search

defenseunicorns / leapfrogai

Production-ready Generative AI for local, cloud native, airgap, and edge deployments.
https://leapfrog.ai
Apache License 2.0
244 stars 25 forks source link

chore(test) SPIKE Row Level Security testing #516

Open andrewrisse opened 1 month ago

andrewrisse commented 1 month ago

Spike into how we can test our Postgres Row Level Security rules. The LF API will set most of the rules, but the frontend will also have some of it's own (ex. avatar storage uploading, not API related, but handled by Sveltekit backend).

It can sometimes be difficult to test these rules with browser based End-To-End (Playwright) tests because there's no way to get yourself into some of these edge cases with the UI. Example- I maliciously try to delete another user's Assistant.

We may required a different E2E testing tool (like Postman) to test the RLS rules.

Additional context

These tests should be integrated into the workflow, but may not necessarily have to be associated with just the UI or just the API.

CollectiveUnicorn commented 1 month ago

Here's how I was tackling it from the API side of things: https://github.com/defenseunicorns/leapfrogai/pull/533 maybe it'll help if you haven't already started this.