MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix RLS permission issue in integration tests

Browse Source 
- Add BYPASSRLS privilege to app_admin role
- Grant full schema and table access to app_admin
- Allow rls_test_user to assume app_admin role
- Fixes: permission denied for table clubs (42501)
This commit is contained in:
WorkClub Automation
2026-03-19 21:40:38 +01:00
parent 112b299b8e
commit ade9444682
1 changed files with 32 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
+17 -2
View File
@@ -62,15 +62,30 @@ public class CustomWebApplicationFactory<TProgram> : WebApplicationFactory<TProg
using var cmd = conn.CreateCommand(); using var cmd = conn.CreateCommand();
cmd.CommandText = @" cmd.CommandText = @"
DO $$ BEGIN DO $$ BEGIN
-- Create test user for RLS
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN
CREATE USER rls_test_user WITH PASSWORD 'rlspass'; CREATE USER rls_test_user WITH PASSWORD 'rlspass';
END IF;
-- Grant basic permissions to test user
GRANT CONNECT ON DATABASE workclub_test TO rls_test_user; GRANT CONNECT ON DATABASE workclub_test TO rls_test_user;
GRANT USAGE ON SCHEMA public TO rls_test_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
END IF;
-- Create app_admin role for bypassing RLS
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
CREATE ROLE app_admin; CREATE ROLE app_admin WITH BYPASSRLS;
END IF; END IF;
-- Grant app_admin full access to tables
GRANT CONNECT ON DATABASE workclub_test TO app_admin;
GRANT USAGE ON SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
-- Allow rls_test_user to assume app_admin role
GRANT app_admin TO rls_test_user;
END $$; END $$;
"; ";
cmd.ExecuteNonQuery(); cmd.ExecuteNonQuery();