From e661368b890da1db98679df7ceb96e7593801a72 Mon Sep 17 00:00:00 2001 From: thiloho <123883702+thiloho@users.noreply.github.com> Date: Thu, 12 Sep 2024 21:22:26 +0200 Subject: [PATCH] Fix bugs for triggers executing because of table ON keywords --- .../20240724191017_row_level_security.sql | 2 +- .../migrations/20240911070907_change_log.sql | 27 ++++++++--- .../articles/[articleId]/+page.svelte | 2 +- web-app/tests/collaborator.spec.ts | 46 +++++++++---------- 4 files changed, 46 insertions(+), 31 deletions(-) diff --git a/rest-api/db/migrations/20240724191017_row_level_security.sql b/rest-api/db/migrations/20240724191017_row_level_security.sql index eecd7db..ae41e55 100644 --- a/rest-api/db/migrations/20240724191017_row_level_security.sql +++ b/rest-api/db/migrations/20240724191017_row_level_security.sql @@ -56,7 +56,7 @@ BEGIN AND user_has_website_access.collaborator_permission_level < 30))) INTO has_access; IF NOT has_access AND user_has_website_access.raise_error THEN RAISE insufficient_privilege - USING message = 'You do not have the required permissions for this action.'; + USING message = 'Insufficient permissions'; END IF; END; $$ diff --git a/rest-api/db/migrations/20240911070907_change_log.sql b/rest-api/db/migrations/20240911070907_change_log.sql index 60af085..933e2ac 100644 --- a/rest-api/db/migrations/20240911070907_change_log.sql +++ b/rest-api/db/migrations/20240911070907_change_log.sql @@ -27,15 +27,30 @@ BEGIN INSERT INTO internal.change_log (website_id, table_name, operation, new_value) VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (NEW)); RETURN NEW; - ELSIF TG_OP = 'UPDATE' THEN - INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value) - VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD)); + ELSIF TG_OP = 'UPDATE' + AND EXISTS ( + SELECT + id + FROM + internal.website + WHERE + id = _website_id) THEN + INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value) + VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD)); RETURN NEW; - ELSIF TG_OP = 'DELETE' THEN - INSERT INTO internal.change_log (website_id, table_name, operation, old_value) - VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD)); + ELSIF TG_OP = 'DELETE' + AND EXISTS ( + SELECT + id + FROM + internal.website + WHERE + id = _website_id) THEN + INSERT INTO internal.change_log (website_id, table_name, operation, old_value) + VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD)); RETURN NEW; END IF; + RETURN NEW; END; $$ LANGUAGE plpgsql diff --git a/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte b/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte index 6de3c3b..83d6147 100644 --- a/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte +++ b/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte @@ -111,7 +111,7 @@ diff --git a/web-app/tests/collaborator.spec.ts b/web-app/tests/collaborator.spec.ts index 828a978..ba40863 100644 --- a/web-app/tests/collaborator.spec.ts +++ b/web-app/tests/collaborator.spec.ts @@ -147,7 +147,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated website")).toBeVisible(); } @@ -155,14 +155,14 @@ test.describe.serial("Collaborator tests", () => { test("Delete website", async ({ page }) => { await page.locator("li").filter({ hasText: "Blog" }).getByRole("button").nth(1).click(); await page.getByRole("button", { name: "Delete website" }).click(); - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); }); test("Update Global", async ({ page }) => { await page.getByRole("link", { name: "Blog" }).click(); await page.locator("#global").getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated global")).toBeVisible(); } @@ -172,7 +172,7 @@ test.describe.serial("Collaborator tests", () => { await page.locator("#header").getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated header")).toBeVisible(); } @@ -182,7 +182,7 @@ test.describe.serial("Collaborator tests", () => { await page.locator("#home").getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated home")).toBeVisible(); } @@ -192,7 +192,7 @@ test.describe.serial("Collaborator tests", () => { await page.locator("#footer").getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated footer")).toBeVisible(); } @@ -206,7 +206,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully created article")).toBeVisible(); } @@ -228,7 +228,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated article")).toBeVisible(); } @@ -244,7 +244,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Delete article" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } if ([20, 30].includes(permissionLevel)) { await expect(page.getByText("Successfully deleted article")).toBeVisible(); @@ -253,7 +253,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Delete article" }).click(); if (permissionLevel === 20) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully deleted article")).toBeVisible(); } @@ -268,7 +268,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Submit" }).click(); if ([10, 20].includes(permissionLevel)) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully added")).toBeVisible(); } @@ -286,7 +286,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Update collaborator" }).click(); if ([10, 20].includes(permissionLevel)) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated")).toBeVisible(); @@ -298,7 +298,7 @@ test.describe.serial("Collaborator tests", () => { .click(); await page.getByRole("combobox").selectOption("30"); await page.getByRole("button", { name: "Update collaborator" }).click(); - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } }); test("Remove collaborator", async ({ page }) => { @@ -313,7 +313,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Remove collaborator" }).click(); if ([10, 20].includes(permissionLevel)) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully removed")).toBeVisible(); @@ -324,7 +324,7 @@ test.describe.serial("Collaborator tests", () => { .nth(1) .click(); await page.getByRole("button", { name: "Remove collaborator" }).click(); - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } }); test("Create/Update legal information", async ({ page }) => { @@ -337,7 +337,7 @@ test.describe.serial("Collaborator tests", () => { if (permissionLevel === 30) { await expect(page.getByText("Successfully created legal")).toBeVisible(); } else { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } await page.getByPlaceholder("## Impressum\n\n## Privacy policy").click(); @@ -347,7 +347,7 @@ test.describe.serial("Collaborator tests", () => { if (permissionLevel === 30) { await expect(page.getByText("Successfully updated legal")).toBeVisible(); } else { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } }); test("Delete legal information", async ({ page }) => { @@ -363,7 +363,7 @@ test.describe.serial("Collaborator tests", () => { if (permissionLevel === 30) { await expect(page.getByText("Successfully deleted legal")).toBeVisible(); } else { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } }); test("Create category", async ({ page }) => { @@ -377,7 +377,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Submit" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully created category")).toBeVisible(); } @@ -398,7 +398,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Update category" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully updated category")).toBeVisible(); } @@ -415,7 +415,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Delete category" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } if ([20, 30].includes(permissionLevel)) { await expect(page.getByText("Successfully deleted category")).toBeVisible(); @@ -429,7 +429,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Delete category" }).click(); if (permissionLevel === 20) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully deleted category")).toBeVisible(); } @@ -441,7 +441,7 @@ test.describe.serial("Collaborator tests", () => { await page.getByRole("button", { name: "Publish" }).click(); if (permissionLevel === 10) { - await expect(page.getByText("You do not have the required")).toBeVisible(); + await expect(page.getByText("Insufficient permissions")).toBeVisible(); } else { await expect(page.getByText("Successfully published website")).toBeVisible(); }