Add test for system tables

2011-11-21 23:06:38 +00:00 · 2011-11-21 23:06:38 +00:00 · 8ebdd0474c
commit 8ebdd0474c
parent de191ed33b
3 changed files with 19 additions and 6 deletions
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@ -159,7 +159,7 @@ function handleException(err, res){
        console.log(err.stack);
    }

-    res.send(msg, 400);
+    res.send(msg, 500);
 }

 module.exports = app;
--- a/app/models/psql.js
+++ b/app/models/psql.js
@ -86,6 +86,9 @@ var PSQL = function(user_id, db, limit, offset){
    }
  };

+  // throw exception if system table detected
+  
+
  return me;
 };

--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@ -28,7 +28,7 @@ tests['GET /api/v1/sql'] = function(){
        method: 'GET'
    },{
        body: '{"error":["You must indicate a sql query"]}',
-        status: 400
+        status: 500
    });
 };

@ -71,7 +71,7 @@ tests['GET /api/v1/sql with SQL parameter on INSERT only. oAuth not used, so pub
        url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)&database=cartodb_dev_user_1_db",
        method: 'GET'
    },{
-        status: 400
+        status: 500
    });
 };

@ -80,7 +80,7 @@ tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only. oAuth not used,
        url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4&database=cartodb_dev_user_1_db",
        method: 'GET'
    },{
-        status: 400
+        status: 500
    });
 };

@ -90,7 +90,7 @@ tests['GET /api/v1/sql with SQL parameter on INSERT only. header based db - shou
        headers: {host: 'vizzuality.cartodb.com'},
        method: 'GET'
    },{
-        status: 400
+        status: 500
    });
 };

@ -100,7 +100,7 @@ tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only.header based db
        headers: {host: 'vizzuality.cartodb.com'},
        method: 'GET'
    },{
-        status: 400
+        status: 500
    });
 };

@ -143,6 +143,16 @@ tests['GET /api/v1/sql as geojson limiting decimal places'] = function(){
    });
 };

+tests['GET system tables'] = function(){
+    assert.response(app, {
+        url: '/api/v1/sql?q=SELECT%20*%20FROM%20pg_attribute',
+        headers: {host: 'vizzuality.cartodb.com'},
+        method: 'GET'
+    },{
+        status: 403
+    });
+};
+
 // use dec_sep for internationalization
 function checkDecimals(x, dec_sep){
    tmp='' + x;