lywsvip/supabase
1
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-06-02 10:55:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
create-pull-request/patch
supabase/packages/pg-meta/test/table-privileges.test.ts
Ivan Vasilov 1cd1ebfc7f chire: Sort imports in all packages, cms, design-system and ui-library apps (#41610) 
Sorted all imports in all packages, `cms`, `design-system` and
`ui-library` apps by running `pnpm format` on them.

All changes in this PR are done by the script.
2026-02-05 13:54:10 +01:00

391 lines
10 KiB
TypeScript
Raw Permalink Blame History

import { afterAll, beforeAll, expect, test } from 'vitest'
import pgMeta from '../src/index'
import { cleanupRoot, createTestDatabase } from './db/utils'
beforeAll(async () => {
// Any global setup if needed
})
afterAll(async () => {
await cleanupRoot()
})
const withTestDatabase = (
name: string,
fn: (db: Awaited<ReturnType<typeof createTestDatabase>>) => Promise<void>
) => {
test(name, async () => {
const db = await createTestDatabase()
try {
await fn(db)
} finally {
await db.cleanup()
}
})
}
withTestDatabase('list table privileges', async ({ executeQuery }) => {
const { sql, zod } = await pgMeta.tablePrivileges.list()
const res = zod.parse(await executeQuery(sql))
expect(
res.find(({ schema, name }) => schema === 'public' && name === 'todos')
).toMatchInlineSnapshot(
{ relation_id: expect.any(Number) },
`
{
"kind": "table",
"name": "todos",
"privileges": [
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "INSERT",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "SELECT",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "UPDATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "DELETE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRUNCATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "REFERENCES",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRIGGER",
},
],
"relation_id": Any<Number>,
"schema": "public",
}
`
)
})
withTestDatabase('revoke & grant table privileges', async ({ executeQuery }) => {
// Get initial table privileges
const { sql: listSql, zod: listZod } = await pgMeta.tablePrivileges.list()
const listRes = listZod.parse(await executeQuery(listSql))
const { relation_id } = listRes.find(
({ schema, name }) => schema === 'public' && name === 'todos'
)!
// Revoke all privileges
const { sql: revokeSql } = pgMeta.tablePrivileges.revoke([
{
relationId: relation_id,
grantee: 'postgres',
privilegeType: 'ALL',
},
])
await executeQuery(revokeSql)
// Verify privileges were revoked
const { sql: retrieveSql, zod: retrieveZod } = await pgMeta.tablePrivileges.retrieve({
id: relation_id,
})
let privs = retrieveZod.parse((await executeQuery(retrieveSql))[0])
expect(privs).toMatchInlineSnapshot(
{ relation_id: expect.any(Number) },
`
{
"kind": "table",
"name": "todos",
"privileges": [],
"relation_id": Any<Number>,
"schema": "public",
}
`
)
// Grant all privileges back
const { sql: grantSql } = pgMeta.tablePrivileges.grant([
{
relationId: relation_id,
grantee: 'postgres',
privilegeType: 'ALL',
},
])
await executeQuery(grantSql)
// Verify privileges were granted
const { sql: verifyGrantSql } = await pgMeta.tablePrivileges.retrieve({ id: relation_id })
privs = retrieveZod.parse((await executeQuery(verifyGrantSql))[0])
expect(privs).toMatchInlineSnapshot(
{ relation_id: expect.any(Number) },
`
{
"kind": "table",
"name": "todos",
"privileges": [
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRIGGER",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "REFERENCES",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRUNCATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "DELETE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "UPDATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "SELECT",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "INSERT",
},
],
"relation_id": Any<Number>,
"schema": "public",
}
`
)
})
withTestDatabase(
'revoke & grant table privileges w/ quoted table name',
async ({ executeQuery }) => {
// Create test role and schema
await executeQuery(`create role r; create schema "s 1"; create table "s 1"."t 1"();`)
// Get table privileges
const { sql: listSql, zod: listZod } = await pgMeta.tablePrivileges.list()
const listRes = listZod.parse(await executeQuery(listSql))
const { relation_id } = listRes.find(({ schema, name }) => schema === 's 1' && name === 't 1')!
// Grant all privileges
const { sql: grantSql } = pgMeta.tablePrivileges.grant([
{
relationId: relation_id,
grantee: 'r',
privilegeType: 'ALL',
},
])
await executeQuery(grantSql)
// Verify privileges were granted
const { sql: retrieveSql, zod: retrieveZod } = await pgMeta.tablePrivileges.retrieve({
id: relation_id,
})
let privs = retrieveZod.parse((await executeQuery(retrieveSql))[0])
expect(privs).toMatchInlineSnapshot(
{ relation_id: expect.any(Number) },
`
{
"kind": "table",
"name": "t 1",
"privileges": [
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRIGGER",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "REFERENCES",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRUNCATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "DELETE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "UPDATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "SELECT",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "INSERT",
},
{
"grantee": "r",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRIGGER",
},
{
"grantee": "r",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "REFERENCES",
},
{
"grantee": "r",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRUNCATE",
},
{
"grantee": "r",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "DELETE",
},
{
"grantee": "r",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "UPDATE",
},
{
"grantee": "r",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "SELECT",
},
{
"grantee": "r",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "INSERT",
},
],
"relation_id": Any<Number>,
"schema": "s 1",
}
`
)
// Revoke all privileges
const { sql: revokeSql } = pgMeta.tablePrivileges.revoke([
{
relationId: relation_id,
grantee: 'r',
privilegeType: 'ALL',
},
])
await executeQuery(revokeSql)
// Verify privileges were revoked
const { sql: verifyRevokeSql } = await pgMeta.tablePrivileges.retrieve({ id: relation_id })
privs = retrieveZod.parse((await executeQuery(verifyRevokeSql))[0])
expect(privs).toMatchInlineSnapshot(
{ relation_id: expect.any(Number) },
`
{
"kind": "table",
"name": "t 1",
"privileges": [
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRIGGER",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "REFERENCES",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "TRUNCATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "DELETE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "UPDATE",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "SELECT",
},
{
"grantee": "postgres",
"grantor": "postgres",
"is_grantable": false,
"privilege_type": "INSERT",
},
],
"relation_id": Any<Number>,
"schema": "s 1",
}
`
)
}
)
Reference in New Issue View Git Blame Copy Permalink