add test for table_by_pk node when roles doesn't have permission to PK

codingkarthik · codingkarthik · commit 3868f69fd441 · 2020-08-06T12:16:09.000+05:30
diff --git a/server/tests-py/queries/graphql_query/permissions/setup.yaml b/server/tests-py/queries/graphql_query/permissions/setup.yaml
@@ -283,6 +283,42 @@ args:
     name: search_tracks
     schema: public
 
+#Create Books table
+- type: run_sql
+  args:
+    sql: |
+      CREATE TABLE books (
+        id int,
+        author_name text,
+        book_name text,
+        published_on timestamptz,
+        PRIMARY KEY (id,book_name)
+      );
+
+# Track table Books
+- type: track_table
+  args:
+    schema: public
+    name: books
+
+- type: insert
+  args:
+    table: books
+    objects:
+      - id: 1
+        author_name: J.K. Rowling
+        book_name: Harry Porter
+        published_on: "1997-06-26"
+
+#Create select permission on books, granting permission only to one of the columns of the primary key
+- type: create_select_permission
+  args:
+    table: books
+    role: user
+    permission:
+      columns: ["author_name","book_name","published_on"]
+      filter: {}
+
 #Permission based on PostGIS operators
 - type: run_sql
   args:
diff --git a/server/tests-py/queries/graphql_query/permissions/teardown.yaml b/server/tests-py/queries/graphql_query/permissions/teardown.yaml
@@ -7,6 +7,7 @@ args:
       DROP TABLE author;
       DROP TABLE "Track" cascade;
       DROP TABLE "Artist";
+      DROP TABLE books;
       DROP TABLE geom_table;
       DROP TABLE jsonb_table;
       DROP TABLE gpa cascade;
diff --git a/server/tests-py/queries/graphql_query/permissions/user_should_not_be_able_to_access_books_by_pk.yaml b/server/tests-py/queries/graphql_query/permissions/user_should_not_be_able_to_access_books_by_pk.yaml
@@ -0,0 +1,20 @@
+- description: User cannot access books_by_pk
+  url: /v1/graphql
+  status: 200
+  headers:
+    X-Hasura-Role: user
+  response:
+    errors:
+    - extensions:
+        path: $.selectionSet.books_by_pk
+        code: validation-failed
+      message: "field \"books_by_pk\" not found in type: 'query_root'"
+  query:
+    query: |
+      query {
+        books_by_pk(id:1,book_name:"Harry Porter") {
+          author_name
+          book_name
+          published_on
+        }
+      }
diff --git a/server/tests-py/test_graphql_queries.py b/server/tests-py/test_graphql_queries.py
@@ -331,6 +331,9 @@ def test_jsonb_has_any(self, hge_ctx, transport):
     def test_in_and_nin(self, hge_ctx, transport):
         check_query_f(hge_ctx, self.dir() + '/in_and_nin.yaml', transport)
 
+    def test_user_accessing_books_by_pk_should_fail(self, hge_ctx, transport):
+        check_query_f(hge_ctx, self.dir() + '/user_should_not_be_able_to_access_books_by_pk.yaml')
+
     @classmethod
     def dir(cls):
         return 'queries/graphql_query/permissions'
