tenants:rls'); [$order1, $order2] = [ - Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]), - Order::create(['name' => 'order2', 'tenant_id' => $tenant2->getTenantKey()]), + $tenant1->run(fn () => Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()])), + $tenant2->run(fn () => Order::create(['name' => 'order2', 'tenant_id' => $tenant2->getTenantKey()])), ]; - // The table owner should see all the records - expect(Order::all())->toHaveCount(2); + // If forceRls is false, the table owner should see all the records + // Otherwise, a RLS violation exception is thrown when querying the table + if ($forceRls) { + expect(fn () => Order::all())->toThrow(QueryException::class, 'unrecognized configuration parameter'); + } else { + expect(Order::count())->toBe(2); + } tenancy()->initialize($tenant1); @@ -588,7 +593,7 @@ test('table owner sees all the records when forceRls is false while other users expect(Order::count())->toBe(1); expect(Order::first()->name)->toBe($order2->name); -}); +})->with([true, false]); // https://github.com/archtechx/tenancy/pull/1288 test('user without BYPASSRLS can only query owned tables if forceRls is true', function(bool $forceRls) { @@ -621,7 +626,7 @@ test('user without BYPASSRLS can only query owned tables if forceRls is true', f // Create RLS policy for the orders table pest()->artisan('tenants:rls'); - Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]); + $tenant1->run(fn () => Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()])); if ($forceRls) { // RLS is forced, so by default, not even the table owner should be able to query the table protected by the RLS policy.