A discussion in MS Teams started by @smurthys has identified that tests for shared ownership of team schemas are lacking, despite this now being a major component of ClassDB's feature set.
To summarize how team privileges function: each team has a corresponding schema, which is owned by the team. When a member is added to a team, they are granted the team's role. This results in the member being granted all privileges that were held by the team. ClassDB also assigns some default privileges which makes use of this feature more intuitive.
Ownership of objects in team schemas are generally of two kinds: member-owned and team-owned. Member-owned objects are owned by the member (student) who created the object. Team-owned objects are owned by the role that corresponds to the team. By default, all objects created in a team's schema are member-owned.
With that said, tests for the following assertions should be present in ClassDB's test suite:
Members should be able to create objects in their team's schema
It should be possible for a member to manually set a member-owned object owned by them to be team-owned
When a member is removed, all member-owned objects in the team's schema owned by that member should be set to team-owned
Privileges on objects owned by the member in other schemas should not be modified
For member-owned objects:
All members should be able to CRUD (create, read, update, and delete) from these objects
The member with ownership should be able to drop these objects, other members should not be able to
Instructors should be able to read from these objects
Instructors should not be able to modify or drop these objects
The objects should be removed when the team is removed (revoked?)
For team-owned objects:
All members should be able to CRUD from these objects
All members should be able to drop these objects
Instructors should be able to read from these objects
Instructors should not be able to modify or drop these objects
The objects should be removed when the team is removed (revoked?)
Currently, some of these assertions are tested in the privilege tests, as well as in testClassDBRolesMgmt.sql. However, the tests in the privileges suite are not exhaustive, and the tests in testClassDBRolesMgmt.sql are performed by checking Postgres' catalog, rather than using actual connections to the DB as the appropriate users.
As discussed in MS Teams, adding scripted tests for these are not a high priority, at least not for M4. Due to the robustness of existing code and complete tests of related functionality, it is not expected that there will be any issues performing the above items. However, these assertions should still be tested manually before a production release.
Please review the assertions made, and suggest any other aspects about the teams functionality that should be true.
A discussion in MS Teams started by @smurthys has identified that tests for shared ownership of team schemas are lacking, despite this now being a major component of ClassDB's feature set.
To summarize how team privileges function: each team has a corresponding schema, which is owned by the team. When a member is added to a team, they are granted the team's role. This results in the member being granted all privileges that were held by the team. ClassDB also assigns some default privileges which makes use of this feature more intuitive.
Ownership of objects in team schemas are generally of two kinds: member-owned and team-owned. Member-owned objects are owned by the member (student) who created the object. Team-owned objects are owned by the role that corresponds to the team. By default, all objects created in a team's schema are member-owned.
With that said, tests for the following assertions should be present in ClassDB's test suite:
Students should not be able to drop their team's schema if disallowSchemaDrop is enabled
Members should be able to create objects in their team's schema
It should be possible for a member to manually set a member-owned object owned by them to be team-owned
When a member is removed, all member-owned objects in the team's schema owned by that member should be set to team-owned
For member-owned objects:
For team-owned objects:
Currently, some of these assertions are tested in the privilege tests, as well as in
testClassDBRolesMgmt.sql. However, the tests in the privileges suite are not exhaustive, and the tests intestClassDBRolesMgmt.sqlare performed by checking Postgres' catalog, rather than using actual connections to the DB as the appropriate users.As discussed in MS Teams, adding scripted tests for these are not a high priority, at least not for M4. Due to the robustness of existing code and complete tests of related functionality, it is not expected that there will be any issues performing the above items. However, these assertions should still be tested manually before a production release.
Please review the assertions made, and suggest any other aspects about the teams functionality that should be true.