-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
multi-tenency.test.ts
116 lines (103 loc) · 3.33 KB
/
multi-tenency.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import { enhance } from '@zenstackhq/runtime';
import { inspect } from 'util';
import { PrismaClient } from './.prisma/client';
it('Multi-tenancy test', async () => {
const prisma = new PrismaClient();
// clean up
await prisma.org.deleteMany();
await prisma.user.deleteMany();
// create users
const emily = await prisma.user.create({
data: { name: 'Emily' },
});
const adam = await prisma.user.create({
data: { name: 'Adam' },
});
const joe = await prisma.user.create({
data: { name: 'Joe' },
});
// create two orgs
// Emily as admin of org Apple
const apple = await prisma.org.create({
data: {
name: 'Apple',
members: {
create: [
{
user: { connect: { id: emily.id } },
role: 'ADMIN',
},
],
},
},
});
// Joe as admin of org Microsoft
const microsoft = await prisma.org.create({
data: {
name: 'Microsoft',
members: {
create: [{ user: { connect: { id: joe.id } }, role: 'ADMIN' }],
},
},
});
// create an enhanced PrismaClient for each user
const emilyDb = enhance(prisma, { user: emily }, { loadPath: '.zenstack' });
const adamDb = enhance(prisma, { user: adam }, { loadPath: '.zenstack' });
const joeDb = enhance(prisma, { user: joe }, { loadPath: '.zenstack' });
// Emily should be able to add Adam to the org
await emilyDb.org.update({
where: { id: apple.id },
data: {
members: {
create: [
{ user: { connect: { id: adam.id } }, role: 'MEMBER' },
],
},
},
});
// Adam shouldn't be able to add Joe to the org because he's not admin
await expect(
adamDb.org.update({
where: { id: apple.id },
data: {
members: {
create: [
{ user: { connect: { id: joe.id } }, role: 'MEMBER' },
],
},
},
})
).rejects.toThrow();
// Emily should be able to create a resource in org Apple
const res = await emilyDb.resource.create({
data: {
name: 'resource1',
public: true,
org: { connect: { id: apple.id } },
owner: { connect: { id: emily.id } },
},
});
console.log('Resource created by Emily:', inspect(res));
// Emily shouldn't be able to create a resource in org Microsoft
await expect(
emilyDb.resource.create({
data: {
name: 'resource2',
org: { connect: { id: microsoft.id } },
owner: { connect: { id: emily.id } },
},
})
).rejects.toThrow();
// the resource is readable to Adam
const resByAdam = await adamDb.resource.findUnique({
where: { id: res.id },
});
console.log('Resource read by Adam:', inspect(resByAdam));
expect(resByAdam).toBeTruthy();
// the resource is not readable to Joe
const resByJoe = await joeDb.resource.findUnique({
where: { id: res.id },
});
console.log('Resource read by Joe:', inspect(resByJoe));
expect(resByJoe).toBeNull();
});