archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2025-12-12 12:44:02 +00:00
Code Activity

Add a dataset for $forceRls in the table owner test, fix BYPASSRLS test

Browse source
This commit is contained in:
Samuel Štancl 2025-03-19 13:41:08 +01:00
parent e4a32e17b7
commit 925e83afe3
1 changed files with 13 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tests/RLS/TableManagerTest.php
View file

@ -541,8 +541,8 @@ test('table rls manager generates relationship trees with tables related to the
]);
})->with([true, false]);
test('table owner sees all the records when forceRls is false while other users only see records scoped to them', function() {
CreateUserWithRLSPolicies::$forceRls = false;
test('table owner sees all the records when forceRls is false while other users only see records scoped to them', function(bool $forceRls) {
CreateUserWithRLSPolicies::$forceRls = $forceRls;
// Drop all tables created in beforeEach
DB::statement("DROP TABLE authors, categories, posts, comments, reactions, articles;");
@ -571,12 +571,17 @@ test('table owner sees all the records when forceRls is false while other users
pest()->artisan('tenants:rls');
[$order1, $order2] = [
Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]),
Order::create(['name' => 'order2', 'tenant_id' => $tenant2->getTenantKey()]),
$tenant1->run(fn () => Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()])),
$tenant2->run(fn () => Order::create(['name' => 'order2', 'tenant_id' => $tenant2->getTenantKey()])),
];
// The table owner should see all the records
expect(Order::all())->toHaveCount(2);
// If forceRls is false, the table owner should see all the records
// Otherwise, a RLS violation exception is thrown when querying the table
if ($forceRls) {
expect(fn () => Order::all())->toThrow(QueryException::class, 'unrecognized configuration parameter');
} else {
expect(Order::count())->toBe(2);
}
tenancy()->initialize($tenant1);
@ -588,7 +593,7 @@ test('table owner sees all the records when forceRls is false while other users
expect(Order::count())->toBe(1);
expect(Order::first()->name)->toBe($order2->name);
});
})->with([true, false]);
// https://github.com/archtechx/tenancy/pull/1288
test('user without BYPASSRLS can only query owned tables if forceRls is true', function(bool $forceRls) {
@ -621,7 +626,7 @@ test('user without BYPASSRLS can only query owned tables if forceRls is true', f
// Create RLS policy for the orders table
pest()->artisan('tenants:rls');
Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]);
$tenant1->run(fn () => Order::create(['name' => 'order1', 'tenant_id' => $tenant1->getTenantKey()]));
if ($forceRls) {
// RLS is forced, so by default, not even the table owner should be able to query the table protected by the RLS policy.