Add API rules setup to database initialization
All checks were successful
Deploy / deploy (push) Successful in 2m29s
All checks were successful
Deploy / deploy (push) Successful in 2m29s
The period_logs collection was returning 403 errors because API rules were only configured in the e2e test harness, not in the production setup script. This consolidates the setup logic so both prod and test use the same setupApiRules() function. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -181,3 +181,51 @@ describe("USER_CUSTOM_FIELDS garmin token max lengths", () => {
|
||||
expect(oauth1Field?.max).toBeGreaterThanOrEqual(10000);
|
||||
});
|
||||
});
|
||||
|
||||
describe("setupApiRules", () => {
|
||||
it("configures user-owned record rules for period_logs and dailyLogs", async () => {
|
||||
const { setupApiRules } = await import("./setup-db");
|
||||
|
||||
const updateMock = vi.fn().mockResolvedValue({});
|
||||
const mockPb = {
|
||||
collections: {
|
||||
getOne: vi.fn().mockImplementation((name: string) => {
|
||||
return Promise.resolve({ id: `${name}-id`, name });
|
||||
}),
|
||||
update: updateMock,
|
||||
},
|
||||
};
|
||||
|
||||
// biome-ignore lint/suspicious/noExplicitAny: test mock
|
||||
await setupApiRules(mockPb as any);
|
||||
|
||||
// Should have called getOne for users, period_logs, and dailyLogs
|
||||
expect(mockPb.collections.getOne).toHaveBeenCalledWith("users");
|
||||
expect(mockPb.collections.getOne).toHaveBeenCalledWith("period_logs");
|
||||
expect(mockPb.collections.getOne).toHaveBeenCalledWith("dailyLogs");
|
||||
|
||||
// Check users collection rules
|
||||
expect(updateMock).toHaveBeenCalledWith("users-id", {
|
||||
viewRule: "",
|
||||
updateRule: "id = @request.auth.id",
|
||||
});
|
||||
|
||||
// Check period_logs collection rules
|
||||
expect(updateMock).toHaveBeenCalledWith("period_logs-id", {
|
||||
listRule: "user = @request.auth.id",
|
||||
viewRule: "user = @request.auth.id",
|
||||
createRule: "user = @request.auth.id",
|
||||
updateRule: "user = @request.auth.id",
|
||||
deleteRule: "user = @request.auth.id",
|
||||
});
|
||||
|
||||
// Check dailyLogs collection rules
|
||||
expect(updateMock).toHaveBeenCalledWith("dailyLogs-id", {
|
||||
listRule: "user = @request.auth.id",
|
||||
viewRule: "user = @request.auth.id",
|
||||
createRule: "user = @request.auth.id",
|
||||
updateRule: "user = @request.auth.id",
|
||||
deleteRule: "user = @request.auth.id",
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user