Skip to content

fix(auth): deduplicate users in add_users_to_policy #176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bhudevbhanpuriya wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(auth): deduplicate users in add_users_to_policy #176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion database/istsos_auth.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -775,7 +775,7 @@ FOR tablename IN SELECT unnest(tables)
RAISE EXCEPTION USING ERRCODE = '42704';
END IF;

new_roles_ := old_roles_ || users_;
new_roles_ := (SELECT array_agg(DISTINCT x) FROM unnest(old_roles_ || users_) AS x);

EXECUTE format('ALTER POLICY %I ON sensorthings.%I TO %s', policyname_, tablename_, array_to_string(new_roles_, ','));

Expand Down
48 changes: 48 additions & 0 deletions test/database/test_auth_sql.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -676,6 +676,54 @@ def test_add_users_to_policy_raises_for_missing_policy(self, schema):
(["guest"], "nonexistent_policy_xyz"),
)

def test_add_users_to_policy_deduplicates_duplicate_users(self, schema):
"""
add_users_to_policy must remove duplicate usernames when the same user
is added multiple times (either across calls or within the same call).
"""
pname = "test-dedup-pol"
with schema.cursor() as cur:
# Create initial policy with alice, bob
cur.execute(
"SELECT sensorthings.viewer_policy(%s::text[], %s)",
(["alice", "bob"], pname),
)

# Verify initial state: each policy should have exactly alice, bob
cur.execute(
"""
SELECT roles FROM pg_policies
WHERE schemaname = 'sensorthings'
AND policyname LIKE %s
ORDER BY tablename
""",
(f"{pname}%",),
)
initial_roles = [row[0] for row in cur.fetchall()]
assert all(set(r) == {"alice", "bob"} for r in initial_roles)

# Add duplicates: alice and bob already present, add bob again + charlie
cur.execute(
"SELECT sensorthings.add_users_to_policy(%s::text[], %s)",
(["alice", "bob", "charlie"], pname),
)

# Verify deduplication: final set should be {alice, bob, charlie}
cur.execute(
"""
SELECT roles FROM pg_policies
WHERE schemaname = 'sensorthings'
AND policyname LIKE %s
ORDER BY tablename
""",
(f"{pname}%",),
)
final_roles = [row[0] for row in cur.fetchall()]
for roles in final_roles:
assert sorted(roles) == ["alice", "bob", "charlie"], (
f"Expected deduped ['alice','bob','charlie'], got {roles}"
)

# ------------------------------------------------------------------
# 10. Btree indexes on commit_id
# ------------------------------------------------------------------
Expand Down