From 8ebdd0474cd26398ced61b000b6a93749086c984 Mon Sep 17 00:00:00 2001
From: Simon Tokumine <simon@japancentre.com>
Date: Mon, 21 Nov 2011 23:06:38 +0000
Subject: [PATCH] Add test for system tables

---
 app/controllers/app.js      |  2 +-
 app/models/psql.js          |  3 +++
 test/acceptance/app.test.js | 20 +++++++++++++++-----
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/app/controllers/app.js b/app/controllers/app.js
index 51bc1de1..65854454 100755
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@@ -159,7 +159,7 @@ function handleException(err, res){
         console.log(err.stack);
     }
 
-    res.send(msg, 400);
+    res.send(msg, 500);
 }
 
 module.exports = app;
diff --git a/app/models/psql.js b/app/models/psql.js
index da910231..a55cd80e 100644
--- a/app/models/psql.js
+++ b/app/models/psql.js
@@ -86,6 +86,9 @@ var PSQL = function(user_id, db, limit, offset){
     }
   };
 
+  // throw exception if system table detected
+  
+
   return me;
 };
 
diff --git a/test/acceptance/app.test.js b/test/acceptance/app.test.js
index 5ae2a934..670de11a 100644
--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@@ -28,7 +28,7 @@ tests['GET /api/v1/sql'] = function(){
         method: 'GET'
     },{
         body: '{"error":["You must indicate a sql query"]}',
-        status: 400
+        status: 500
     });
 };
 
@@ -71,7 +71,7 @@ tests['GET /api/v1/sql with SQL parameter on INSERT only. oAuth not used, so pub
         url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)&database=cartodb_dev_user_1_db",
         method: 'GET'
     },{
-        status: 400
+        status: 500
     });
 };
 
@@ -80,7 +80,7 @@ tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only. oAuth not used,
         url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4&database=cartodb_dev_user_1_db",
         method: 'GET'
     },{
-        status: 400
+        status: 500
     });
 };
 
@@ -90,7 +90,7 @@ tests['GET /api/v1/sql with SQL parameter on INSERT only. header based db - shou
         headers: {host: 'vizzuality.cartodb.com'},
         method: 'GET'
     },{
-        status: 400
+        status: 500
     });
 };
 
@@ -100,7 +100,7 @@ tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only.header based db
         headers: {host: 'vizzuality.cartodb.com'},
         method: 'GET'
     },{
-        status: 400
+        status: 500
     });
 };
 
@@ -143,6 +143,16 @@ tests['GET /api/v1/sql as geojson limiting decimal places'] = function(){
     });
 };
 
+tests['GET system tables'] = function(){
+    assert.response(app, {
+        url: '/api/v1/sql?q=SELECT%20*%20FROM%20pg_attribute',
+        headers: {host: 'vizzuality.cartodb.com'},
+        method: 'GET'
+    },{
+        status: 403
+    });
+};
+
 // use dec_sep for internationalization
 function checkDecimals(x, dec_sep){
     tmp='' + x;