65 lines
2.1 KiB
Haskell
65 lines
2.1 KiB
Haskell
module Feature.Query.PgSafeUpdateSpec where
|
|
|
|
import Network.Wai (Application)
|
|
|
|
import Network.HTTP.Types
|
|
import Test.Hspec hiding (pendingWith)
|
|
import Test.Hspec.Wai
|
|
import Test.Hspec.Wai.JSON
|
|
|
|
import Protolude hiding (get, put)
|
|
|
|
spec :: SpecWith ((), Application)
|
|
spec =
|
|
describe "Enabling pg-safeupdate" $ do
|
|
context "Full table update" $ do
|
|
it "does not update and throws error if no condition is present" $
|
|
request methodPatch "/safe_update_items"
|
|
[("Prefer", "count=exact")]
|
|
[json| {"name": "New name"} |]
|
|
`shouldRespondWith`
|
|
[json|{
|
|
"code": "21000",
|
|
"details": null,
|
|
"hint": null,
|
|
"message": "UPDATE requires a WHERE clause"
|
|
}|]
|
|
{ matchStatus = 400 }
|
|
|
|
it "allows full table update if a filter is present" $
|
|
request methodPatch "/safe_update_items?id=gt.0" mempty [json| {"name": "updated-item"} |]
|
|
`shouldRespondWith`
|
|
204
|
|
|
|
context "Full table delete" $ do
|
|
it "does not delete and throws error if no condition is present" $
|
|
request methodDelete "/safe_delete_items" [] mempty
|
|
`shouldRespondWith`
|
|
[json|{
|
|
"code": "21000",
|
|
"details": null,
|
|
"hint": null,
|
|
"message": "DELETE requires a WHERE clause"
|
|
}|]
|
|
{ matchStatus = 400 }
|
|
|
|
it "allows full table delete if a filter is present" $
|
|
request methodDelete "/safe_delete_items?id=gt.0" mempty mempty
|
|
`shouldRespondWith`
|
|
204
|
|
|
|
disabledSpec :: SpecWith ((), Application)
|
|
disabledSpec =
|
|
describe "Disabling pg-safeupdate" $ do
|
|
context "Full table update" $ do
|
|
it "works if no condition is present" $
|
|
request methodPatch "/unsafe_update_items" mempty [json| {"name": "updated-item"} |]
|
|
`shouldRespondWith`
|
|
204
|
|
|
|
context "Full table delete" $ do
|
|
it "works if no condition is present" $
|
|
request methodDelete "/unsafe_delete_items" mempty mempty
|
|
`shouldRespondWith`
|
|
204
|