MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix RLS permissions and JWT validation for admin club creation #5

Merged
MasterMito merged 18 commits from fix/rls-permission-test-failure into epic/admin_rework_second_try 2026-03-20 11:42:05 +01:00
Conversation 0 Commits 18 Files Changed 37
+32 -17
1 changed files with 32 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ade9444682 - Show all commits
backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
+32 -17
View File
@@ -57,23 +57,38 @@ public class CustomWebApplicationFactory<TProgram> : WebApplicationFactory<TProg
var db = scope.ServiceProvider.GetRequiredService<AppDbContext>(); var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
db.Database.Migrate(); db.Database.Migrate();
using var conn = new Npgsql.NpgsqlConnection(_postgresContainer.GetConnectionString()); using var conn = new Npgsql.NpgsqlConnection(_postgresContainer.GetConnectionString());
conn.Open(); conn.Open();
using var cmd = conn.CreateCommand(); using var cmd = conn.CreateCommand();
cmd.CommandText = @" cmd.CommandText = @"
DO $$ BEGIN DO $$ BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN -- Create test user for RLS
CREATE USER rls_test_user WITH PASSWORD 'rlspass'; IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN
GRANT CONNECT ON DATABASE workclub_test TO rls_test_user; CREATE USER rls_test_user WITH PASSWORD 'rlspass';
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user; END IF;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
END IF; -- Grant basic permissions to test user
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN GRANT CONNECT ON DATABASE workclub_test TO rls_test_user;
CREATE ROLE app_admin; GRANT USAGE ON SCHEMA public TO rls_test_user;
END IF; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user;
END $$; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
";
cmd.ExecuteNonQuery(); -- Create app_admin role for bypassing RLS
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
CREATE ROLE app_admin WITH BYPASSRLS;
END IF;
-- Grant app_admin full access to tables
GRANT CONNECT ON DATABASE workclub_test TO app_admin;
GRANT USAGE ON SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
-- Allow rls_test_user to assume app_admin role
GRANT app_admin TO rls_test_user;
END $$;
";
cmd.ExecuteNonQuery();
}); });
builder.UseEnvironment("Test"); builder.UseEnvironment("Test");