thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 02:41:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix bugs for triggers executing because of table ON keywords

Browse Source
This commit is contained in:
thiloho
2024-09-12 21:22:26 +02:00
parent 788cc74a76
commit e661368b89
4 changed files with 46 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rest-api/db/migrations/20240724191017_row_level_security.sql
View File

@@ -56,7 +56,7 @@ BEGIN
AND user_has_website_access.collaborator_permission_level < 30))) INTO has_access;
IF NOT has_access AND user_has_website_access.raise_error THEN
RAISE insufficient_privilege
USING message = 'You do not have the required permissions for this action.';
USING message = 'Insufficient permissions';
END IF;
END;
$$

27
rest-api/db/migrations/20240911070907_change_log.sql
View File

@@ -27,15 +27,30 @@ BEGIN
INSERT INTO internal.change_log (website_id, table_name, operation, new_value)
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (NEW));
RETURN NEW;
ELSIF TG_OP = 'UPDATE' THEN
INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value)
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD));
ELSIF TG_OP = 'UPDATE'
AND EXISTS (
SELECT
id
FROM
internal.website
WHERE
id = _website_id) THEN
INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value)
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD));
RETURN NEW;
ELSIF TG_OP = 'DELETE' THEN
INSERT INTO internal.change_log (website_id, table_name, operation, old_value)
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD));
ELSIF TG_OP = 'DELETE'
AND EXISTS (
SELECT
id
FROM
internal.website
WHERE
id = _website_id) THEN
INSERT INTO internal.change_log (website_id, table_name, operation, old_value)
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD));
RETURN NEW;
END IF;
RETURN NEW;
END;
$$
LANGUAGE plpgsql

2
web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte
View File

@@ -111,7 +111,7 @@
<input
type="date"
name="publication-date"
value={data.article.publication_date ?? new Date().toISOString().split('T')[0]}
value={data.article.publication_date ?? new Date().toISOString().split("T")[0]}
required
/>
</label>

46
web-app/tests/collaborator.spec.ts
View File

@@ -147,7 +147,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated website")).toBeVisible();
}
@@ -155,14 +155,14 @@ test.describe.serial("Collaborator tests", () => {
test("Delete website", async ({ page }) => {
await page.locator("li").filter({ hasText: "Blog" }).getByRole("button").nth(1).click();
await page.getByRole("button", { name: "Delete website" }).click();
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
});
test("Update Global", async ({ page }) => {
await page.getByRole("link", { name: "Blog" }).click();
await page.locator("#global").getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated global")).toBeVisible();
}
@@ -172,7 +172,7 @@ test.describe.serial("Collaborator tests", () => {
await page.locator("#header").getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated header")).toBeVisible();
}
@@ -182,7 +182,7 @@ test.describe.serial("Collaborator tests", () => {
await page.locator("#home").getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated home")).toBeVisible();
}
@@ -192,7 +192,7 @@ test.describe.serial("Collaborator tests", () => {
await page.locator("#footer").getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated footer")).toBeVisible();
}
@@ -206,7 +206,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully created article")).toBeVisible();
}
@@ -228,7 +228,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated article")).toBeVisible();
}
@@ -244,7 +244,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Delete article" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
}
if ([20, 30].includes(permissionLevel)) {
await expect(page.getByText("Successfully deleted article")).toBeVisible();
@@ -253,7 +253,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Delete article" }).click();
if (permissionLevel === 20) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully deleted article")).toBeVisible();
}
@@ -268,7 +268,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Submit" }).click();
if ([10, 20].includes(permissionLevel)) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully added")).toBeVisible();
}
@@ -286,7 +286,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Update collaborator" }).click();
if ([10, 20].includes(permissionLevel)) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated")).toBeVisible();
@@ -298,7 +298,7 @@ test.describe.serial("Collaborator tests", () => {
.click();
await page.getByRole("combobox").selectOption("30");
await page.getByRole("button", { name: "Update collaborator" }).click();
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
}
});
test("Remove collaborator", async ({ page }) => {
@@ -313,7 +313,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Remove collaborator" }).click();
if ([10, 20].includes(permissionLevel)) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully removed")).toBeVisible();
@@ -324,7 +324,7 @@ test.describe.serial("Collaborator tests", () => {
.nth(1)
.click();
await page.getByRole("button", { name: "Remove collaborator" }).click();
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
}
});
test("Create/Update legal information", async ({ page }) => {
@@ -337,7 +337,7 @@ test.describe.serial("Collaborator tests", () => {
if (permissionLevel === 30) {
await expect(page.getByText("Successfully created legal")).toBeVisible();
} else {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
}
await page.getByPlaceholder("## Impressum\n\n## Privacy policy").click();
@@ -347,7 +347,7 @@ test.describe.serial("Collaborator tests", () => {
if (permissionLevel === 30) {
await expect(page.getByText("Successfully updated legal")).toBeVisible();
} else {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
}
});
test("Delete legal information", async ({ page }) => {
@@ -363,7 +363,7 @@ test.describe.serial("Collaborator tests", () => {
if (permissionLevel === 30) {
await expect(page.getByText("Successfully deleted legal")).toBeVisible();
} else {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
}
});
test("Create category", async ({ page }) => {
@@ -377,7 +377,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Submit" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully created category")).toBeVisible();
}
@@ -398,7 +398,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Update category" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully updated category")).toBeVisible();
}
@@ -415,7 +415,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Delete category" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
}
if ([20, 30].includes(permissionLevel)) {
await expect(page.getByText("Successfully deleted category")).toBeVisible();
@@ -429,7 +429,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Delete category" }).click();
if (permissionLevel === 20) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully deleted category")).toBeVisible();
}
@@ -441,7 +441,7 @@ test.describe.serial("Collaborator tests", () => {
await page.getByRole("button", { name: "Publish" }).click();
if (permissionLevel === 10) {
await expect(page.getByText("You do not have the required")).toBeVisible();
await expect(page.getByText("Insufficient permissions")).toBeVisible();
} else {
await expect(page.getByText("Successfully published website")).toBeVisible();
}