From 898d3c14fd6ecc98f62e01ea90b106f018943eb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?= Date: Tue, 11 Aug 2015 13:56:03 +0200 Subject: [PATCH] test_group_management_functions_cant_be_used_by_normal_members and warning -> error processing --- test/organization/test.sh | 66 ++++++++++++++++++++++++++++++++++----- 1 file changed, 59 insertions(+), 7 deletions(-) diff --git a/test/organization/test.sh b/test/organization/test.sh index e439783..c3ca449 100644 --- a/test/organization/test.sh +++ b/test/organization/test.sh @@ -28,6 +28,7 @@ function clear_partial_result() { function sql() { local ROLE local QUERY + ERROR_OUTPUT_FILE='/tmp/test_error.log' if [[ $# -ge 2 ]] then ROLE="$1" @@ -38,15 +39,41 @@ function sql() { if [ -n "${ROLE}" ]; then log_debug "Executing query '${QUERY}' as ${ROLE}" - RESULT=`${CMD} -U "${ROLE}" ${DATABASE} -c "${QUERY}" -A -t` + RESULT=`${CMD} -U "${ROLE}" ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"` else log_debug "Executing query '${QUERY}'" - RESULT=`${CMD} ${DATABASE} -c "${QUERY}" -A -t` + RESULT=`${CMD} ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"` fi CODERESULT=$? + ERROR_OUTPUT=`cat "${ERROR_OUTPUT_FILE}"` + rm ${ERROR_OUTPUT_FILE} + echo -n "- Code Result: " + echo ${CODERESULT} + echo -n "- Result: " echo ${RESULT} - echo + echo -n "- Error output: " + echo ${ERROR_OUTPUT} + + # Some warnings should actually be failures + if [[ ${CODERESULT} == "0" ]] + then + case "${ERROR_OUTPUT}" in + WARNING:*no*privileges*were*granted*for*) + echo -n "FAILED BECAUSE OF PRIVILEGES GRANTING WARNING" + CODERESULT=1 + ;; + WARNING:*no*privileges*could*be*revoked*for*) + echo -n "FAILED BECAUSE OF PRIVILEGES REVOKING WARNING" + CODERESULT=1 + ;; + *) echo "All ok" ;; + esac + fi + + echo "- New code result: " + echo ${CODERESULT} + echo "-------------" if [[ ${CODERESULT} -ne 0 ]] then @@ -142,8 +169,8 @@ function setup() { log_info "############################# SETUP #############################" create_role_and_schema cdb_testmember_1 create_role_and_schema cdb_testmember_2 - sql "CREATE ROLE publicuser LOGIN;" - sql "GRANT CONNECT ON DATABASE \"${DATABASE}\" TO publicuser;" + #publicuser# sql "CREATE ROLE publicuser LOGIN;" + #publicuser# sql "GRANT CONNECT ON DATABASE \"${DATABASE}\" TO publicuser;" create_table cdb_testmember_1 foo sql cdb_testmember_1 'INSERT INTO cdb_testmember_1.foo VALUES (1), (2), (3), (4), (5);' @@ -157,6 +184,8 @@ function setup() { sql "SELECT cartodb.CDB_Group_RenameGroup('group_a_tmp', 'group_a')" sql "SELECT cartodb.CDB_Group_AddMember('group_a', 'cdb_testmember_1')" + + sql "SELECT cartodb.CDB_Group_CreateGroup('group_b')" } @@ -168,6 +197,8 @@ function tear_down() { sql cdb_testmember_1 'DROP TABLE cdb_testmember_1.foo;' sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.bar;' + sql "select cartodb.CDB_Group_DropGroup('group_b')" + sql "SELECT cartodb.CDB_Group_RemoveMember('group_a', 'cdb_testmember_1')" sql "select cartodb.CDB_Group_DropGroup('group_a')" @@ -180,11 +211,11 @@ function tear_down() { sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_1;" sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_2;" - sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM publicuser;" + #publicuser# sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM publicuser;" sql 'DROP ROLE cdb_testmember_1;' sql 'DROP ROLE cdb_testmember_2;' - sql 'DROP ROLE publicuser;' + #publicuser# sql 'DROP ROLE publicuser;' ${CMD} -c "DROP DATABASE ${DATABASE}" } @@ -433,6 +464,27 @@ function test_CDB_Group_Table_GrantReadWrite_should_grant_insert_and_RevokeAll_s sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;' } +function test_group_management_functions_cant_be_used_by_normal_members() { + sql cdb_testmember_1 "SELECT cartodb.CDB_Group_CreateGroup('group_x_1');" fails + sql cdb_testmember_1 "SELECT cartodb.CDB_Group_RenameGroup('group_a', 'group_x_2');" fails + sql cdb_testmember_1 "SELECT cartodb.CDB_Group_DropGroup('group_a');" fails + sql cdb_testmember_1 "SELECT cartodb.CDB_Group_AddMember('group_a', 'cdb_testmember_2');" fails + sql cdb_testmember_1 "SELECT cartodb.CDB_Group_RemoveMember('group_a', 'cdb_testmember_1');" fails + + create_table cdb_testmember_2 shared_with_group + + sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails + sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group');" fails + + # Checks that you can't grant even if your group has RW permissions + sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group')" + sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails + sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_b', 'cdb_testmember_2', 'shared_with_group');" fails + sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_RevokeAll('group_b', 'cdb_testmember_2', 'shared_with_group');" fails + + sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;' +} + #################################################### TESTS END HERE ####################################################