139 lines
3.6 KiB
JavaScript
139 lines
3.6 KiB
JavaScript
|
const models = require('vn-loopback/server/server').models;
|
||
|
|
|
||
|
|
describe('Application executeRoutine()', () => {
|
||
|
|
const userWithoutPrivileges = 1;
|
||
|
|
const userWithPrivileges = 9;
|
||
|
|
const userWithInheritedPrivileges = 120;
|
||
|
|
let tx;
|
||
|
|
|
||
|
|
function getCtx(userId) {
|
||
|
|
return {
|
||
|
|
req: {
|
||
|
|
accessToken: {userId},
|
||
|
|
headers: {origin: 'http://localhost'}
|
||
|
|
}
|
||
|
|
};
|
||
|
|
}
|
||
|
|
|
||
|
|
beforeEach(async() => {
|
||
|
|
tx = await models.Application.beginTransaction({});
|
||
|
|
const options = {transaction: tx};
|
||
|
|
|
||
|
|
await models.Application.rawSql(`
|
||
|
|
CREATE OR REPLACE PROCEDURE vn.myProcedure(vMyParam INT)
|
||
|
|
BEGIN
|
||
|
|
SELECT vMyParam myParam, t.*
|
||
|
|
FROM ticket t
|
||
|
|
LIMIT 2;
|
||
|
|
END
|
||
|
|
`, null, options);
|
||
|
|
|
||
|
|
await models.Application.rawSql(`
|
||
|
|
CREATE OR REPLACE FUNCTION bs.myFunction(vMyParam INT) RETURNS int(11)
|
||
|
|
BEGIN
|
||
|
|
RETURN vMyParam;
|
||
|
|
END
|
||
|
|
`, null, options);
|
||
|
|
|
||
|
|
await models.Application.rawSql(`
|
||
|
|
GRANT EXECUTE ON PROCEDURE vn.myProcedure TO developer;
|
||
|
|
GRANT EXECUTE ON FUNCTION bs.myFunction TO developer;
|
||
|
|
`, null, options);
|
||
|
|
});
|
||
|
|
|
||
|
|
it('should throw error when execute procedure and not have privileges', async() => {
|
||
|
|
const ctx = getCtx(userWithoutPrivileges);
|
||
|
|
|
||
|
|
let error;
|
||
|
|
try {
|
||
|
|
const options = {transaction: tx};
|
||
|
|
|
||
|
|
await models.Application.executeRoutine(
|
||
|
|
ctx,
|
||
|
|
'myProcedure',
|
||
|
|
[1],
|
||
|
|
null,
|
||
|
|
null,
|
||
|
|
options
|
||
|
|
);
|
||
|
|
|
||
|
|
await tx.rollback();
|
||
|
|
} catch (e) {
|
||
|
|
await tx.rollback();
|
||
|
|
error = e;
|
||
|
|
}
|
||
|
|
|
||
|
|
expect(error.message).toEqual(`You don't have enough privileges`);
|
||
|
|
});
|
||
|
|
|
||
|
|
it('should execute procedure and get data', async() => {
|
||
|
|
const ctx = getCtx(userWithPrivileges);
|
||
|
|
try {
|
||
|
|
const options = {transaction: tx};
|
||
|
|
|
||
|
|
const response = await models.Application.executeRoutine(
|
||
|
|
ctx,
|
||
|
|
'myProcedure',
|
||
|
|
[1],
|
||
|
|
null,
|
||
|
|
null,
|
||
|
|
options
|
||
|
|
);
|
||
|
|
|
||
|
|
expect(response.length).toEqual(2);
|
||
|
|
expect(response[0].myParam).toEqual(1);
|
||
|
|
|
||
|
|
await tx.rollback();
|
||
|
|
} catch (e) {
|
||
|
|
await tx.rollback();
|
||
|
|
throw e;
|
||
|
|
}
|
||
|
|
});
|
||
|
|
|
||
|
|
it('should execute function and get data', async() => {
|
||
|
|
const ctx = getCtx(userWithPrivileges);
|
||
|
|
try {
|
||
|
|
const options = {transaction: tx};
|
||
|
|
|
||
|
|
const response = await models.Application.executeRoutine(
|
||
|
|
ctx,
|
||
|
|
'myFunction',
|
||
|
|
[1],
|
||
|
|
'bs',
|
||
|
|
'function',
|
||
|
|
options
|
||
|
|
);
|
||
|
|
|
||
|
|
expect(response).toEqual(1);
|
||
|
|
|
||
|
|
await tx.rollback();
|
||
|
|
} catch (e) {
|
||
|
|
await tx.rollback();
|
||
|
|
throw e;
|
||
|
|
}
|
||
|
|
});
|
||
|
|
|
||
|
|
it('should execute function and get data with user with inherited privileges', async() => {
|
||
|
|
const ctx = getCtx(userWithInheritedPrivileges);
|
||
|
|
try {
|
||
|
|
const options = {transaction: tx};
|
||
|
|
|
||
|
|
const response = await models.Application.executeRoutine(
|
||
|
|
ctx,
|
||
|
|
'myFunction',
|
||
|
|
[1],
|
||
|
|
'bs',
|
||
|
|
'function',
|
||
|
|
options
|
||
|
|
);
|
||
|
|
|
||
|
|
expect(response).toEqual(1);
|
||
|
|
|
||
|
|
await tx.rollback();
|
||
|
|
} catch (e) {
|
||
|
|
await tx.rollback();
|
||
|
|
throw e;
|
||
|
|
}
|
||
|
|
});
|
||
|
|
});
|