mooooore tests :)

Author: KSDaemon

packages/cubejs-schema-compiler/test/unit/fixtures/orders_incorrect_acl.yml

@@ -0,0 +1,83 @@
+cubes:
+  - name: orders
+    sql_table: orders
+
+    dimensions:
+      - name: id
+        sql: id
+        type: number
+        primary_key: true
+
+      - name: user_id
+        sql: user_id
+        type: number
+
+      - name: status
+        sql: status
+        type: string
+
+      - name: created_at
+        sql: created_at
+        type: time
+
+      - name: completed_at
+        sql: completed_at
+        type: time
+
+    measures:
+      - name: count
+        sql: id
+        type: count
+
+    joins:
+      - name: order_users
+        relationship: many_to_one
+        sql: "${CUBE}.user_id = ${order_users.id}"
+
+    segments:
+      - name: sfUsers
+        description: SF users segment from createCubeSchema
+        sql: "${CUBE}.location = 'San Francisco'"
+
+    hierarchies:
+      - name: hello
+        title: World
+        levels: [status]
+
+    pre_aggregations:
+      - name: countCreatedAt
+        type: rollup
+        measures:
+         - CUBE.count
+        time_dimension: created_at
+        granularity: day
+        partition_granularity: month
+        refresh_key:
+          every: 1 hour
+        scheduled_refresh: true
+
+    accessPolicy:
+      - role: common
+        rowLevel:
+          allowAll: true
+      - role: admin
+        conditions:
+          - if: "{ !security_context.isBlocked }"
+        rowLevel:
+          filters:
+            - member: "{CUBE}.order_users.name"
+              operator: equals
+              values: ["completed"]
+            - or:
+              - member: "{CUBE}.created_at"
+                operator: notInDateRange
+                values:
+                  - 2022-01-01
+                  - "{ security_context.currentDate }"
+              - member: "created_at"
+                operator: equals
+                values:
+                  - "{ securityContext.currentDate }"
+        memberLevel:
+          includes:
+            - status

packages/cubejs-schema-compiler/test/unit/fixtures/orders_nonexist_acl.yml

@@ -0,0 +1,83 @@
+cubes:
+  - name: orders
+    sql_table: orders
+
+    dimensions:
+      - name: id
+        sql: id
+        type: number
+        primary_key: true
+
+      - name: user_id
+        sql: user_id
+        type: number
+
+      - name: status
+        sql: status
+        type: string
+
+      - name: created_at
+        sql: created_at
+        type: time
+
+      - name: completed_at
+        sql: completed_at
+        type: time
+
+    measures:
+      - name: count
+        sql: id
+        type: count
+
+    joins:
+      - name: order_users
+        relationship: many_to_one
+        sql: "${CUBE}.user_id = ${order_users.id}"
+
+    segments:
+      - name: sfUsers
+        description: SF users segment from createCubeSchema
+        sql: "${CUBE}.location = 'San Francisco'"
+
+    hierarchies:
+      - name: hello
+        title: World
+        levels: [status]
+
+    pre_aggregations:
+      - name: countCreatedAt
+        type: rollup
+        measures:
+         - CUBE.count
+        time_dimension: created_at
+        granularity: day
+        partition_granularity: month
+        refresh_key:
+          every: 1 hour
+        scheduled_refresh: true
+
+    accessPolicy:
+      - role: common
+        rowLevel:
+          allowAll: true
+      - role: admin
+        conditions:
+          - if: "{ !security_context.isBlocked }"
+        rowLevel:
+          filters:
+            - member: "{CUBE}.other.path.created_at"
+              operator: equals
+              values: ["completed"]
+            - or:
+              - member: "{CUBE}.created_at"
+                operator: notInDateRange
+                values:
+                  - 2022-01-01
+                  - "{ security_context.currentDate }"
+              - member: "created_at"
+                operator: equals
+                values:
+                  - "{ securityContext.currentDate }"
+        memberLevel:
+          includes:
+            - status

packages/cubejs-schema-compiler/test/unit/schema.test.ts

@@ -392,12 +392,70 @@ describe('Schema Testing', () => {
     }
   });
 
-  it('valid schema with accessPolicy', async () => {
-    const { compiler } = prepareJsCompiler([
-      createCubeSchemaWithAccessPolicy('ProtectedCube'),
-    ]);
-    await compiler.compile();
-    compiler.throwIfAnyErrors();
+  describe('Access Policies', () => {
+    it('valid schema with accessPolicy', async () => {
+      const { compiler } = prepareJsCompiler([
+        createCubeSchemaWithAccessPolicy('ProtectedCube'),
+      ]);
+      await compiler.compile();
+      compiler.throwIfAnyErrors();
+    });
+
+    it('throw errors for nonexistent policy members with paths', async () => {
+      const orders = fs.readFileSync(
+        path.join(process.cwd(), '/test/unit/fixtures/orders_nonexist_acl.yml'),
+        'utf8'
+      );
+      const orderUsers = fs.readFileSync(
+        path.join(process.cwd(), '/test/unit/fixtures/order_users.yml'),
+        'utf8'
+      );
+      const { compiler } = prepareCompiler([
+        {
+          content: orders,
+          fileName: 'orders.yml',
+        },
+        {
+          content: orderUsers,
+          fileName: 'order_users.yml',
+        },
+      ]);
+
+      try {
+        await compiler.compile();
+        throw new Error('should throw earlier');
+      } catch (e: any) {
+        expect(e.toString()).toMatch(/orders.other cannot be resolved. There's no such member or cube/);
+      }
+    });
+
+    it('throw errors for incorrect policy members with paths', async () => {
+      const orders = fs.readFileSync(
+        path.join(process.cwd(), '/test/unit/fixtures/orders_incorrect_acl.yml'),
+        'utf8'
+      );
+      const orderUsers = fs.readFileSync(
+        path.join(process.cwd(), '/test/unit/fixtures/order_users.yml'),
+        'utf8'
+      );
+      const { compiler } = prepareCompiler([
+        {
+          content: orders,
+          fileName: 'orders.yml',
+        },
+        {
+          content: orderUsers,
+          fileName: 'order_users.yml',
+        },
+      ]);
+
+      try {
+        await compiler.compile();
+        throw new Error('should throw earlier');
+      } catch (e: any) {
+        expect(e.toString()).toMatch(/Paths aren't allowed in the accessPolicy policy but 'order_users.name' provided as a filter member reference for orders/);
+      }
+    });
   });
 
   describe('Views', () => {
@@ -431,14 +489,15 @@ describe('Schema Testing', () => {
 
       try {
         await compiler.compile();
+        throw new Error('should throw earlier');
       } catch (e: any) {
         expect(e.toString()).toMatch(/Paths aren't allowed in cube includes but 'nonexistent2\.via\.path' provided as include member/);
         expect(e.toString()).toMatch(/Member 'nonexistent1' is included in 'orders_view' but not defined in any cube/);
         expect(e.toString()).toMatch(/Member 'nonexistent2\.via\.path' is included in 'orders_view' but not defined in any cube/);
       }
     });
 
-    it('throws errors for incorrect referenced excludes members', async () => {
+    it('throws errors for incorrect referenced excludes members with paths', async () => {
       const orders = fs.readFileSync(
         path.join(process.cwd(), '/test/unit/fixtures/orders.js'),
         'utf8'
@@ -452,7 +511,7 @@ describe('Schema Testing', () => {
                 excludes:
                   - id
                   - status
-                  - nonexistent3
+                  - nonexistent3.ext
                   - nonexistent4
       `;
 
@@ -469,9 +528,9 @@ describe('Schema Testing', () => {
 
       try {
         await compiler.compile();
+        throw new Error('should throw earlier');
       } catch (e: any) {
-        expect(e.toString()).toMatch(/Member 'nonexistent3' is included in 'orders_view' but not defined in any cube/);
-        expect(e.toString()).toMatch(/Member 'nonexistent4' is included in 'orders_view' but not defined in any cube/);
+        expect(e.toString()).toMatch(/Paths aren't allowed in cube excludes but 'nonexistent3.ext' provided as exclude member/);
       }
     });
 
@@ -505,6 +564,7 @@ describe('Schema Testing', () => {
 
       try {
         await compiler.compile();
+        throw new Error('should throw earlier');
       } catch (e: any) {
         expect(e.toString()).toMatch(/Paths aren't allowed in cube excludes but 'nonexistent5\.via\.path' provided as exclude member/);
       }
@@ -546,6 +606,7 @@ describe('Schema Testing', () => {
 
       try {
         await compiler.compile();
+        throw new Error('should throw earlier');
       } catch (e: any) {
         expect(e.toString()).toMatch(/Included member 'count' conflicts with existing member of 'orders_view'\. Please consider excluding this member or assigning it an alias/);
         expect(e.toString()).toMatch(/Included member 'id' conflicts with existing member of 'orders_view'\. Please consider excluding this member or assigning it an alias/);