84 lines
2.9 KiB
JavaScript
84 lines
2.9 KiB
JavaScript
|
|
import { test, before, after } from "node:test";
|
||
|
|
import assert from "node:assert/strict";
|
||
|
|
import pg from "pg";
|
||
|
|
|
||
|
|
const DATABASE_URL = process.env.DATABASE_URL;
|
||
|
|
if (!DATABASE_URL) {
|
||
|
|
throw new Error("DATABASE_URL must be set to run these tests");
|
||
|
|
}
|
||
|
|
|
||
|
|
const pool = new pg.Pool({ connectionString: DATABASE_URL });
|
||
|
|
|
||
|
|
let testAppId;
|
||
|
|
let testPermissionId;
|
||
|
|
|
||
|
|
before(async () => {
|
||
|
|
const stamp = `${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 6)}`;
|
||
|
|
const slug = `apuq_app_${stamp}`;
|
||
|
|
const permName = `apuq.perm.${stamp}`;
|
||
|
|
|
||
|
|
const route = `/${slug}`;
|
||
|
|
const appRes = await pool.query(
|
||
|
|
`INSERT INTO apps (slug, name_ar, name_en, route, is_active, sort_order)
|
||
|
|
VALUES ($1, $2, $3, $4, true, 999)
|
||
|
|
RETURNING id`,
|
||
|
|
[slug, slug, slug, route],
|
||
|
|
);
|
||
|
|
testAppId = appRes.rows[0].id;
|
||
|
|
|
||
|
|
const permRes = await pool.query(
|
||
|
|
`INSERT INTO permissions (name, description_en) VALUES ($1, $2) RETURNING id`,
|
||
|
|
[permName, permName],
|
||
|
|
);
|
||
|
|
testPermissionId = permRes.rows[0].id;
|
||
|
|
});
|
||
|
|
|
||
|
|
after(async () => {
|
||
|
|
await pool.query(`DELETE FROM app_permissions WHERE app_id = $1`, [testAppId]);
|
||
|
|
await pool.query(`DELETE FROM apps WHERE id = $1`, [testAppId]);
|
||
|
|
await pool.query(`DELETE FROM permissions WHERE id = $1`, [testPermissionId]);
|
||
|
|
await pool.end();
|
||
|
|
});
|
||
|
|
|
||
|
|
test("app_permissions composite primary key prevents duplicate (app_id, permission_id)", async () => {
|
||
|
|
// First insert succeeds
|
||
|
|
await pool.query(
|
||
|
|
`INSERT INTO app_permissions (app_id, permission_id) VALUES ($1, $2)`,
|
||
|
|
[testAppId, testPermissionId],
|
||
|
|
);
|
||
|
|
|
||
|
|
// Plain duplicate insert should fail with a unique-violation error (SQLSTATE 23505)
|
||
|
|
await assert.rejects(
|
||
|
|
pool.query(
|
||
|
|
`INSERT INTO app_permissions (app_id, permission_id) VALUES ($1, $2)`,
|
||
|
|
[testAppId, testPermissionId],
|
||
|
|
),
|
||
|
|
(err) => err.code === "23505",
|
||
|
|
);
|
||
|
|
|
||
|
|
// Only one row should exist for the pair
|
||
|
|
const { rows: countRows } = await pool.query(
|
||
|
|
`SELECT COUNT(*)::int AS c FROM app_permissions WHERE app_id = $1 AND permission_id = $2`,
|
||
|
|
[testAppId, testPermissionId],
|
||
|
|
);
|
||
|
|
assert.equal(countRows[0].c, 1);
|
||
|
|
});
|
||
|
|
|
||
|
|
test("ON CONFLICT DO NOTHING handles duplicate inserts gracefully (no error, no extra row)", async () => {
|
||
|
|
// Re-running the same insert with ON CONFLICT DO NOTHING should not throw
|
||
|
|
// and should not add a second row. This mirrors what `seed.ts` and any
|
||
|
|
// future admin permission management endpoint does via Drizzle's
|
||
|
|
// `.onConflictDoNothing()`.
|
||
|
|
const res = await pool.query(
|
||
|
|
`INSERT INTO app_permissions (app_id, permission_id) VALUES ($1, $2) ON CONFLICT DO NOTHING`,
|
||
|
|
[testAppId, testPermissionId],
|
||
|
|
);
|
||
|
|
assert.equal(res.rowCount, 0, "expected no row to be inserted on conflict");
|
||
|
|
|
||
|
|
const { rows: countRows } = await pool.query(
|
||
|
|
`SELECT COUNT(*)::int AS c FROM app_permissions WHERE app_id = $1 AND permission_id = $2`,
|
||
|
|
[testAppId, testPermissionId],
|
||
|
|
);
|
||
|
|
assert.equal(countRows[0].c, 1, "exactly one row should remain after conflict-safe insert");
|
||
|
|
});
|