2011-06-13 11:23:02 +08:00
require ( '../helper' ) ;
var _ = require ( 'underscore' )
, PSQL = require ( '../../app/models/psql' )
, assert = require ( 'assert' ) ;
2013-11-06 00:49:10 +08:00
var public _user = global . settings . db _pubuser ;
2013-11-18 18:42:43 +08:00
var dbopts _auth = {
host : global . settings . db _host ,
port : global . settings . db _port ,
user : _ . template ( global . settings . db _user , { user _id : 1 } ) ,
2013-11-18 20:31:11 +08:00
dbname : _ . template ( global . settings . db _base _name , { user _id : 1 } ) ,
pass : _ . template ( global . settings . db _user _pass , { user _id : 1 } )
2013-11-18 18:42:43 +08:00
}
var dbopts _anon = _ . clone ( dbopts _auth ) ;
dbopts _anon . user = global . settings . db _pubuser ;
2013-11-18 20:31:11 +08:00
dbopts _anon . pass = global . settings . db _pubuser _pass ;
2013-11-18 18:42:43 +08:00
2012-07-13 04:54:12 +08:00
suite ( 'psql' , function ( ) {
test ( 'test throws error if no args passed to constructor' , function ( ) {
var msg ;
2011-06-13 11:23:02 +08:00
try {
2012-06-02 04:07:22 +08:00
var pg = new PSQL ( ) ;
2011-06-13 11:23:02 +08:00
} catch ( err ) {
2012-07-13 04:54:12 +08:00
msg = err . message ;
2011-06-13 11:23:02 +08:00
}
2012-07-13 04:54:12 +08:00
assert . equal ( msg , "Incorrect access parameters. If you are accessing via OAuth, please check your tokens are correct. For public users, please ensure your table is published." ) ;
} ) ;
2011-06-13 11:23:02 +08:00
2012-07-13 04:54:12 +08:00
test ( 'test private user can execute SELECTS on db' , function ( done ) {
2013-11-18 18:42:43 +08:00
var pg = new PSQL ( dbopts _auth ) ;
2012-06-02 04:12:29 +08:00
var sql = "SELECT 1 as test_sum" ;
2011-06-13 11:23:02 +08:00
pg . query ( sql , function ( err , result ) {
2013-11-18 18:42:43 +08:00
assert . ok ( ! err , err ) ;
2011-06-13 11:23:02 +08:00
assert . equal ( result . rows [ 0 ] . test _sum , 1 ) ;
2012-07-13 04:54:12 +08:00
done ( ) ;
2011-06-13 11:23:02 +08:00
} ) ;
2012-07-13 04:54:12 +08:00
} ) ;
2011-06-13 11:23:02 +08:00
2012-07-13 04:54:12 +08:00
test ( 'test private user can execute CREATE on db' , function ( done ) {
2013-11-18 18:42:43 +08:00
var pg = new PSQL ( dbopts _auth ) ;
2012-06-02 04:12:29 +08:00
var sql = "DROP TABLE IF EXISTS distributors; CREATE TABLE distributors (id integer, name varchar(40), UNIQUE(name))" ;
2011-06-13 11:23:02 +08:00
pg . query ( sql , function ( err , result ) {
2012-07-13 04:54:12 +08:00
assert . ok ( _ . isNull ( err ) ) ;
done ( ) ;
2011-06-13 11:23:02 +08:00
} ) ;
2012-07-13 04:54:12 +08:00
} ) ;
2011-06-13 11:23:02 +08:00
2012-07-13 04:54:12 +08:00
test ( 'test private user can execute INSERT on db' , function ( done ) {
2013-11-18 18:42:43 +08:00
var pg = new PSQL ( dbopts _auth ) ;
2012-06-02 04:12:29 +08:00
var sql = "DROP TABLE IF EXISTS distributors1; CREATE TABLE distributors1 (id integer, name varchar(40), UNIQUE(name))" ;
2011-06-13 11:23:02 +08:00
pg . query ( sql , function ( err , result ) {
2012-06-02 04:12:29 +08:00
sql = "INSERT INTO distributors1 (id, name) VALUES (1, 'fish')" ;
2011-06-13 11:23:02 +08:00
pg . query ( sql , function ( err , result ) {
2012-07-13 04:54:12 +08:00
assert . deepEqual ( result . rows , [ ] ) ;
done ( ) ;
2011-06-13 11:23:02 +08:00
} ) ;
} ) ;
2012-07-13 04:54:12 +08:00
} ) ;
2011-06-13 11:23:02 +08:00
2013-11-06 00:49:10 +08:00
test ( 'test public user can execute SELECT on enabled tables' , function ( done ) {
2013-11-18 18:42:43 +08:00
var pg = new PSQL ( dbopts _auth ) ;
2013-11-06 00:49:10 +08:00
var sql = "DROP TABLE IF EXISTS distributors2; CREATE TABLE distributors2 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors2 TO " + public _user + ";" ;
2011-06-13 11:23:02 +08:00
pg . query ( sql , function ( err , result ) {
2013-11-18 18:42:43 +08:00
pg = new PSQL ( dbopts _anon )
2011-06-13 11:23:02 +08:00
pg . query ( "SELECT count(*) FROM distributors2" , function ( err , result ) {
assert . equal ( result . rows [ 0 ] . count , 0 ) ;
2012-07-13 04:54:12 +08:00
done ( ) ;
2011-06-13 11:23:02 +08:00
} ) ;
} ) ;
2012-07-13 04:54:12 +08:00
} ) ;
2011-06-13 11:23:02 +08:00
2013-11-06 00:49:10 +08:00
test ( 'test public user cannot execute INSERT on db' , function ( done ) {
2013-11-18 18:42:43 +08:00
var pg = new PSQL ( dbopts _auth ) ;
2013-11-06 00:49:10 +08:00
var sql = "DROP TABLE IF EXISTS distributors3; CREATE TABLE distributors3 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors3 TO " + public _user + ";" ;
2011-06-13 11:23:02 +08:00
pg . query ( sql , function ( err , result ) {
2013-11-18 18:42:43 +08:00
pg = new PSQL ( dbopts _anon ) ;
2011-06-13 11:23:02 +08:00
pg . query ( "INSERT INTO distributors3 (id, name) VALUES (1, 'fishy')" , function ( err , result ) {
2012-07-13 04:54:12 +08:00
assert . equal ( err . message , 'permission denied for relation distributors3' ) ;
done ( ) ;
2011-06-13 11:23:02 +08:00
} ) ;
} ) ;
2012-07-13 04:54:12 +08:00
} ) ;
2013-06-14 17:18:16 +08:00
test ( 'Windowed SQL with simple select' , function ( ) {
// NOTE: intentionally mixed-case and space-padded
var sql = "\n \tSEleCT * from table1" ;
var out = PSQL . window _sql ( sql , 1 , 0 ) ;
assert . equal ( out , "SELECT * FROM (" + sql + ") AS cdbq_1 LIMIT 1 OFFSET 0" ) ;
} ) ;
test ( 'Windowed SQL with CTE select' , function ( ) {
// NOTE: intentionally mixed-case and space-padded
var cte = "\n \twiTh x as( update test set x=x+1)" ;
var select = "\n \tSEleCT * from x" ;
var sql = cte + select ;
var out = PSQL . window _sql ( sql , 1 , 0 ) ;
assert . equal ( out , cte + "SELECT * FROM (" + select + ") AS cdbq_1 LIMIT 1 OFFSET 0" ) ;
} ) ;
test ( 'Windowed SQL with CTE update' , function ( ) {
// NOTE: intentionally mixed-case and space-padded
var cte = "\n \twiTh a as( update test set x=x+1)" ;
var upd = "\n \tupdate tost set y=x from x" ;
var sql = cte + upd ;
var out = PSQL . window _sql ( sql , 1 , 0 ) ;
assert . equal ( out , sql ) ;
} ) ;
test ( 'Windowed SQL with complex CTE and insane quoting' , function ( ) {
// NOTE: intentionally mixed-case and space-padded
var cte = "\n \twiTh \"('a\" as( update \"\"\"test)\" set x='x'+1), \")b(\" as ( select ')))\"' from z )" ;
var sel = "\n \tselect '\"' from x" ;
var sql = cte + sel ;
var out = PSQL . window _sql ( sql , 1 , 0 ) ;
assert . equal ( out , cte + "SELECT * FROM (" + sel + ") AS cdbq_1 LIMIT 1 OFFSET 0" ) ;
} ) ;
2012-07-13 04:54:12 +08:00
} ) ;