2014-06-16 22:10:53 +08:00
#!/bin/sh
2014-06-18 17:49:56 +08:00
#
# It is expected that you run this script
# as a PostgreSQL superuser, for example:
#
# PGUSER=postgres bash ./test.sh
#
2014-06-16 23:13:13 +08:00
DATABASE = test_organizations
2014-06-16 22:10:53 +08:00
CMD = 'echo psql'
CMD = psql
OK = 0
2014-06-25 18:37:09 +08:00
PARTIALOK = 0
function set_failed( ) {
OK = 1
PARTIALOK = 1
}
function clear_partial_result( ) {
PARTIALOK = 0
}
2014-06-16 22:10:53 +08:00
function sql( ) {
local ROLE
local QUERY
2015-08-11 19:56:03 +08:00
ERROR_OUTPUT_FILE = '/tmp/test_error.log'
2014-06-16 22:10:53 +08:00
if [ [ $# -ge 2 ] ]
then
ROLE = " $1 "
QUERY = " $2 "
else
QUERY = " $1 "
fi
2014-06-18 17:49:56 +08:00
if [ -n " ${ ROLE } " ] ; then
2015-08-11 20:08:55 +08:00
log_debug " Executing query ' ${ QUERY } ' as ${ ROLE } "
RESULT = ` ${ CMD } -U " ${ ROLE } " ${ DATABASE } -c " ${ QUERY } " -A -t 2>" ${ ERROR_OUTPUT_FILE } " `
2014-06-18 17:49:56 +08:00
else
2015-08-11 20:08:55 +08:00
log_debug " Executing query ' ${ QUERY } ' "
RESULT = ` ${ CMD } ${ DATABASE } -c " ${ QUERY } " -A -t 2>" ${ ERROR_OUTPUT_FILE } " `
2014-06-18 17:49:56 +08:00
fi
2014-06-16 22:10:53 +08:00
CODERESULT = $?
2015-08-11 19:56:03 +08:00
ERROR_OUTPUT = ` cat " ${ ERROR_OUTPUT_FILE } " `
rm ${ ERROR_OUTPUT_FILE }
2014-06-16 22:10:53 +08:00
2015-08-11 20:20:38 +08:00
echo -n "> Code Result: "
echo -n ${ CODERESULT }
echo -n "; Result: "
echo -n ${ RESULT }
echo -n "; Error output: "
echo -n ${ ERROR_OUTPUT }
2015-08-11 19:56:03 +08:00
# Some warnings should actually be failures
if [ [ ${ CODERESULT } = = "0" ] ]
then
2015-08-11 20:08:55 +08:00
case " ${ ERROR_OUTPUT } " in
WARNING:*no*privileges*were*granted*for*)
echo -n "FAILED BECAUSE OF PRIVILEGES GRANTING WARNING"
CODERESULT = 1
; ;
WARNING:*no*privileges*could*be*revoked*for*)
echo -n "FAILED BECAUSE OF PRIVILEGES REVOKING WARNING"
CODERESULT = 1
; ;
2015-08-11 20:20:38 +08:00
*) ; ;
2015-08-11 20:08:55 +08:00
esac
2015-08-11 20:49:12 +08:00
echo -n "; Code result after warnings: "
echo -n ${ CODERESULT }
2015-08-11 19:56:03 +08:00
fi
2015-08-11 20:49:12 +08:00
echo
2014-06-16 22:10:53 +08:00
if [ [ ${ CODERESULT } -ne 0 ] ]
then
2014-06-25 18:43:46 +08:00
echo -n "FAILED TO EXECUTE QUERY: "
log_warning " ${ QUERY } "
2014-06-16 22:10:53 +08:00
if [ [ " $3 " != "fails" ] ]
then
2014-06-20 00:44:00 +08:00
log_error " ${ QUERY } "
2014-06-25 18:37:09 +08:00
set_failed
2014-06-16 22:10:53 +08:00
fi
else
if [ [ " $3 " = = "fails" ] ]
then
2014-06-20 00:44:00 +08:00
log_error " QUERY: ' ${ QUERY } ' was expected to fail and it did not fail "
2014-06-25 18:37:09 +08:00
set_failed
2014-06-16 22:10:53 +08:00
fi
fi
if [ [ " $3 " = = "should" ] ]
then
if [ [ " ${ RESULT } " != " $4 " ] ]
then
log_error " QUERY ' ${ QUERY } ' expected result ' ${ 4 } ' but got ' ${ RESULT } ' "
2014-06-25 18:37:09 +08:00
set_failed
2014-06-16 22:10:53 +08:00
fi
fi
}
function log_info( )
{
echo
echo
echo
_log "1;34m" " $1 "
}
function log_error( ) {
_log "1;31m" " $1 "
}
function log_debug( ) {
_log "1;32m" " > $1 "
}
2014-06-25 18:43:46 +08:00
function log_warning( ) {
_log "0;33m" " $1 "
}
2014-06-16 22:10:53 +08:00
function _log( ) {
2014-06-16 23:13:13 +08:00
echo -e " \033[ $1 $2 \033[0m "
2014-06-16 22:10:53 +08:00
}
# '############################ HELPERS #############################'
function create_role_and_schema( ) {
local ROLE = $1
sql " CREATE ROLE ${ ROLE } LOGIN; "
sql " GRANT CONNECT ON DATABASE \" ${ DATABASE } \" TO ${ ROLE } ; "
sql " CREATE SCHEMA ${ ROLE } AUTHORIZATION ${ ROLE } ; "
2014-06-25 01:56:17 +08:00
sql " SELECT cartodb.CDB_Organization_Create_Member(' ${ ROLE } ') "
2014-06-16 22:10:53 +08:00
}
2014-06-25 01:56:17 +08:00
function drop_role_and_schema( ) {
local ROLE = $1
sql " DROP SCHEMA \" ${ ROLE } \"; "
sql " REVOKE CONNECT ON DATABASE \" ${ DATABASE } \" FROM \" ${ ROLE } \"; "
sql " DROP ROLE \" ${ ROLE } \"; "
}
2014-06-16 22:10:53 +08:00
function create_table( ) {
if [ [ $# -ne 2 ] ]
then
log_error "create_table requires two arguments: role and table_name"
exit 1
fi
local ROLE = " $1 "
local TABLENAME = " $2 "
sql ${ ROLE } " CREATE TABLE ${ ROLE } . ${ TABLENAME } ( a int ); "
}
function setup( ) {
2014-06-18 17:49:56 +08:00
${ CMD } -c " CREATE DATABASE ${ DATABASE } "
sql "CREATE SCHEMA cartodb;"
2014-06-16 23:13:13 +08:00
sql "GRANT USAGE ON SCHEMA cartodb TO public;"
2014-06-16 22:10:53 +08:00
log_info "########################### BOOTSTRAP ###########################"
2014-06-18 17:49:56 +08:00
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_Organizations.sql
2015-08-10 17:07:41 +08:00
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_Groups.sql
2014-06-16 22:10:53 +08:00
log_info "############################# SETUP #############################"
2015-08-12 01:54:27 +08:00
create_role_and_schema cdb_org_admin
sql "SELECT cartodb.CDB_Organization_AddAdmin('cdb_org_admin');"
2014-06-18 17:57:12 +08:00
create_role_and_schema cdb_testmember_1
create_role_and_schema cdb_testmember_2
2015-08-12 02:01:05 +08:00
sql "CREATE ROLE publicuser LOGIN;"
sql " GRANT CONNECT ON DATABASE \" ${ DATABASE } \" TO publicuser; "
2014-06-16 22:10:53 +08:00
2014-06-18 17:57:12 +08:00
create_table cdb_testmember_1 foo
sql cdb_testmember_1 'INSERT INTO cdb_testmember_1.foo VALUES (1), (2), (3), (4), (5);'
sql cdb_testmember_1 'SELECT * FROM cdb_testmember_1.foo;'
2014-06-16 22:10:53 +08:00
2014-06-18 17:57:12 +08:00
create_table cdb_testmember_2 bar
sql cdb_testmember_2 'INSERT INTO bar VALUES (1), (2), (3), (4), (5);'
sql cdb_testmember_2 'SELECT * FROM cdb_testmember_2.bar;'
2015-08-10 17:07:41 +08:00
2015-08-10 19:40:59 +08:00
sql "SELECT cartodb.CDB_Group_CreateGroup('group_a_tmp')"
sql "SELECT cartodb.CDB_Group_RenameGroup('group_a_tmp', 'group_a')"
sql "SELECT cartodb.CDB_Group_AddMember('group_a', 'cdb_testmember_1')"
2015-08-11 19:56:03 +08:00
sql "SELECT cartodb.CDB_Group_CreateGroup('group_b')"
2014-06-16 22:10:53 +08:00
}
2015-08-10 17:07:41 +08:00
2014-06-16 22:10:53 +08:00
function tear_down( ) {
log_info "########################### USER TEAR DOWN ###########################"
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Remove_Access_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2');"
sql cdb_testmember_2 "SELECT * FROM cartodb.CDB_Organization_Remove_Access_Permission('cdb_testmember_2', 'bar', 'cdb_testmember_1');"
2014-06-16 22:10:53 +08:00
2014-06-18 17:57:12 +08:00
sql cdb_testmember_1 'DROP TABLE cdb_testmember_1.foo;'
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.bar;'
2014-06-16 22:10:53 +08:00
2015-08-11 19:56:03 +08:00
sql "select cartodb.CDB_Group_DropGroup('group_b')"
2015-08-10 19:40:59 +08:00
sql "SELECT cartodb.CDB_Group_RemoveMember('group_a', 'cdb_testmember_1')"
sql "select cartodb.CDB_Group_DropGroup('group_a')"
2015-08-12 01:54:27 +08:00
sql "SELECT cartodb.CDB_Organization_RemoveAdmin('cdb_org_admin');"
2014-06-16 23:13:13 +08:00
2015-08-12 02:11:54 +08:00
sql "DROP SCHEMA cartodb CASCADE"
2014-06-16 22:10:53 +08:00
log_info "########################### TEAR DOWN ###########################"
2014-06-18 17:57:12 +08:00
sql 'DROP SCHEMA cdb_testmember_1;'
sql 'DROP SCHEMA cdb_testmember_2;'
2015-08-12 01:54:27 +08:00
sql 'DROP SCHEMA cdb_org_admin;'
2014-06-20 00:44:00 +08:00
sql " REVOKE CONNECT ON DATABASE \" ${ DATABASE } \" FROM cdb_testmember_1; "
2014-06-18 17:57:12 +08:00
sql " REVOKE CONNECT ON DATABASE \" ${ DATABASE } \" FROM cdb_testmember_2; "
2015-08-12 02:01:05 +08:00
sql " REVOKE CONNECT ON DATABASE \" ${ DATABASE } \" FROM publicuser; "
2015-08-12 01:54:27 +08:00
sql " REVOKE CONNECT ON DATABASE \" ${ DATABASE } \" FROM cdb_org_admin; "
2014-06-20 00:44:00 +08:00
sql 'DROP ROLE cdb_testmember_1;'
2014-06-18 17:57:12 +08:00
sql 'DROP ROLE cdb_testmember_2;'
2015-08-12 02:01:05 +08:00
sql 'DROP ROLE publicuser;'
2015-08-12 01:54:27 +08:00
sql 'DROP ROLE cdb_org_admin;'
2014-06-18 17:49:56 +08:00
${ CMD } -c " DROP DATABASE ${ DATABASE } "
2014-06-16 22:10:53 +08:00
}
function run_tests( ) {
2014-06-25 18:37:09 +08:00
local FAILED_TESTS = ( )
2014-06-16 22:10:53 +08:00
local TESTS
if [ [ $# -ge 1 ] ]
then
TESTS = " $@ "
else
TESTS = ` cat $0 | perl -n -e'/function (test.*)\(\)/ && print "$1\n"' `
fi
for t in ${ TESTS }
do
echo "####################################################################"
echo "#"
echo " # Running: ${ t } "
echo "#"
echo "####################################################################"
2014-06-25 18:37:09 +08:00
clear_partial_result
2014-06-16 22:10:53 +08:00
setup
2015-08-11 20:49:12 +08:00
log_info "############################# TESTS #############################"
2014-06-16 22:10:53 +08:00
eval ${ t }
2014-06-25 18:37:09 +08:00
if [ [ ${ PARTIALOK } -ne 0 ] ]
then
FAILED_TESTS += ( ${ t } )
fi
2014-06-16 22:10:53 +08:00
tear_down
done
2014-06-25 18:37:09 +08:00
if [ [ ${ OK } -ne 0 ] ]
then
echo
log_error "The following tests are failing:"
printf -- '\t%s\n' " ${ FAILED_TESTS [@] } "
fi
2014-06-16 22:10:53 +08:00
}
#################################################### TESTS GO HERE ####################################################
function test_member_2_cannot_read_without_permission( ) {
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' fails
2014-06-16 22:10:53 +08:00
}
2014-06-20 00:44:00 +08:00
function test_member_1_cannot_grant_read_permission_to_other_schema_than_its_one( ) {
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_2', 'foo', 'cdb_testmember_2')" fails
}
2014-06-16 22:10:53 +08:00
function test_member_1_grants_read_permission_and_member_2_can_read( ) {
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.bar;' fails
2014-06-16 22:10:53 +08:00
}
function test_member_2_cannot_add_table_to_member_1_schema_after_table_permission_added( ) {
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 "CREATE TABLE cdb_testmember_1.bar ( a int );" fails
2014-06-16 22:10:53 +08:00
}
function test_grant_read_permission_between_two_members( ) {
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
sql cdb_testmember_2 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_2', 'bar', 'cdb_testmember_1')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.bar;' should 5
2014-06-16 22:10:53 +08:00
}
function test_member_2_cannot_write_to_member_1_table( ) {
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'INSERT INTO cdb_testmember_1.foo VALUES (5), (6), (7), (8), (9);' fails
2014-06-16 22:10:53 +08:00
}
2014-06-20 00:44:00 +08:00
function test_member_1_cannot_grant_read_write_permission_to_other_schema_than_its_one( ) {
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Write_Permission('cdb_testmember_2', 'foo', 'cdb_testmember_2')" fails
}
2014-06-16 22:10:53 +08:00
function test_member_2_can_write_to_member_1_table_after_write_permission_is_added( ) {
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Write_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'INSERT INTO cdb_testmember_1.foo VALUES (5), (6), (7), (8), (9);'
sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_1.foo;' should 10
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 10
2014-06-26 21:50:56 +08:00
sql cdb_testmember_2 'DELETE FROM cdb_testmember_1.foo where a = 9;'
sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_1.foo;' should 9
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 9
2014-06-16 22:10:53 +08:00
}
function test_member_1_removes_access_and_member_2_can_no_longer_query_the_table( ) {
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Remove_Access_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'SELECT * FROM cdb_testmember_1.foo;' fails
2014-06-16 22:10:53 +08:00
}
function test_member_1_removes_access_and_member_2_can_no_longer_write_to_the_table( ) {
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Write_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'INSERT INTO cdb_testmember_1.foo VALUES (5), (6), (7), (8), (9);'
2014-06-20 00:44:00 +08:00
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Remove_Access_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
2014-06-18 17:57:12 +08:00
sql cdb_testmember_2 'INSERT INTO cdb_testmember_1.foo VALUES (5), (6), (7), (8), (9);' fails
2014-06-16 22:10:53 +08:00
}
2014-06-20 00:44:00 +08:00
function test_giving_permissions_to_two_tables_and_removing_from_first_table_should_not_remove_from_second( ) {
#### test setup
# create an extra table for cdb_testmember_1
create_table cdb_testmember_1 foo_2
sql cdb_testmember_1 'INSERT INTO cdb_testmember_1.foo_2 VALUES (1), (2), (3), (4), (5);'
sql cdb_testmember_1 'SELECT * FROM cdb_testmember_1.foo_2;'
# gives read permission to both tables
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_1', 'foo_2', 'cdb_testmember_2')"
# cdb_testmember_2 has access to both tables
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo_2;' should 5
# cdb_testmember_1 removes access to foo table
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Remove_Access_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
# cdb_testmember_2 should have access to foo_2 table but not to table foo
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' fails
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo_2;' should 5
#### test tear down
sql cdb_testmember_1 'DROP TABLE cdb_testmember_1.foo_2;'
}
2014-06-25 01:56:17 +08:00
function test_cdb_org_member_role_allows_reading_to_all_users_without_explicit_permission( ) {
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' fails
sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Add_Table_Organization_Read_Permission('cdb_testmember_1', 'foo');"
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
}
function test_user_can_read_when_it_has_permission_after_organization_permission_is_removed( ) {
create_role_and_schema cdb_testmember_3
# shares with cdb_testmember_2 and can read but cdb_testmember_3 cannot
sql cdb_testmember_1 "SELECT * FROM cartodb.CDB_Organization_Add_Table_Read_Permission('cdb_testmember_1', 'foo', 'cdb_testmember_2')"
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
sql cdb_testmember_3 'SELECT count(*) FROM cdb_testmember_1.foo;' fails
# granting to organization allows to read to both: cdb_testmember_2 and cdb_testmember_3
sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Add_Table_Organization_Read_Permission('cdb_testmember_1', 'foo');"
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
sql cdb_testmember_3 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
# removing access from organization should keep permission on cdb_testmember_2 but drop it to cdb_testmember_3
sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Remove_Organization_Access_Permission('cdb_testmember_1', 'foo');"
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_1.foo;' should 5
sql cdb_testmember_3 'SELECT count(*) FROM cdb_testmember_1.foo;' fails
drop_role_and_schema cdb_testmember_3
}
2014-08-02 00:06:06 +08:00
function test_cdb_querytables_returns_schema_and_table_name( ) {
sql "CREATE EXTENSION plpythonu;"
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_QueryStatements.sql
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_QueryTables.sql
sql cdb_testmember_1 "select * from CDB_QueryTables('select * from foo');" should "{cdb_testmember_1.foo}"
}
function test_cdb_querytables_returns_schema_and_table_name_for_several_schemas( ) {
sql "CREATE EXTENSION plpythonu;"
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_QueryStatements.sql
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_QueryTables.sql
sql postgres "select * from CDB_QueryTables('select * from cdb_testmember_1.foo, cdb_testmember_2.bar');" should "{cdb_testmember_1.foo,cdb_testmember_2.bar}"
}
function test_cdb_querytables_does_not_return_functions_as_part_of_the_resultset( ) {
sql "CREATE EXTENSION plpythonu;"
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_QueryStatements.sql
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_QueryTables.sql
sql postgres "select * from CDB_QueryTables('select * from cdb_testmember_1.foo, cdb_testmember_2.bar, plainto_tsquery(''foo'')');" should "{cdb_testmember_1.foo,cdb_testmember_2.bar}"
}
2015-07-27 16:51:20 +08:00
function test_cdb_usertables_should_work_with_orgusers( ) {
2015-08-14 00:53:41 +08:00
# This test validates the changes proposed in https://github.com/CartoDB/cartodb/pull/5021
2015-08-12 16:10:21 +08:00
# create tables
2015-07-27 16:51:20 +08:00
sql cdb_testmember_1 "CREATE TABLE test_perms_pub (a int)"
2015-08-12 16:10:21 +08:00
sql cdb_testmember_1 "INSERT INTO test_perms_pub (a) values (1);"
2015-07-27 16:51:20 +08:00
sql cdb_testmember_1 "GRANT SELECT ON TABLE test_perms_pub TO publicuser"
2015-08-12 16:10:21 +08:00
sql cdb_testmember_1 "CREATE TABLE test_perms_priv (a int)"
# this is what we need to make public tables available in CDB_UserTables
sql postgres "grant publicuser to cdb_testmember_1;"
sql postgres "grant publicuser to cdb_testmember_2;"
# this is required to enable select from other schema
2015-08-14 00:53:41 +08:00
sql postgres "GRANT USAGE ON SCHEMA cdb_testmember_1 TO publicuser" ;
2015-08-12 16:10:21 +08:00
# test CDB_UserTables with publicuser
${ CMD } -d ${ DATABASE } -f scripts-available/CDB_UserTables.sql
2015-07-27 16:51:20 +08:00
sql publicuser "SELECT count(*) FROM CDB_UserTables('all')" should 1
sql publicuser "SELECT count(*) FROM CDB_UserTables('public')" should 1
sql publicuser "SELECT count(*) FROM CDB_UserTables('private')" should 0
2015-08-12 16:10:21 +08:00
sql publicuser "SELECT * FROM CDB_UserTables('all')" should "test_perms_pub"
sql publicuser "SELECT * FROM CDB_UserTables('public')" should "test_perms_pub"
sql publicuser "SELECT * FROM CDB_UserTables('private')" should ""
2015-07-27 16:51:20 +08:00
# the following tests are for https://github.com/CartoDB/cartodb-postgresql/issues/98
2015-08-12 16:10:21 +08:00
# cdb_testmember_2 is already owner of `bar` table
sql cdb_testmember_2 "select string_agg(t,',') from (select cdb_usertables('all') t order by t) as s" should "bar,test_perms_pub"
sql cdb_testmember_2 "SELECT * FROM CDB_UserTables('public')" should "test_perms_pub"
sql cdb_testmember_2 "SELECT * FROM CDB_UserTables('private')" should "bar"
# test cdb_testmember_2 can select from cdb_testmember_1's public table
sql cdb_testmember_2 "SELECT * FROM cdb_testmember_1.test_perms_pub" should 1
2015-07-27 16:54:43 +08:00
sql cdb_testmember_1 "DROP TABLE test_perms_pub"
sql cdb_testmember_1 "DROP TABLE test_perms_priv"
2015-07-27 16:51:20 +08:00
}
2015-08-10 19:53:57 +08:00
function test_CDB_Group_Table_GrantRead_should_grant_select_and_RevokeAll_should_remove_it( ) {
2015-08-11 20:08:55 +08:00
create_table cdb_testmember_2 shared_with_group
2015-08-10 19:40:59 +08:00
2015-08-11 20:08:55 +08:00
sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' fails
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;'
sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group')"
sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;'
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;'
sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_RevokeAll('group_a', 'cdb_testmember_2', 'shared_with_group')"
sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' fails
sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;'
2015-08-10 19:40:59 +08:00
2015-08-11 20:08:55 +08:00
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;'
2015-08-10 19:40:59 +08:00
}
2015-08-10 19:53:57 +08:00
function test_CDB_Group_Table_GrantReadWrite_should_grant_insert_and_RevokeAll_should_remove_it( ) {
2015-08-11 20:08:55 +08:00
create_table cdb_testmember_2 shared_with_group
sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' fails
sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)'
sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group')"
sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)'
sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)'
sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_RevokeAll('group_a', 'cdb_testmember_2', 'shared_with_group')"
sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' fails
sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)'
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;'
2015-08-10 19:53:57 +08:00
}
2015-08-11 19:56:03 +08:00
function test_group_management_functions_cant_be_used_by_normal_members( ) {
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_CreateGroup('group_x_1');" fails
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_RenameGroup('group_a', 'group_x_2');" fails
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_DropGroup('group_a');" fails
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_AddMember('group_a', 'cdb_testmember_2');" fails
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_RemoveMember('group_a', 'cdb_testmember_1');" fails
2015-08-12 01:54:27 +08:00
}
2015-08-11 19:56:03 +08:00
2015-08-12 01:54:27 +08:00
function test_group_permission_functions_cant_be_used_by_normal_members( ) {
2015-08-11 19:56:03 +08:00
create_table cdb_testmember_2 shared_with_group
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
# Checks that you can't grant even if your group has RW permissions
sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group')"
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_b', 'cdb_testmember_2', 'shared_with_group');" fails
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_RevokeAll('group_b', 'cdb_testmember_2', 'shared_with_group');" fails
2015-08-12 01:54:27 +08:00
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;'
}
function test_group_management_functions_can_be_used_by_org_admin( ) {
sql cdb_org_admin "SELECT cartodb.CDB_Group_CreateGroup('group_x_tmp');"
sql cdb_org_admin "SELECT cartodb.CDB_Group_RenameGroup('group_x_tmp', 'group_x');"
sql cdb_org_admin "SELECT cartodb.CDB_Group_AddMember('group_x', 'cdb_testmember_1');"
sql cdb_org_admin "SELECT cartodb.CDB_Group_RemoveMember('group_x', 'cdb_testmember_1');"
# TODO: workaround superadmin limitation
sql "SELECT cartodb.CDB_Group_DropGroup('group_x');"
}
function test_org_admin_cant_grant_permissions_on_tables_he_does_not_own( ) {
create_table cdb_testmember_2 shared_with_group
sql cdb_org_admin "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
sql cdb_org_admin "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
# Checks that you can't grant even if your group has RW permissions
sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group')"
sql cdb_org_admin "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
sql cdb_org_admin "select cartoDB.CDB_Group_Table_GrantReadWrite('group_b', 'cdb_testmember_2', 'shared_with_group');" fails
sql cdb_org_admin "select cartoDB.CDB_Group_Table_RevokeAll('group_b', 'cdb_testmember_2', 'shared_with_group');" fails
2015-08-11 19:56:03 +08:00
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;'
}
2015-08-11 20:49:12 +08:00
function test_valid_group_names( ) {
sql " select cartodb._CDB_Group_GroupRole('group_1 $_a '); "
sql " select cartodb._CDB_Group_GroupRole('GROUP_1 $_A '); "
sql " select cartodb._CDB_Group_GroupRole('_group_1 $_a '); "
}
function test_not_valid_group_names( ) {
sql postgres " select cartodb._CDB_Group_GroupRole('1 $_a '); " fails
sql postgres " select cartodb._CDB_Group_GroupRole(' group_1 $_a '); " fails
sql postgres " select cartodb._CDB_Group_GroupRole('group_1 $_a '); " fails
sql postgres " select cartodb._CDB_Group_GroupRole(' group_1 $_a '); " fails
sql postgres " select cartodb._CDB_Group_GroupRole('group _1 $_a '); " fails
sql postgres "select cartodb._CDB_Group_GroupRole('groupña');" fails
}
2014-06-16 22:10:53 +08:00
#################################################### TESTS END HERE ####################################################
run_tests $@
2014-06-18 17:49:56 +08:00
exit ${ OK }