theopensystemslab · DafyddLlyr · Oct 12, 2023 · Oct 10, 2023 · Oct 10, 2023 · Oct 12, 2023
diff --git a/hasura.planx.uk/metadata/tables.yaml b/hasura.planx.uk/metadata/tables.yaml
diff --git a/hasura.planx.uk/tests/analytics.test.js b/hasura.planx.uk/tests/analytics.test.js
@@ -69,4 +69,26 @@ describe("analytics and analytics_logs", () => {
       expect(i).toHaveNoMutationsFor("analytics_logs");
     });
   });
+
+  describe("api", () => {
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("cannot query analytics", () => {
+      expect(i.queries).not.toContain("analytics");
+    });
+
+    test("cannot query analytics_logs", () => {
+      expect(i.queries).not.toContain("analytics_logs");
+    });
+
+    test("cannot create, update, or delete analytics", () => {
+      expect(i).toHaveNoMutationsFor("analytics");
+    });
+
+    test("cannot create, update, or delete analytics_logs", () => {
+      expect(i).toHaveNoMutationsFor("analytics_logs");
+    });
+  });
 });
diff --git a/hasura.planx.uk/tests/blpu_codes.test.js b/hasura.planx.uk/tests/blpu_codes.test.js
@@ -47,7 +47,22 @@ describe("blpu_codes", () => {
   describe("teamEditor", () => {
     let i;
     beforeAll(async () => {
-      i = await introspectAs("platformAdmin");
+      i = await introspectAs("teamEditor");
+    });
+
+    test("cannot query blpu_codes", () => {
+      expect(i.queries).not.toContain("blpu_codes");
+    });
+
+    test("cannot create, update, or delete blpu_codes", () => {
+      expect(i).toHaveNoMutationsFor("blpu_codes");
+    });
+  });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
     });
 
     test("cannot query blpu_codes", () => {

diff --git a/hasura.planx.uk/tests/bops_applications.test.js b/hasura.planx.uk/tests/bops_applications.test.js
@@ -59,4 +59,21 @@ describe("bops_applications", () => {
       expect(i).toHaveNoMutationsFor("bops_applications");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("can query and mutate bops applications", () => {
+      expect(i.queries).toContain("bops_applications");
+      expect(i.mutations).toContain("insert_bops_applications");
+      expect(i.mutations).toContain("update_bops_applications_by_pk");
+    });
+
+    test("cannot delete bops applications", () => {
+      expect(i.mutations).not.toContain("delete_bops_applications");
+    });
+  });
 });
diff --git a/hasura.planx.uk/tests/email_applications.test.js b/hasura.planx.uk/tests/email_applications.test.js
@@ -60,4 +60,22 @@ describe("email_applications", () => {
       expect(i).toHaveNoMutationsFor("email_applications");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("has full access to query and mutate email applications", () => {
+      expect(i.queries).toContain("email_applications");
+      expect(i.mutations).toContain("insert_email_applications");
+      expect(i.mutations).toContain("insert_email_applications_one");
+      expect(i.mutations).toContain("update_email_applications_by_pk");
+    });
+
+    test("cannot delete email applications", () => {
+      expect(i.mutations).not.toContain("delete_email_applications");
+    });
+  });
 });
diff --git a/hasura.planx.uk/tests/flow_document_templates.test.js b/hasura.planx.uk/tests/flow_document_templates.test.js
@@ -0,0 +1,81 @@
+const { introspectAs } = require("./utils");
+
+describe("flow_document_templates", () => {
+  describe("public", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("public");
+    });
+
+    // TODO: Check this - seems unnecessary / incorrect?
+    test.skip("cannot query flow_document_templates", () => {
+      expect(i.queries).not.toContain("flow_document_templates");
+    });
+
+    test("cannot create, update, or delete flow_document_templates", () => {
+      expect(i).toHaveNoMutationsFor("flow_document_templates");
+    });
+  });
+
+  describe("admin", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("admin");
+    });
+
+    test("can query flow_document_templates", () => {
+      expect(i.queries).toContain("flow_document_templates");
+    });
+
+    test("can create, update, or delete flow_document_templates", () => {
+      expect(i.mutations).toContain("insert_flow_document_templates");
+      expect(i.mutations).toContain("insert_flow_document_templates_one");
+      expect(i.mutations).toContain("update_flow_document_templates_by_pk");
+      expect(i.mutations).toContain("delete_flow_document_templates_by_pk");
+    });
+  });
+
+  describe("platformAdmin", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("platformAdmin");
+    });
+
+    test("cannot query flow_document_templates", () => {
+      expect(i.queries).not.toContain("flow_document_templates");
+    });
+
+    test("cannot create, update, or delete flow_document_templates", () => {
+      expect(i).toHaveNoMutationsFor("flow_document_templates");
+    });
+  });
+
+  describe("teamEditor", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("teamEditor");
+    });
+
+    test("cannot query flow_document_templates", () => {
+      expect(i.queries).not.toContain("flow_document_templates");
+    });
+
+    test("cannot create, update, or delete flow_document_templates", () => {
+      expect(i).toHaveNoMutationsFor("flow_document_templates");
+    });
+  });
+
+  describe("api", () => {
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("can query flow_document_templates", () => {
+      expect(i.queries).toContain("flow_document_templates");
+    });
+
+    test("cannot create, update, or delete flow_document_templates", () => {
+      expect(i).toHaveNoMutationsFor("flow_document_templates");
+    });
+  });
+});
diff --git a/hasura.planx.uk/tests/flows.test.js b/hasura.planx.uk/tests/flows.test.js
@@ -140,4 +140,46 @@ describe("flows and operations", () => {
       expect(i.mutations).not.toContain("update_published_flows");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("can query flows", () => {
+      expect(i.queries).toContain("flows");
+    });
+
+    test("can create and update flows", () => {
+      expect(i.mutations).toContain("update_flows_by_pk");
+      expect(i.mutations).toContain("update_flows");
+    });
+
+    test("cannot delete flows", () => {
+      expect(i.mutations).not.toContain("delete_flows_by_pk");
+      expect(i.mutations).not.toContain("delete_flows");
+    });
+
+    test("cannot query or mutate operations", () => {
+      expect(i.queries).not.toContain("operations");
+      expect(i).toHaveNoMutationsFor("operations");
+    });
+
+    test("can query published flows", () => {
+      expect(i.queries).toContain("published_flows");
+    });
+
+    test("can create published_flows", () => {
+      expect(i.mutations).toContain("insert_published_flows_one");
+      expect(i.mutations).toContain("insert_published_flows");
+    });
+
+    test("cannot update or delete published_flows", () => {
+      expect(i.mutations).not.toContain("delete_published_flows_by_pk");
+      expect(i.mutations).not.toContain("delete_published_flows");
+      expect(i.mutations).not.toContain("update_published_flows_by_pk");
+      expect(i.mutations).not.toContain("update_published_flows");
+    });
+  });
 });
diff --git a/hasura.planx.uk/tests/global_settings.test.js b/hasura.planx.uk/tests/global_settings.test.js
@@ -63,4 +63,19 @@ describe("global_settings", () => {
       expect(i).toHaveNoMutationsFor("global_settings");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("cannot query global_settings view", () => {
+      expect(i.queries).not.toContain("global_settings");
+    });
+
+    test("cannot create, update, or delete global_settings", () => {
+      expect(i).toHaveNoMutationsFor("global_settings");
+    });
+  });
 });
diff --git a/hasura.planx.uk/tests/lowcal_sessions.test.js b/hasura.planx.uk/tests/lowcal_sessions.test.js
@@ -458,4 +458,26 @@ describe("lowcal_sessions", () => {
       expect(i).toHaveNoMutationsFor("lowcal_sessions");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("cannot insert lowcal_sessions", () => {
+      expect(i.mutations).not.toContain("insert_lowcal_sessions");
+      expect(i.mutations).not.toContain("insert_lowcal_sessions_one");
+    });
+
+    test("can query and update local_sessions", () => {
+      expect(i.queries).toContain("lowcal_sessions");
+      expect(i.mutations).toContain("update_lowcal_sessions_by_pk");
+      expect(i.mutations).toContain("update_lowcal_sessions");
+    });
+
+    test("cannot delete lowcal_sessions", () => {
+      expect(i.mutations).not.toContain("delete_lowcal_sessions");
+    });
+  });
 });
diff --git a/hasura.planx.uk/tests/payment_requests.test.js b/hasura.planx.uk/tests/payment_requests.test.js
@@ -127,6 +127,21 @@ describe("payment_requests", () => {
       expect(i).toHaveNoMutationsFor("payment_requests");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("has full access to query and mutate payment_requests", async () => {
+      expect(i.queries).toContain("payment_requests");
+      expect(i.mutations).toContain("insert_payment_requests");
+      expect(i.mutations).toContain("update_payment_requests");
+      expect(i.mutations).toContain("update_payment_requests_by_pk");
+      expect(i.mutations).toContain("delete_payment_requests");
+    });
+  });
 });
 
 const insertSessions = async (sessionIds) => {

diff --git a/hasura.planx.uk/tests/payment_status.test.js b/hasura.planx.uk/tests/payment_status.test.js
@@ -66,4 +66,24 @@ describe("payment_status", () => {
       expect(i).toHaveNoMutationsFor("payment_status");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("cannot query payment_status", () => {
+      expect(i.queries).not.toContain("payment_status");
+    })
+
+    test("can insert payment_status", () => {
+      expect(i.mutations).toContain("insert_payment_status");
+    });
+
+    test("cannot delete or update payment_status", () => {
+      expect(i.mutations).not.toContain("update_payment_status");
+      expect(i.mutations).not.toContain("delete_payment_status");
+    })
+  });
 });
diff --git a/hasura.planx.uk/tests/planning_constraints_requests.test.js b/hasura.planx.uk/tests/planning_constraints_requests.test.js
@@ -59,4 +59,24 @@ describe("planning_constraints_requests", () => {
       expect(i).toHaveNoMutationsFor("planning_constraints_requests");
     });
   });
+
+  describe("api", () => {
+    let i;
+    beforeAll(async () => {
+      i = await introspectAs("api");
+    });
+
+    test("cannot query planning_constraints_requests", () => {
+      expect(i.queries).not.toContain("planning_constraints_requests");
+    })
+
+    test("can insert planning_constraints_requests", () => {
+      expect(i.mutations).toContain("insert_planning_constraints_requests");
+    });
+
+    test("cannot update or delete planning_constriants_requests", () => {
+      expect(i.mutations).not.toContain("update_planning_constraints_requests_by_pk");
+      expect(i.mutations).not.toContain("delete_planning_constraints_requests");
+    })
+  });
 });