From df72007e81c4d1e72bbee4c1048f7dfead37cf68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?=
 <juanignaciosl@gmail.com>
Date: Tue, 26 Dec 2017 15:54:55 +0100
Subject: [PATCH] API Key spec

---
 Makefile                          |  1 +
 spec/models/carto/api_key_spec.rb | 79 +++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 spec/models/carto/api_key_spec.rb

diff --git a/Makefile b/Makefile
index 5da3d3875b..833352e4d0 100644
--- a/Makefile
+++ b/Makefile
@@ -76,6 +76,7 @@ WORKING_SPECS_1 = \
 	spec/lib/carto/table_utils_spec.rb \
 	spec/helpers/uuidhelper_spec.rb \
 	spec/helpers/url_validator_spec.rb \
+	spec/models/carto/api_key_spec.rb \
 	spec/models/carto/data_import_spec.rb \
 	spec/models/carto/visualization_spec.rb \
 	spec/models/carto/visualization/watcher_spec.rb \
diff --git a/spec/models/carto/api_key_spec.rb b/spec/models/carto/api_key_spec.rb
new file mode 100644
index 0000000000..9f6269c110
--- /dev/null
+++ b/spec/models/carto/api_key_spec.rb
@@ -0,0 +1,79 @@
+# encoding: utf-8
+
+require 'spec_helper_min'
+require 'support/helpers'
+
+describe Carto::ApiKey do
+  include_context 'users helper'
+
+  def grant(database_schema, table_name, permissions: ['insert', 'select', 'update', 'delete'])
+    {
+      type: "database",
+      tables: [
+        {
+          schema: database_schema,
+          name: table_name,
+          permissions: permissions
+        }
+      ]
+    }
+  end
+
+  def connection_from_api_key(api_key)
+    user = api_key.user
+
+    options = ::SequelRails.configuration.environment_for(Rails.env).merge(
+      'database' => user.database_name,
+      'username' => api_key.db_role,
+      'password' => api_key.db_password,
+      'host' => user.database_host
+    )
+    ::Sequel.connect(options)
+  end
+
+  before(:each) do
+    @table1 = create_table(user_id: @carto_user1.id)
+    @table2 = create_table(user_id: @carto_user1.id)
+  end
+
+  after(:each) do
+    @table2.destroy
+    @table1.destroy
+  end
+
+  it 'can grant insert, select, update delete to a database role' do
+    api_key = Carto::ApiKey.create!(user_id: @carto_user1.id, type: Carto::ApiKey::TYPE_REGULAR,
+                                    name: 'full', grants: [grant(@table1.database_schema, @table1.name)])
+
+    connection = connection_from_api_key(api_key)
+    begin
+      begin
+        connection.execute("select count(1) from #{@table2.name}")
+      rescue => e
+        failed = true
+        e.message.should include "permission denied for relation #{@table2.name}"
+      end
+      failed.should be_true
+
+      connection.execute("select count(1) from #{@table1.name}") do |result|
+        result[0]['count'].should eq '0'
+      end
+
+      connection.execute("insert into #{@table1.name} (name) values ('wadus')")
+
+      connection.execute("select count(1) from #{@table1.name}") do |result|
+        result[0]['count'].should eq '1'
+      end
+
+      connection.execute("update #{@table1.name} set name = 'wadus2' where name = 'wadus'")
+
+      connection.execute("delete from #{@table1.name} where name = 'wadus2'")
+
+      connection.execute("select count(1) from #{@table1.name}") do |result|
+        result[0]['count'].should eq '0'
+      end
+    ensure
+      connection.disconnect
+    end
+  end
+end