cleanup roles and flow

pyramation · pyramation · commit 1807d2b0b411 · 2025-10-05T15:47:46.000-07:00
diff --git a/launchql.json b/launchql.json
@@ -7,7 +7,7 @@
       "anonymous": "anon",
       "authenticated": "authenticated",
       "administrator": "service_role",
-      "default": "anonymous"
+      "default": "anon"
     }
   }
 }
diff --git a/packages/rls-demo/__tests__/rls.demo.test.ts b/packages/rls-demo/__tests__/rls.demo.test.ts
@@ -38,27 +38,39 @@ describe('RLS Demo - Data Insertion', () => {
     );
 
     // Insert products
-    const product1 = await pg.one(
+    db.setContext({
+      role: 'authenticated',
+      'jwt.claims.user_id': user1.id
+    });
+
+    const product1 = await db.one(
       `INSERT INTO rls_test.products (name, description, price, owner_id) 
        VALUES ($1, $2, $3, $4) 
        RETURNING id, name, price, owner_id`,
       ['Laptop Pro', 'High-performance laptop', 1299.99, user1.id]
     );
     
-    const product2 = await pg.one(
+    db.setContext({
+      role: 'authenticated',
+      'jwt.claims.user_id': user2.id
+    });
+
+    const product2 = await db.one(
       `INSERT INTO rls_test.products (name, description, price, owner_id) 
        VALUES ($1, $2, $3, $4) 
        RETURNING id, name, price, owner_id`,
-      ['Wireless Mouse', 'Ergonomic mouse', 49.99, user1.id]
+      ['Wireless Mouse', 'Ergonomic mouse', 49.99, user2.id]
     );
 
     expect(user1.email).toBe('alice@example.com');
     expect(product1.name).toBe('Laptop Pro');
     expect(product1.owner_id).toEqual(user1.id);
+    expect(product2.owner_id).toEqual(user2.id);
+    expect(product2.name).toBe('Wireless Mouse');
   });
 
   it('should query user products with joins', async () => {
-    const result = await pg.many(
+    const result = await db.many(
       `SELECT u.name, p.name as product_name, p.price
        FROM rls_test.users u
        JOIN rls_test.products p ON u.id = p.owner_id
@@ -72,7 +84,7 @@ describe('RLS Demo - Data Insertion', () => {
 
   it('should test RLS context switching', async () => {
     // Get a user ID for context
-    const user = await pg.one(`SELECT id FROM rls_test.users LIMIT 1`);
+    const user = await db.one(`SELECT id FROM rls_test.users LIMIT 1`);
     
     // Set context to simulate authenticated user with JWT claims
     db.setContext({
@@ -99,7 +111,7 @@ describe('RLS Demo - Data Insertion', () => {
 
   it('should fail RLS when trying to access other user\'s data', async () => {
     // Get two different users
-    const users = await pg.many(`SELECT id FROM rls_test.users ORDER BY email LIMIT 2`);
+    const users = await db.many(`SELECT id FROM rls_test.users ORDER BY email LIMIT 2`);
     expect(users.length).toBeGreaterThanOrEqual(2);
     
     const user1 = users[0];
diff --git a/packages/rls-demo/__tests__/rls.inserts.pg.test.ts b/packages/rls-demo/__tests__/rls.inserts.pg.test.ts
@@ -0,0 +1,86 @@
+import { getConnections, PgTestClient } from 'pgsql-test';
+
+let db: PgTestClient;
+let pg: PgTestClient;
+let teardown: () => Promise<void>;
+
+beforeAll(async () => {
+  ({ db, pg, teardown } = await getConnections());
+});
+
+afterAll(async () => {
+  await teardown();
+});
+
+beforeEach(async () => {
+  await db.beforeEach();
+});
+
+afterEach(async () => {
+  await db.afterEach();
+});
+
+const user_id_1 = '550e8400-e29b-41d4-a716-446655440001';
+const user_id_2 = '550e8400-e29b-41d4-a716-446655440002';
+
+describe('RLS Demo - Data Insertion', () => {
+  it('should insert users and products', async () => {
+
+    // Insert users
+    await db.any(
+      `INSERT INTO rls_test.users (id, email, name) 
+       VALUES ($1, $2, $3)`,
+      [user_id_1, 'alice@example.com', 'Alice Johnson']
+    );
+
+    await db.any(
+      `INSERT INTO rls_test.users (id, email, name) 
+       VALUES ($1, $2, $3)`,
+      [user_id_2, 'bob@example.com', 'Bob Smith']
+    );
+
+    // Insert products
+    db.setContext({
+      role: 'authenticated',
+      'jwt.claims.user_id': user_id_1
+    });
+
+    const product1 = await db.one(
+      `INSERT INTO rls_test.products (name, description, price, owner_id) 
+       VALUES ($1, $2, $3, $4) 
+       RETURNING id, name, price, owner_id`,
+      ['Laptop Pro', 'High-performance laptop', 1299.99, user_id_1]
+    );
+
+    db.setContext({
+      role: 'authenticated',
+      'jwt.claims.user_id': user_id_2
+    });
+
+    const product2 = await db.one(
+      `INSERT INTO rls_test.products (name, description, price, owner_id) 
+       VALUES ($1, $2, $3, $4) 
+       RETURNING id, name, price, owner_id`,
+      ['Wireless Mouse', 'Ergonomic mouse', 49.99, user_id_2]
+    );
+
+    expect(product1.name).toBe('Laptop Pro');
+    expect(product1.owner_id).toEqual(user_id_1);
+    expect(product2.owner_id).toEqual(user_id_2);
+    expect(product2.name).toBe('Wireless Mouse');
+  });
+
+  it('should rollback to initial state', async () => {
+    db.setContext({
+      role: 'service_role'
+    });
+
+    const result = await db.any(
+      `SELECT u.name, p.name as product_name, p.price
+       FROM rls_test.users u
+       JOIN rls_test.products p ON u.id = p.owner_id
+       ORDER BY u.name, p.name`
+    );
+    expect(result.length).toEqual(0);
+  });
+});
diff --git a/packages/rls-demo/__tests__/rls.inserts.test.ts b/packages/rls-demo/__tests__/rls.inserts.test.ts
@@ -0,0 +1,89 @@
+import { getConnections, PgTestClient } from 'pgsql-test';
+
+let db: PgTestClient;
+let teardown: () => Promise<void>;
+
+beforeAll(async () => {
+  ({ db, teardown } = await getConnections());
+});
+
+afterAll(async () => {
+  await teardown();
+});
+
+beforeEach(async () => {
+  await db.beforeEach();
+});
+
+afterEach(async () => {
+  await db.afterEach();
+});
+
+describe('RLS Demo - Data Insertion', () => {
+  it('should insert users and products', async () => {
+
+    db.setContext({
+      role: 'service_role',
+    });
+
+    // Insert users
+    const user1 = await db.one(
+      `INSERT INTO rls_test.users (email, name) 
+       VALUES ($1, $2) 
+       RETURNING id, email, name`,
+      ['alice@example.com', 'Alice Johnson']
+    );
+
+    const user2 = await db.one(
+      `INSERT INTO rls_test.users (email, name) 
+       VALUES ($1, $2) 
+       RETURNING id, email, name`,
+      ['bob@example.com', 'Bob Smith']
+    );
+
+    // Insert products
+    db.setContext({
+      role: 'authenticated',
+      'jwt.claims.user_id': user1.id
+    });
+
+    const product1 = await db.one(
+      `INSERT INTO rls_test.products (name, description, price, owner_id) 
+       VALUES ($1, $2, $3, $4) 
+       RETURNING id, name, price, owner_id`,
+      ['Laptop Pro', 'High-performance laptop', 1299.99, user1.id]
+    );
+
+    db.setContext({
+      role: 'authenticated',
+      'jwt.claims.user_id': user2.id
+    });
+
+    const product2 = await db.one(
+      `INSERT INTO rls_test.products (name, description, price, owner_id) 
+       VALUES ($1, $2, $3, $4) 
+       RETURNING id, name, price, owner_id`,
+      ['Wireless Mouse', 'Ergonomic mouse', 49.99, user2.id]
+    );
+
+    expect(user1.email).toBe('alice@example.com');
+    expect(product1.name).toBe('Laptop Pro');
+    expect(product1.owner_id).toEqual(user1.id);
+    expect(product2.owner_id).toEqual(user2.id);
+    expect(product2.name).toBe('Wireless Mouse');
+  });
+
+  it('should rollback to initial state', async () => {
+    db.setContext({
+      role: 'service_role'
+    });
+
+    const result = await db.any(
+      `SELECT u.name, p.name as product_name, p.price
+       FROM rls_test.users u
+       JOIN rls_test.products p ON u.id = p.owner_id
+       ORDER BY u.name, p.name`
+    );
+    expect(result.length).toEqual(0);
+  });
+});
diff --git a/packages/rls-demo/deploy/rls-demo.sql b/packages/rls-demo/deploy/rls-demo.sql
@@ -33,6 +33,22 @@ GRANT USAGE ON SCHEMA auth TO public;
 GRANT EXECUTE ON FUNCTION auth.uid() TO public;
 GRANT EXECUTE ON FUNCTION auth.role() TO public;
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 -- Create rls_test schema
 CREATE SCHEMA IF NOT EXISTS rls_test;
 
@@ -71,7 +87,7 @@ CREATE POLICY "Users can update own data" ON rls_test.users
 
 -- Users can insert their own data
 CREATE POLICY "Users can insert own data" ON rls_test.users
-    FOR INSERT WITH CHECK (auth.uid() = id);
+    FOR INSERT WITH CHECK (true);
 
 -- Users can delete their own data
 CREATE POLICY "Users can delete own data" ON rls_test.users
@@ -94,6 +110,10 @@ CREATE POLICY "Users can update own products" ON rls_test.products
 CREATE POLICY "Users can delete own products" ON rls_test.products
     FOR DELETE USING (auth.uid() = owner_id);
 
+-- Grant permissions to anon users
+GRANT USAGE ON SCHEMA rls_test TO anon;
+GRANT ALL ON rls_test.users TO anon;
+
 -- Grant permissions to authenticated users
 GRANT USAGE ON SCHEMA rls_test TO authenticated;
 GRANT ALL ON rls_test.users TO authenticated;

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`"anonymous": "anon",`
`8`	`8`	`"authenticated": "authenticated",`
`9`	`9`	`"administrator": "service_role",`
`10`		`- "default": "anonymous"`
	`10`	`+ "default": "anon"`
`11`	`11`	`}`
`12`	`12`	`}`
`13`	`13`	`}`