pstjean
commented
5 years ago Ok! Added DatabaseCleaner using the transaction strategy, so each test is now wrapped in a separate ActiveRecord transaction. I was able to reproduce the test failures locally with a seed from CI, and this has resolved them.
We could probably go through the test suite now and remove all the more ad hoc efforts at data cleanup that have accrued over time. I removed one that I added earlier in this PR.
Doesn't seem to have impacted test suite time negatively:
Without DatabaseCleaner
-----------------------
Finished in 270.386185s
Finished in 259.705708s
Finished in 287.049458s
With DatabaseCleaner
-----------------------
Finished in 288.298893s
Finished in 269.072978s
Finished in 253.921726s
Real chicken and egg problem here: currently, all permissions are based on accounts. The
authorized_resourcesin a token issued by ID are the IDs of accounts that the user is either a member or admin of.So, what account do you need to belong to to create the very first account you’ll belong to 🤔
~I've decided after a lot of back and forth to ensure that the token contains the admin scope for the PRX Administrator account. This means that the user the token was issued to has a membership in that account.~
It would be great if the subject of the JWT was the user in question, ~but it seems that it's actually referring to the
user_idcolumn inclient_applications~ so that's what we've landed on. We ensure that the authenticated user does not already have an individual account, and then set that user as the opener and create a membership between that user and the new account.