pgTap unit tests after implementing Custom Claims & Role-based Access Control (RBAC)

Hi Folks

After implementing Custom Claims & Role-based Access Control (RBAC) following https://supabase.com/docs/guides/database/postgres/custom-claims-and-role-based-access-control-rbac

I found this guide easy to follow and following this pattern suits my requirements.

It is working when testing manually using the web app though not when using pgTap tests.

I don't think I'm mocking

user_role

user_role

correctly using

set local request.jwt.user_role = 'driver';

set local request.jwt.user_role = 'driver';

Is this not the same as

auth.jwt() ->> 'user_role'

auth.jwt() ->> 'user_role'

that I reversed engineered from the

public.authorize

public.authorize

function.

-- as User 1
set local role authenticated;
set local request.jwt.claim.sub = '123e4567-e89b-12d3-a456-426614174000';
set local request.jwt.user_role = 'driver'; --this is not correct

select is((select (auth.jwt() ->> 'user_role')::public.app_role), 'driver'::public.app_role);
select is((select public.authorize('profiles.mine.read')), true, 'driver can read own profile');

-- as User 1
set local role authenticated;
set local request.jwt.claim.sub = '123e4567-e89b-12d3-a456-426614174000';
set local request.jwt.user_role = 'driver'; --this is not correct

select is((select (auth.jwt() ->> 'user_role')::public.app_role), 'driver'::public.app_role);
select is((select public.authorize('profiles.mine.read')), true, 'driver can read own profile');

Edit: typo

Custom Claims & Role-based Access Control (RBAC) | Supabase Docs

Use Auth Hooks to add custom claims for managing role-based access control.

pgTap unit tests after implementing Custom Claims & Role-based Access Control (RBAC)

user_role

user_role

correctly using

set local request.jwt.user_role = 'driver';

set local request.jwt.user_role = 'driver';

Is this not the same as

auth.jwt() ->> 'user_role'

auth.jwt() ->> 'user_role'

that I reversed engineered from the

public.authorize

public.authorize

function.

-- as User 1
set local role authenticated;
set local request.jwt.claim.sub = '123e4567-e89b-12d3-a456-426614174000';
set local request.jwt.user_role = 'driver'; --this is not correct

select is((select (auth.jwt() ->> 'user_role')::public.app_role), 'driver'::public.app_role);
select is((select public.authorize('profiles.mine.read')), true, 'driver can read own profile');

-- as User 1
set local role authenticated;
set local request.jwt.claim.sub = '123e4567-e89b-12d3-a456-426614174000';
set local request.jwt.user_role = 'driver'; --this is not correct

select is((select (auth.jwt() ->> 'user_role')::public.app_role), 'driver'::public.app_role);
select is((select public.authorize('profiles.mine.read')), true, 'driver can read own profile');

Edit: typo

Custom Claims & Role-based Access Control (RBAC) | Supabase Docs

Use Auth Hooks to add custom claims for managing role-based access control.

pgTap unit tests after implementing Custom Claims & Role-based Access Control (RBAC)

pgTap unit tests after implementing Custom Claims & Role-based Access Control (RBAC)

Similar Threads

Similar Threads

Similar Threads