webgui/t/DatabaseLink.t

#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2009 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#-------------------------------------------------------------------
# http://www.plainblack.com                     info@plainblack.com
#-------------------------------------------------------------------

use FindBin;
use strict;
use lib "$FindBin::Bin/lib";

use WebGUI::Test;
use WebGUI::Session;

use WebGUI::DatabaseLink;

use Test::More;
use Test::Deep;

my $session = WebGUI::Test->session;

#DSNs for parsing tests, particularly the database name
my $DSNs = [
    {
        dsn     => 'DBI:mysql:colonSeparated:myHost:8008',
        dbName  => 'colonSeparated',
        comment => 'explicit',
    },
    {
        dsn     => 'DBI:mysql:database=myDatabase',
        dbName  => 'myDatabase',
        comment => 'database=',
    },
    {
        dsn     => 'DBI:mysql:dbName=myDbName',
        dbName  => undef,
        comment => 'dbName=, bad capitalization',
    },
    {
        dsn     => 'DBI:mysql:dbname=mydbname',
        dbName  => 'mydbname',
        comment => 'dbname=',
    },
    {
        dsn     => 'DBI:mysql:dbnane=myDbName',
        dbName  => undef,
        comment => 'dbnane=, misspelling',
    },
    {
        dsn     => 'DBI:mysql:db=myDb',
        dbName  => 'myDb',
        comment => 'db=',
    },
];

#Grants for parsing tests, particularly the database name
my $grants = [
    {
        dsn        => 'DBI:mysql:myDb:myHost:8008',
        privileges => [qw/ALTER CREATE INSERT DELETE/],
        grants     => [
            'GRANT ALTER, CREATE, INSERT, DELETE ON *.* to user@localhost',
        ],
        privileged => 1,
        comment    => 'ACID on *.*, privileged',
    },
    {
        dsn        => 'DBI:mysql:myDb:myHost:8008',
        privileges => [qw/ALTER CREATE INSERT DELETE/],
        grants     => [
            'GRANT ALL PRIVILEGES ON *.* to user@localhost',
        ],
        privileged => 1,
        comment    => 'ALL PRIVILEGES on *.*, privileged',
    },
    {
        dsn        => 'DBI:mysql:myDb:myHost:8008',
        privileges => [qw/ALTER CREATE INSERT DELETE/],
        grants     => [
            'GRANT ALTER, CREATE, INSERT ON *.* to user@localhost',
        ],
        privileged => 0,
        comment    => 'Missing DELETE on *.*, unprivileged',
    },
    {
        dsn        => 'DBI:mysql:myDb:myHost:8008',
        privileges => [qw/ALTER CREATE INSERT DELETE/],
        grants     => [
            'GRANT ALL PRIVILEGES ON myDb.* to user@localhost',
        ],
        privileged => 1,
        comment    => 'ALL PRIVILEGES on explicit db name, privileged',
    },
    {
        dsn        => 'DBI:mysql:myDb:myHost:8008',
        privileges => [qw/ALTER CREATE INSERT DELETE/],
        grants     => [
            'GRANT ALL PRIVILEGES ON `myDb`.* to user@localhost',
        ],
        privileged => 1,
        comment    => 'ALL PRIVILEGES on quoted, explicit db name, privileged',
    },
    {
        dsn        => 'DBI:mysql:myDb:myHost:8008',
        privileges => [qw/ALTER CREATE INSERT DELETE/],
        grants     => [
            'GRANT ALL PRIVILEGES ON `my%`.* to user@localhost',
        ],
        privileged => 1,
        comment    => 'ALL PRIVILEGES on quoted, wildcard name, privileged',
    },
    {
        dsn        => 'DBI:mysql:yourDb:myHost:8008',
        privileges => [qw/ALTER CREATE INSERT DELETE/],
        grants     => [
            'GRANT ALL PRIVILEGES ON `my%`.* to user@localhost',
        ],
        privileged => 0,
        comment    => 'ALL PRIVILEGES on wrong db, unprivileged',
    },
];


#Queries to run through our schlocky query validator.
my $queries = [
    {
        query   => 'SELECT * from users',
        expect  => 1,
        comment => '... select',
    },
    {
        query   => 'select * from users',
        expect  => 1,
        comment => '... case check',
    },
    {
        query   => '   select * from users',
        expect  => 1,
        comment => '... initial whitespace',
    },
    {
        query   => 'delete from users',
        expect  => 0,
        comment => '... delete',
    },
    {
        query   => '   delete from users',
        expect  => 0,
        comment => '... delete with initial whitespace',
    },
    {
        query   => '(select * from users)',
        expect  => 1,
        comment => '... parenthesized',
    },
    {
        query   => '/* SELECT */ DELETE FROM users',
        expect  => 0,
        comment => 'Initial comment with valid keyword',
    },
];

plan tests => 14
            + scalar @{ $DSNs    }
            + scalar @{ $grants  }
            + scalar @{ $queries }
            ;

####################################################
#
# create
#
####################################################

my $startingDbLinks = scalar keys %{WebGUI::DatabaseLink->getList($session)}; 

my $dbLink = WebGUI::DatabaseLink->create($session);
isa_ok($dbLink, 'WebGUI::DatabaseLink', 'create made an object');
ok($session->id->valid($dbLink->getId), 'create makes an object with a valid GUID');
cmp_deeply(
    $dbLink->get(),
    {
        databaseLinkId => re(".{22}"),
        DSN        => undef,
        username   => undef,
        identifier => undef,
        title      => undef,
        allowedKeywords => undef,
        allowMacroAccess => 0,
        additionalParameters => '',
    },
    'create: passing no params autovivifies the databaseLinkId, but that is all',
);

is(scalar keys %{WebGUI::DatabaseLink->getList($session)}, $startingDbLinks+1, 'new DatabaseLink created');
$dbLink->delete();
is(scalar keys %{WebGUI::DatabaseLink->getList($session)}, $startingDbLinks, 'new DatabaseLink deleted');

my $dbLinkParams = {
                    DSN        => 'DBI:mysql:myDb:myHost',
                    username   => 'dbUser',
                    identifier => 'dbPass',
                    title      => 'Access to my Awesome DB',
                    allowedKeywords => 'SELECT UPDATE',
                    databaseLinkId  => 'fooBarBaz',
                    allowMacroAccess => 0,
                    additionalParameters => '',
                   };

$dbLink = WebGUI::DatabaseLink->create($session, $dbLinkParams);
addToCleanup($dbLink);
$dbLinkParams->{databaseLinkId} = ignore();

cmp_deeply(
    $dbLink->get(),
    $dbLinkParams,
    'create: params sent to create are embedded in the object correctly',
);
isnt($dbLink->getId, 'fooBarBaz', 'requested databaseLinkId was not used as the linkId');
ok($session->id->valid($dbLink->getId), 'create made a valid GUID instead of that thing I asked for');

####################################################
#
# new
#
####################################################

my $wgDbLink = WebGUI::DatabaseLink->new($session, 0);
is($wgDbLink->get->{DSN}, $session->config->get('dsn'), 'DSN set correctly for default database link');
my ($databaseName) = $session->db->quickArray('SELECT DATABASE()');
is ($wgDbLink->databaseName, $databaseName, 'databaseName parsed default DSN from config file');
is ($wgDbLink->getId, 0, 'databaseLinkId set correctly');

is(WebGUI::DatabaseLink->new($session), undef, 'new returns undef unless you specify a databaseLinkId');
is(WebGUI::DatabaseLink->new($session,'foobar'), undef, 'new returns undef with a non-existant databaseLinkId');

####################################################
#
# queryIsValid
#
####################################################

note 'queryIsValid';
foreach my $query (@{ $queries }) {
    is($dbLink->queryIsAllowed($query->{query}), $query->{expect}, $query->{comment});
}


####################################################
#
# databaseName
#
####################################################

my $dbs = WebGUI::DatabaseLink->getList($session);

foreach my $dsn (@{ $DSNs }) {
    my $dbl = WebGUI::DatabaseLink->create($session, { DSN => $dsn->{dsn} });
    is( $dbl->databaseName(), $dsn->{dbName}, $dsn->{comment} );
    $dbl->delete;
}

####################################################
#
# checkPrivileges
#
####################################################

foreach my $grant (@{ $grants }) {
    my $dbl = WebGUI::DatabaseLink->create($session, { DSN => $grant->{dsn} });
    is(
        $dbl->checkPrivileges($grant->{privileges}, $grant->{grants}),
        $grant->{privileged},
        $grant->{comment}
    );
    $dbl->delete;
}

my $dbsAfter = WebGUI::DatabaseLink->getList($session);

cmp_deeply($dbs, $dbsAfter, 'delete cleaned up all temporarily created DatabaseLinks');

####################################################
#
# delete
#
####################################################