Files
TX/artifacts/api-server/tests/app-permissions-unique.test.mjs
T

84 lines
2.9 KiB
JavaScript
Raw Normal View History

import { test, before, after } from "node:test";
import assert from "node:assert/strict";
import pg from "pg";
const DATABASE_URL = process.env.DATABASE_URL;
if (!DATABASE_URL) {
throw new Error("DATABASE_URL must be set to run these tests");
}
const pool = new pg.Pool({ connectionString: DATABASE_URL });
let testAppId;
let testPermissionId;
before(async () => {
const stamp = `${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 6)}`;
const slug = `apuq_app_${stamp}`;
const permName = `apuq.perm.${stamp}`;
const route = `/${slug}`;
const appRes = await pool.query(
`INSERT INTO apps (slug, name_ar, name_en, route, is_active, sort_order)
VALUES ($1, $2, $3, $4, true, 999)
RETURNING id`,
[slug, slug, slug, route],
);
testAppId = appRes.rows[0].id;
const permRes = await pool.query(
`INSERT INTO permissions (name, description_en) VALUES ($1, $2) RETURNING id`,
[permName, permName],
);
testPermissionId = permRes.rows[0].id;
});
after(async () => {
await pool.query(`DELETE FROM app_permissions WHERE app_id = $1`, [testAppId]);
await pool.query(`DELETE FROM apps WHERE id = $1`, [testAppId]);
await pool.query(`DELETE FROM permissions WHERE id = $1`, [testPermissionId]);
await pool.end();
});
test("app_permissions composite primary key prevents duplicate (app_id, permission_id)", async () => {
// First insert succeeds
await pool.query(
`INSERT INTO app_permissions (app_id, permission_id) VALUES ($1, $2)`,
[testAppId, testPermissionId],
);
// Plain duplicate insert should fail with a unique-violation error (SQLSTATE 23505)
await assert.rejects(
pool.query(
`INSERT INTO app_permissions (app_id, permission_id) VALUES ($1, $2)`,
[testAppId, testPermissionId],
),
(err) => err.code === "23505",
);
// Only one row should exist for the pair
const { rows: countRows } = await pool.query(
`SELECT COUNT(*)::int AS c FROM app_permissions WHERE app_id = $1 AND permission_id = $2`,
[testAppId, testPermissionId],
);
assert.equal(countRows[0].c, 1);
});
test("ON CONFLICT DO NOTHING handles duplicate inserts gracefully (no error, no extra row)", async () => {
// Re-running the same insert with ON CONFLICT DO NOTHING should not throw
// and should not add a second row. This mirrors what `seed.ts` and any
// future admin permission management endpoint does via Drizzle's
// `.onConflictDoNothing()`.
const res = await pool.query(
`INSERT INTO app_permissions (app_id, permission_id) VALUES ($1, $2) ON CONFLICT DO NOTHING`,
[testAppId, testPermissionId],
);
assert.equal(res.rowCount, 0, "expected no row to be inserted on conflict");
const { rows: countRows } = await pool.query(
`SELECT COUNT(*)::int AS c FROM app_permissions WHERE app_id = $1 AND permission_id = $2`,
[testAppId, testPermissionId],
);
assert.equal(countRows[0].c, 1, "exactly one row should remain after conflict-safe insert");
});