Refactor tests

salsita · Jan 9, 2022 · 45dc4e7 · 45dc4e7
1 parent 4be8158
commit 45dc4e7
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 23 deletions.
diff --git a/test/migrations/085_grant_tables_schemas_roles.js b/test/migrations/085_grant_tables_schemas_roles.js
@@ -1,21 +1,30 @@
+const schema = 'test_grant_schema'
+const table = 'test_grant_table'
+const role1 = 'test_grant_bob1'
+const role2 = 'test_grant_bob2'
+const tablePrivileges = ['SELECT', 'UPDATE']
+const schemaPrivilege = 'USAGE'
+
+exports.constants = { schema, table, role1, role2, tablePrivileges, schemaPrivilege }
+
 exports.up = (pgm) => {
-  pgm.createTable('table_for_bob', {
+  pgm.createTable(table, {
     id: 'id',
   })
-  pgm.createRole('bob1')
-  pgm.createRole('bob2')
+  pgm.createRole(role1)
+  pgm.createRole(role2)
   pgm.grantOnTables({
-    privileges: 'ALL',
-    tables: 'table_for_bob',
-    roles: 'bob1',
+    privileges: tablePrivileges,
+    tables: table,
+    roles: role1,
   })
-  pgm.createSchema('test_schema')
+  pgm.createSchema(schema)
   pgm.grantOnSchemas({
-    privileges: 'USAGE',
-    schemas: 'test_schema',
-    roles: 'bob1',
+    privileges: schemaPrivilege,
+    schemas: schema,
+    roles: role1,
   })
-  pgm.grantRoles('bob1', 'bob2')
+  pgm.grantRoles(role1, role2)
 }
 
 // Test table privileges

diff --git a/test/migrations/086_grant_test.js b/test/migrations/086_grant_test.js
@@ -1,22 +1,37 @@
-exports.up = async (pgm) => {
-  // test table privileges
+const { schema, table, role1, role2, tablePrivileges, schemaPrivilege } = require('./085_grant_tables_schemas_roles')
+
+const hasTablePrivileges = async (pgm, role, tableName, privileges) => {
   const rows = await pgm.db.select(`
     SELECT grantee, privilege_type
     FROM information_schema.role_table_grants 
-    WHERE table_name='table_for_bob'
-    AND grantee = 'bob1'
+    WHERE table_name='${tableName}'
+    AND grantee = '${role}'
   `)
-  const rows1 = await pgm.db.select(`
-    SELECT has_schema_privilege('bob1', 'test_schema', 'USAGE');
+  const foundPrivileges = rows.map(({ privilegeType }) => privilegeType)
+  return privileges.reduce((acc, privilege) => acc && foundPrivileges.includes(privilege), true)
+}
+
+const hasSchemaPrivilege = async (pgm, role, schemaName, privilege) => {
+  const rows = await pgm.db.select(`
+    SELECT has_schema_privilege('${role}', '${schemaName}', '${privilege}');
   `)
-  console.log({ rows, rows1 })
-  if (rows.length !== 7) {
-    throw new Error('Incorrect number of priveleges')
+  return rows.length && rows[0].has_schema_privilege
+}
+
+const checkGrantedPrivileges = async (pgm, role) => {
+  const hasGrantedTablePrivileges = await hasTablePrivileges(pgm, role, table, tablePrivileges)
+  if (!hasGrantedTablePrivileges) {
+    throw new Error(`${role} misses granted table privileges`)
   }
-  const hasSchemaPrivilege = rows1.length && rows1[0].has_schema_privilege
-  if (!hasSchemaPrivilege) {
-    throw new Error('Bob should have a USAGE schema privelege')
+  const hasGrantedSchemaPrivilege = await hasSchemaPrivilege(pgm, role, schema, schemaPrivilege)
+  if (!hasGrantedSchemaPrivilege) {
+    throw new Error(`${role} misses USAGE schema privilege`)
   }
 }
 
+exports.up = async (pgm) => {
+  await checkGrantedPrivileges(pgm, role1)
+  await checkGrantedPrivileges(pgm, role2)
+}
+
 exports.down = () => null