-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: correctly handle long ability names
This change restricts role names to 63 bytes, which is important to prevent ambiguity when managing role names. In PostgreSQL, the maximum length for a role (user) name is 63 bytes. This limitation is derived from the value of the NAMEDATALEN configuration parameter, which is set to 64 bytes by default. One byte is reserved for the null-terminator, leaving 63 bytes for the actual role name. Keep in mind that if you use multi-byte characters in the role name, the actual number of characters may be less than 63, as each multi-byte character will consume more than one byte. Signed-off-by: Lucian Buzzo <lucian.buzzo@gmail.com>
- Loading branch information
1 parent
60c6e14
commit f4600d0
Showing
3 changed files
with
110 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
import { PrismaClient } from "@prisma/client"; | ||
import _ from "lodash"; | ||
import { v4 as uuid } from "uuid"; | ||
import { setup } from "../../src"; | ||
|
||
jest.setTimeout(30000); | ||
|
||
let adminClient: PrismaClient; | ||
|
||
beforeAll(async () => { | ||
adminClient = new PrismaClient(); | ||
}); | ||
|
||
describe("abilities", () => { | ||
it("should be able to handle long ability names", async () => { | ||
const initial = new PrismaClient(); | ||
const role = `USER_${uuid()}`; | ||
|
||
const mail = `test-user-${uuid()}@example.com`; | ||
|
||
const dummyUser = await adminClient.user.create({ | ||
data: { | ||
email: `test-user-${uuid()}@example.com`, | ||
}, | ||
}); | ||
|
||
const longAbilityName = | ||
"thisIsAnIncrediblyLongAbilityNameDesignedToTestTheSixtyThreeByteLimitOnRoleNamesInPostgres"; | ||
|
||
const readAbility = `CAN_${longAbilityName}_USER_READ`; | ||
const writeAbility = `CAN_${longAbilityName}_USER_WRITE`; | ||
|
||
const client = await setup({ | ||
prisma: initial, | ||
customAbilities: { | ||
User: { | ||
[readAbility]: { | ||
description: "Read", | ||
operation: "SELECT", | ||
expression: (_client, _row, _context) => { | ||
return { | ||
email: mail, | ||
}; | ||
}, | ||
}, | ||
[writeAbility]: { | ||
description: "Write", | ||
operation: "INSERT", | ||
expression: (_client, _row, _context) => { | ||
return { | ||
email: mail, | ||
}; | ||
}, | ||
}, | ||
}, | ||
}, | ||
getRoles(abilities) { | ||
return { | ||
[role]: [abilities.User[readAbility], abilities.User[writeAbility]], | ||
}; | ||
}, | ||
getContext: () => ({ | ||
role, | ||
context: {}, | ||
}), | ||
}); | ||
|
||
const notFound = await client.user.findUnique({ | ||
where: { | ||
id: dummyUser.id, | ||
}, | ||
}); | ||
|
||
expect(notFound).toBeNull(); | ||
|
||
const user = await client.user.create({ | ||
data: { | ||
email: mail, | ||
}, | ||
}); | ||
|
||
const ownUser = await client.user.findUnique({ | ||
where: { | ||
id: user.id, | ||
}, | ||
}); | ||
|
||
expect(ownUser).toBeDefined(); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters