test_group_management_functions_cant_be_used_by_normal_members and warning -> error processing
This commit is contained in:
parent
154f6df1dc
commit
898d3c14fd
@ -28,6 +28,7 @@ function clear_partial_result() {
|
|||||||
function sql() {
|
function sql() {
|
||||||
local ROLE
|
local ROLE
|
||||||
local QUERY
|
local QUERY
|
||||||
|
ERROR_OUTPUT_FILE='/tmp/test_error.log'
|
||||||
if [[ $# -ge 2 ]]
|
if [[ $# -ge 2 ]]
|
||||||
then
|
then
|
||||||
ROLE="$1"
|
ROLE="$1"
|
||||||
@ -38,15 +39,41 @@ function sql() {
|
|||||||
|
|
||||||
if [ -n "${ROLE}" ]; then
|
if [ -n "${ROLE}" ]; then
|
||||||
log_debug "Executing query '${QUERY}' as ${ROLE}"
|
log_debug "Executing query '${QUERY}' as ${ROLE}"
|
||||||
RESULT=`${CMD} -U "${ROLE}" ${DATABASE} -c "${QUERY}" -A -t`
|
RESULT=`${CMD} -U "${ROLE}" ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"`
|
||||||
else
|
else
|
||||||
log_debug "Executing query '${QUERY}'"
|
log_debug "Executing query '${QUERY}'"
|
||||||
RESULT=`${CMD} ${DATABASE} -c "${QUERY}" -A -t`
|
RESULT=`${CMD} ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"`
|
||||||
fi
|
fi
|
||||||
CODERESULT=$?
|
CODERESULT=$?
|
||||||
|
ERROR_OUTPUT=`cat "${ERROR_OUTPUT_FILE}"`
|
||||||
|
rm ${ERROR_OUTPUT_FILE}
|
||||||
|
|
||||||
|
echo -n "- Code Result: "
|
||||||
|
echo ${CODERESULT}
|
||||||
|
echo -n "- Result: "
|
||||||
echo ${RESULT}
|
echo ${RESULT}
|
||||||
echo
|
echo -n "- Error output: "
|
||||||
|
echo ${ERROR_OUTPUT}
|
||||||
|
|
||||||
|
# Some warnings should actually be failures
|
||||||
|
if [[ ${CODERESULT} == "0" ]]
|
||||||
|
then
|
||||||
|
case "${ERROR_OUTPUT}" in
|
||||||
|
WARNING:*no*privileges*were*granted*for*)
|
||||||
|
echo -n "FAILED BECAUSE OF PRIVILEGES GRANTING WARNING"
|
||||||
|
CODERESULT=1
|
||||||
|
;;
|
||||||
|
WARNING:*no*privileges*could*be*revoked*for*)
|
||||||
|
echo -n "FAILED BECAUSE OF PRIVILEGES REVOKING WARNING"
|
||||||
|
CODERESULT=1
|
||||||
|
;;
|
||||||
|
*) echo "All ok" ;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "- New code result: "
|
||||||
|
echo ${CODERESULT}
|
||||||
|
echo "-------------"
|
||||||
|
|
||||||
if [[ ${CODERESULT} -ne 0 ]]
|
if [[ ${CODERESULT} -ne 0 ]]
|
||||||
then
|
then
|
||||||
@ -142,8 +169,8 @@ function setup() {
|
|||||||
log_info "############################# SETUP #############################"
|
log_info "############################# SETUP #############################"
|
||||||
create_role_and_schema cdb_testmember_1
|
create_role_and_schema cdb_testmember_1
|
||||||
create_role_and_schema cdb_testmember_2
|
create_role_and_schema cdb_testmember_2
|
||||||
sql "CREATE ROLE publicuser LOGIN;"
|
#publicuser# sql "CREATE ROLE publicuser LOGIN;"
|
||||||
sql "GRANT CONNECT ON DATABASE \"${DATABASE}\" TO publicuser;"
|
#publicuser# sql "GRANT CONNECT ON DATABASE \"${DATABASE}\" TO publicuser;"
|
||||||
|
|
||||||
create_table cdb_testmember_1 foo
|
create_table cdb_testmember_1 foo
|
||||||
sql cdb_testmember_1 'INSERT INTO cdb_testmember_1.foo VALUES (1), (2), (3), (4), (5);'
|
sql cdb_testmember_1 'INSERT INTO cdb_testmember_1.foo VALUES (1), (2), (3), (4), (5);'
|
||||||
@ -157,6 +184,8 @@ function setup() {
|
|||||||
sql "SELECT cartodb.CDB_Group_RenameGroup('group_a_tmp', 'group_a')"
|
sql "SELECT cartodb.CDB_Group_RenameGroup('group_a_tmp', 'group_a')"
|
||||||
|
|
||||||
sql "SELECT cartodb.CDB_Group_AddMember('group_a', 'cdb_testmember_1')"
|
sql "SELECT cartodb.CDB_Group_AddMember('group_a', 'cdb_testmember_1')"
|
||||||
|
|
||||||
|
sql "SELECT cartodb.CDB_Group_CreateGroup('group_b')"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -168,6 +197,8 @@ function tear_down() {
|
|||||||
sql cdb_testmember_1 'DROP TABLE cdb_testmember_1.foo;'
|
sql cdb_testmember_1 'DROP TABLE cdb_testmember_1.foo;'
|
||||||
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.bar;'
|
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.bar;'
|
||||||
|
|
||||||
|
sql "select cartodb.CDB_Group_DropGroup('group_b')"
|
||||||
|
|
||||||
sql "SELECT cartodb.CDB_Group_RemoveMember('group_a', 'cdb_testmember_1')"
|
sql "SELECT cartodb.CDB_Group_RemoveMember('group_a', 'cdb_testmember_1')"
|
||||||
|
|
||||||
sql "select cartodb.CDB_Group_DropGroup('group_a')"
|
sql "select cartodb.CDB_Group_DropGroup('group_a')"
|
||||||
@ -180,11 +211,11 @@ function tear_down() {
|
|||||||
|
|
||||||
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_1;"
|
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_1;"
|
||||||
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_2;"
|
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_2;"
|
||||||
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM publicuser;"
|
#publicuser# sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM publicuser;"
|
||||||
|
|
||||||
sql 'DROP ROLE cdb_testmember_1;'
|
sql 'DROP ROLE cdb_testmember_1;'
|
||||||
sql 'DROP ROLE cdb_testmember_2;'
|
sql 'DROP ROLE cdb_testmember_2;'
|
||||||
sql 'DROP ROLE publicuser;'
|
#publicuser# sql 'DROP ROLE publicuser;'
|
||||||
|
|
||||||
${CMD} -c "DROP DATABASE ${DATABASE}"
|
${CMD} -c "DROP DATABASE ${DATABASE}"
|
||||||
}
|
}
|
||||||
@ -433,6 +464,27 @@ function test_CDB_Group_Table_GrantReadWrite_should_grant_insert_and_RevokeAll_s
|
|||||||
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;'
|
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function test_group_management_functions_cant_be_used_by_normal_members() {
|
||||||
|
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_CreateGroup('group_x_1');" fails
|
||||||
|
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_RenameGroup('group_a', 'group_x_2');" fails
|
||||||
|
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_DropGroup('group_a');" fails
|
||||||
|
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_AddMember('group_a', 'cdb_testmember_2');" fails
|
||||||
|
sql cdb_testmember_1 "SELECT cartodb.CDB_Group_RemoveMember('group_a', 'cdb_testmember_1');" fails
|
||||||
|
|
||||||
|
create_table cdb_testmember_2 shared_with_group
|
||||||
|
|
||||||
|
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
|
||||||
|
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
|
||||||
|
|
||||||
|
# Checks that you can't grant even if your group has RW permissions
|
||||||
|
sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group')"
|
||||||
|
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group');" fails
|
||||||
|
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_b', 'cdb_testmember_2', 'shared_with_group');" fails
|
||||||
|
sql cdb_testmember_1 "select cartoDB.CDB_Group_Table_RevokeAll('group_b', 'cdb_testmember_2', 'shared_with_group');" fails
|
||||||
|
|
||||||
|
sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;'
|
||||||
|
}
|
||||||
|
|
||||||
#################################################### TESTS END HERE ####################################################
|
#################################################### TESTS END HERE ####################################################
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user