archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2025-12-12 23:34:03 +00:00
Code Activity

Add a dataset for $forceRls in the table owner test, fix BYPASSRLS test

Browse source
This commit is contained in:
Samuel Štancl 2025-03-19 13:41:08 +01:00
parent e4a32e17b7
commit 925e83afe3
1 changed files with 13 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tests/RLS/TableManagerTest.php
View file

@ -541,8 +541,8 @@ test('table rls manager generates relationship trees with tables related to the
]); ]);
})->with([true, false]); })->with([true, false]);
test('table owner sees all the records when forceRls is false while other users only see records scoped to them', function() { test('table owner sees all the records when forceRls is false while other users only see records scoped to them', function(bool $forceRls) {
CreateUserWithRLSPolicies::$forceRls = false; CreateUserWithRLSPolicies::$forceRls = $forceRls;
// Drop all tables created in beforeEach // Drop all tables created in beforeEach
DB::statement("DROP TABLE authors, categories, posts, comments, reactions, articles;"); DB::statement("DROP TABLE authors, categories, posts, comments, reactions, articles;");
@ -571,12 +571,17 @@ test('table owner sees all the records when forceRls is false while other users
pest()->artisan('tenants:rls'); pest()->artisan('tenants:rls');
[$order1, $order2] = [ [$order1, $order2] = [
Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]), $tenant1->run(fn () => Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()])),
Order::create(['name' => 'order2', 'tenant_id' => $tenant2->getTenantKey()]), $tenant2->run(fn () => Order::create(['name' => 'order2', 'tenant_id' => $tenant2->getTenantKey()])),
]; ];
// The table owner should see all the records // If forceRls is false, the table owner should see all the records
expect(Order::all())->toHaveCount(2); // Otherwise, a RLS violation exception is thrown when querying the table
if ($forceRls) {
expect(fn () => Order::all())->toThrow(QueryException::class, 'unrecognized configuration parameter');
} else {
expect(Order::count())->toBe(2);
}
tenancy()->initialize($tenant1); tenancy()->initialize($tenant1);
@ -588,7 +593,7 @@ test('table owner sees all the records when forceRls is false while other users
expect(Order::count())->toBe(1); expect(Order::count())->toBe(1);
expect(Order::first()->name)->toBe($order2->name); expect(Order::first()->name)->toBe($order2->name);
}); })->with([true, false]);
// https://github.com/archtechx/tenancy/pull/1288 // https://github.com/archtechx/tenancy/pull/1288
test('user without BYPASSRLS can only query owned tables if forceRls is true', function(bool $forceRls) { test('user without BYPASSRLS can only query owned tables if forceRls is true', function(bool $forceRls) {
@ -621,7 +626,7 @@ test('user without BYPASSRLS can only query owned tables if forceRls is true', f
// Create RLS policy for the orders table // Create RLS policy for the orders table
pest()->artisan('tenants:rls'); pest()->artisan('tenants:rls');
Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]); $tenant1->run(fn () => Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]));
if ($forceRls) { if ($forceRls) {
// RLS is forced, so by default, not even the table owner should be able to query the table protected by the RLS policy. // RLS is forced, so by default, not even the table owner should be able to query the table protected by the RLS policy.