Fix bugs for triggers executing because of table ON keywords

2025-11-22 10:51:36 +01:00 · 2024-09-12 21:22:26 +02:00
parent 788cc74a76
commit e661368b89
4 changed files with 46 additions and 31 deletions
--- a/rest-api/db/migrations/20240724191017_row_level_security.sql
+++ b/rest-api/db/migrations/20240724191017_row_level_security.sql
@@ -56,7 +56,7 @@ BEGIN
            AND user_has_website_access.collaborator_permission_level < 30))) INTO has_access;
  IF NOT has_access AND user_has_website_access.raise_error THEN
    RAISE insufficient_privilege
-    USING message = 'You do not have the required permissions for this action.';
+    USING message = 'Insufficient permissions';
  END IF;
 END;
 $$
--- a/rest-api/db/migrations/20240911070907_change_log.sql
+++ b/rest-api/db/migrations/20240911070907_change_log.sql
@@ -27,15 +27,30 @@ BEGIN
    INSERT INTO internal.change_log (website_id, table_name, operation, new_value)
      VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (NEW));
    RETURN NEW;
-  ELSIF TG_OP = 'UPDATE' THEN
+  ELSIF TG_OP = 'UPDATE'
-    INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value)
+      AND EXISTS (
-      VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD));
+        SELECT
          id
        FROM
          internal.website
        WHERE
          id = _website_id) THEN
      INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value)
        VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD));
    RETURN NEW;
-  ELSIF TG_OP = 'DELETE' THEN
+  ELSIF TG_OP = 'DELETE'
-    INSERT INTO internal.change_log (website_id, table_name, operation, old_value)
+      AND EXISTS (
-      VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD));
+        SELECT
          id
        FROM
          internal.website
        WHERE
          id = _website_id) THEN
      INSERT INTO internal.change_log (website_id, table_name, operation, old_value)
        VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD));
    RETURN NEW;
  END IF;
  RETURN NEW;
 END;
 $$
 LANGUAGE plpgsql
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte
@@ -111,7 +111,7 @@
          <input
            type="date"
            name="publication-date"
-            value={data.article.publication_date ?? new Date().toISOString().split('T')[0]}
+            value={data.article.publication_date ?? new Date().toISOString().split("T")[0]}
            required
          />
        </label>
--- a/web-app/tests/collaborator.spec.ts
+++ b/web-app/tests/collaborator.spec.ts
@@ -147,7 +147,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated website")).toBeVisible();
        }
@@ -155,14 +155,14 @@ test.describe.serial("Collaborator tests", () => {
      test("Delete website", async ({ page }) => {
        await page.locator("li").filter({ hasText: "Blog" }).getByRole("button").nth(1).click();
        await page.getByRole("button", { name: "Delete website" }).click();
-        await expect(page.getByText("You do not have the required")).toBeVisible();
+        await expect(page.getByText("Insufficient permissions")).toBeVisible();
      });
      test("Update Global", async ({ page }) => {
        await page.getByRole("link", { name: "Blog" }).click();
        await page.locator("#global").getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated global")).toBeVisible();
        }
@@ -172,7 +172,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.locator("#header").getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated header")).toBeVisible();
        }
@@ -182,7 +182,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.locator("#home").getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated home")).toBeVisible();
        }
@@ -192,7 +192,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.locator("#footer").getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated footer")).toBeVisible();
        }
@@ -206,7 +206,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully created article")).toBeVisible();
        }
@@ -228,7 +228,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated article")).toBeVisible();
        }
@@ -244,7 +244,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Delete article" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        }
        if ([20, 30].includes(permissionLevel)) {
          await expect(page.getByText("Successfully deleted article")).toBeVisible();
@@ -253,7 +253,7 @@ test.describe.serial("Collaborator tests", () => {
          await page.getByRole("button", { name: "Delete article" }).click();
          if (permissionLevel === 20) {
-            await expect(page.getByText("You do not have the required")).toBeVisible();
+            await expect(page.getByText("Insufficient permissions")).toBeVisible();
          } else {
            await expect(page.getByText("Successfully deleted article")).toBeVisible();
          }
@@ -268,7 +268,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Submit" }).click();
        if ([10, 20].includes(permissionLevel)) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully added")).toBeVisible();
        }
@@ -286,7 +286,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Update collaborator" }).click();
        if ([10, 20].includes(permissionLevel)) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated")).toBeVisible();
@@ -298,7 +298,7 @@ test.describe.serial("Collaborator tests", () => {
            .click();
          await page.getByRole("combobox").selectOption("30");
          await page.getByRole("button", { name: "Update collaborator" }).click();
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        }
      });
      test("Remove collaborator", async ({ page }) => {
@@ -313,7 +313,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Remove collaborator" }).click();
        if ([10, 20].includes(permissionLevel)) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully removed")).toBeVisible();
@@ -324,7 +324,7 @@ test.describe.serial("Collaborator tests", () => {
            .nth(1)
            .click();
          await page.getByRole("button", { name: "Remove collaborator" }).click();
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        }
      });
      test("Create/Update legal information", async ({ page }) => {
@@ -337,7 +337,7 @@ test.describe.serial("Collaborator tests", () => {
        if (permissionLevel === 30) {
          await expect(page.getByText("Successfully created legal")).toBeVisible();
        } else {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        }
        await page.getByPlaceholder("## Impressum\n\n## Privacy policy").click();
@@ -347,7 +347,7 @@ test.describe.serial("Collaborator tests", () => {
        if (permissionLevel === 30) {
          await expect(page.getByText("Successfully updated legal")).toBeVisible();
        } else {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        }
      });
      test("Delete legal information", async ({ page }) => {
@@ -363,7 +363,7 @@ test.describe.serial("Collaborator tests", () => {
        if (permissionLevel === 30) {
          await expect(page.getByText("Successfully deleted legal")).toBeVisible();
        } else {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        }
      });
      test("Create category", async ({ page }) => {
@@ -377,7 +377,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Submit" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully created category")).toBeVisible();
        }
@@ -398,7 +398,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Update category" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully updated category")).toBeVisible();
        }
@@ -415,7 +415,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Delete category" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        }
        if ([20, 30].includes(permissionLevel)) {
          await expect(page.getByText("Successfully deleted category")).toBeVisible();
@@ -429,7 +429,7 @@ test.describe.serial("Collaborator tests", () => {
          await page.getByRole("button", { name: "Delete category" }).click();
          if (permissionLevel === 20) {
-            await expect(page.getByText("You do not have the required")).toBeVisible();
+            await expect(page.getByText("Insufficient permissions")).toBeVisible();
          } else {
            await expect(page.getByText("Successfully deleted category")).toBeVisible();
          }
@@ -441,7 +441,7 @@ test.describe.serial("Collaborator tests", () => {
        await page.getByRole("button", { name: "Publish" }).click();
        if (permissionLevel === 10) {
-          await expect(page.getByText("You do not have the required")).toBeVisible();
+          await expect(page.getByText("Insufficient permissions")).toBeVisible();
        } else {
          await expect(page.getByText("Successfully published website")).toBeVisible();
        }