237 lines
8.8 KiB
PL/PgSQL
237 lines
8.8 KiB
PL/PgSQL
begin;
|
|
select plan(19); -- Total number of tests
|
|
|
|
-- ============================================================================
|
|
-- RLS Enabled Test
|
|
-- ============================================================================
|
|
|
|
SELECT is(
|
|
(SELECT relrowsecurity FROM pg_class WHERE relname = 'notifications' AND relnamespace = 'public'::regnamespace),
|
|
true,
|
|
'RLS should be enabled on notifications table'
|
|
);
|
|
|
|
-- ============================================================================
|
|
-- Notifications Table RLS Policies
|
|
-- ============================================================================
|
|
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM pg_policies WHERE tablename = 'notifications' AND policyname = 'Users can view their own notifications') > 0,
|
|
'Policy for viewing own notifications should exist'
|
|
);
|
|
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM pg_policies WHERE tablename = 'notifications' AND policyname = 'Users can mark their own notifications as read') > 0,
|
|
'Policy for marking notifications as read should exist'
|
|
);
|
|
|
|
-- Test policy commands
|
|
SELECT is(
|
|
(SELECT cmd FROM pg_policies WHERE tablename = 'notifications' AND policyname = 'Users can view their own notifications' LIMIT 1),
|
|
'SELECT',
|
|
'View notifications policy should be for SELECT'
|
|
);
|
|
|
|
SELECT is(
|
|
(SELECT cmd FROM pg_policies WHERE tablename = 'notifications' AND policyname = 'Users can mark their own notifications as read' LIMIT 1),
|
|
'UPDATE',
|
|
'Mark as read policy should be for UPDATE'
|
|
);
|
|
|
|
-- Test policy uses auth.uid() for isolation
|
|
SELECT ok(
|
|
(SELECT qual::text FROM pg_policies
|
|
WHERE tablename = 'notifications'
|
|
AND policyname = 'Users can view their own notifications'
|
|
LIMIT 1) LIKE '%auth.uid()%',
|
|
'SELECT policy should use auth.uid() for user isolation'
|
|
);
|
|
|
|
-- Test UPDATE policy allows updating read_at
|
|
SELECT ok(
|
|
(SELECT with_check::text FROM pg_policies
|
|
WHERE tablename = 'notifications'
|
|
AND policyname = 'Users can mark their own notifications as read'
|
|
LIMIT 1) LIKE '%read_at%',
|
|
'UPDATE policy should check read_at field'
|
|
);
|
|
|
|
-- ============================================================================
|
|
-- Notifications Behavior Tests with Mock Data
|
|
-- ============================================================================
|
|
|
|
-- Create test users and generate some notifications
|
|
DO $$
|
|
DECLARE
|
|
user1_id uuid := gen_random_uuid();
|
|
user2_id uuid := gen_random_uuid();
|
|
test_tablo_id text;
|
|
BEGIN
|
|
-- Insert test users
|
|
INSERT INTO auth.users (id, instance_id, aud, role, email, encrypted_password, email_confirmed_at, created_at, updated_at)
|
|
VALUES
|
|
(user1_id, '00000000-0000-0000-0000-000000000000', 'authenticated', 'authenticated', 'notifrlsuser1_' || user1_id::text || '@test.com', 'encrypted', now(), now(), now()),
|
|
(user2_id, '00000000-0000-0000-0000-000000000000', 'authenticated', 'authenticated', 'notifrlsuser2_' || user2_id::text || '@test.com', 'encrypted', now(), now(), now())
|
|
ON CONFLICT DO NOTHING;
|
|
|
|
-- Insert test profiles
|
|
INSERT INTO public.profiles (id, email, first_name, last_name, short_user_id)
|
|
VALUES
|
|
(user1_id, 'notifrlsuser1_' || user1_id::text || '@test.com', 'NotifRLS', 'User1', substring(user1_id::text from 1 for 8)),
|
|
(user2_id, 'notifrlsuser2_' || user2_id::text || '@test.com', 'NotifRLS', 'User2', substring(user2_id::text from 1 for 8))
|
|
ON CONFLICT DO NOTHING;
|
|
|
|
-- Set auth context to user1 for creating test data
|
|
PERFORM set_config('request.jwt.claims', json_build_object('sub', user1_id::text)::text, true);
|
|
|
|
-- Create a tablo as user1
|
|
INSERT INTO public.tablos (owner_id, name, status, position)
|
|
VALUES (user1_id, 'RLS Test Tablo', 'todo', 0)
|
|
RETURNING id INTO test_tablo_id;
|
|
|
|
-- Grant access to user2
|
|
INSERT INTO public.tablo_access (tablo_id, user_id, granted_by, is_active, is_admin)
|
|
VALUES (test_tablo_id, user2_id, user1_id, true, false);
|
|
|
|
-- Update tablo to trigger notification for user2
|
|
UPDATE public.tablos
|
|
SET name = 'RLS Test Tablo Updated'
|
|
WHERE id = test_tablo_id;
|
|
|
|
-- Store test IDs
|
|
PERFORM set_config('test.rls_user1_id', user1_id::text, true);
|
|
PERFORM set_config('test.rls_user2_id', user2_id::text, true);
|
|
PERFORM set_config('test.rls_tablo_id', test_tablo_id, true);
|
|
END $$;
|
|
|
|
-- Test: Notifications exist for test users
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM public.notifications
|
|
WHERE user_id = current_setting('test.rls_user2_id')::uuid) > 0,
|
|
'Notifications should exist for test user2'
|
|
);
|
|
|
|
-- Test: User2 received notification about tablo update
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM public.notifications
|
|
WHERE user_id = current_setting('test.rls_user2_id')::uuid
|
|
AND entity_type = 'tablos'
|
|
AND entity_id = current_setting('test.rls_tablo_id')) > 0,
|
|
'User2 should have notification for tablo update'
|
|
);
|
|
|
|
-- Test: Actor (user1) did not receive notification for their own action
|
|
SELECT is(
|
|
(SELECT COUNT(*)::integer FROM public.notifications
|
|
WHERE user_id = current_setting('test.rls_user1_id')::uuid
|
|
AND actor_id = current_setting('test.rls_user1_id')::uuid
|
|
AND entity_id = current_setting('test.rls_tablo_id')),
|
|
0,
|
|
'User should not receive notifications for their own actions'
|
|
);
|
|
|
|
-- Test: Notifications have proper structure
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM public.notifications
|
|
WHERE user_id = current_setting('test.rls_user2_id')::uuid
|
|
AND message IS NOT NULL
|
|
AND length(message->>'en') > 0
|
|
AND length(message->>'fr') > 0) > 0,
|
|
'Notifications should have non-empty messages in both en and fr'
|
|
);
|
|
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM public.notifications
|
|
WHERE user_id = current_setting('test.rls_user2_id')::uuid
|
|
AND metadata IS NOT NULL
|
|
AND jsonb_typeof(metadata) = 'object') > 0,
|
|
'Notifications should have valid JSONB metadata'
|
|
);
|
|
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM public.notifications
|
|
WHERE user_id = current_setting('test.rls_user2_id')::uuid
|
|
AND action_type IN ('created', 'updated')) > 0,
|
|
'Notifications should have valid action_type'
|
|
);
|
|
|
|
-- ============================================================================
|
|
-- Test Notification Updates (Mark as Read)
|
|
-- ============================================================================
|
|
|
|
-- Test: Update read_at on a notification
|
|
DO $$
|
|
DECLARE
|
|
test_notif_id uuid;
|
|
BEGIN
|
|
-- Get an unread notification for user2
|
|
SELECT id INTO test_notif_id
|
|
FROM public.notifications
|
|
WHERE user_id = current_setting('test.rls_user2_id')::uuid
|
|
AND read_at IS NULL
|
|
LIMIT 1;
|
|
|
|
IF test_notif_id IS NOT NULL THEN
|
|
-- Update the notification
|
|
UPDATE public.notifications
|
|
SET read_at = now()
|
|
WHERE id = test_notif_id;
|
|
|
|
PERFORM set_config('test.updated_notif_id', test_notif_id::text, true);
|
|
PERFORM set_config('test.notif_was_updated', 'true', true);
|
|
ELSE
|
|
PERFORM set_config('test.notif_was_updated', 'false', true);
|
|
PERFORM set_config('test.updated_notif_id', '00000000-0000-0000-0000-000000000000', true);
|
|
END IF;
|
|
END $$;
|
|
|
|
-- Verify the update worked
|
|
SELECT ok(
|
|
CASE
|
|
WHEN current_setting('test.notif_was_updated', true) = 'true' THEN
|
|
(SELECT read_at IS NOT NULL
|
|
FROM public.notifications
|
|
WHERE id = current_setting('test.updated_notif_id', true)::uuid
|
|
LIMIT 1)
|
|
ELSE true -- Skip if no notification was found
|
|
END,
|
|
'Notification should be updatable with read_at timestamp'
|
|
);
|
|
|
|
-- ============================================================================
|
|
-- Test Data Isolation
|
|
-- ============================================================================
|
|
|
|
-- Test: Count notifications for user1 vs user2
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM public.notifications WHERE user_id = current_setting('test.rls_user1_id')::uuid) >= 0,
|
|
'User1 notifications count should be valid'
|
|
);
|
|
|
|
SELECT ok(
|
|
(SELECT COUNT(*) FROM public.notifications WHERE user_id = current_setting('test.rls_user2_id')::uuid) > 0,
|
|
'User2 should have at least one notification'
|
|
);
|
|
|
|
-- ============================================================================
|
|
-- Foreign Key Constraints Tests
|
|
-- ============================================================================
|
|
|
|
SELECT has_fk('public', 'notifications', 'notifications should have foreign key constraints');
|
|
|
|
-- Test that notifications.user_id references auth.users.id
|
|
SELECT fk_ok(
|
|
'public', 'notifications', 'user_id',
|
|
'auth', 'users', 'id',
|
|
'notifications.user_id should reference auth.users.id'
|
|
);
|
|
|
|
-- Test that notifications.actor_id references auth.users.id
|
|
SELECT fk_ok(
|
|
'public', 'notifications', 'actor_id',
|
|
'auth', 'users', 'id',
|
|
'notifications.actor_id should reference auth.users.id'
|
|
);
|
|
|
|
select * from finish();
|
|
rollback;
|