chore(test) SPIKE Row Level Security testing #516
Labels
tech-debt 💳
Not a feature, but still necessary
Milestone
Comments
|
Here's how I was tackling it from the API side of things: #533 maybe it'll help if you haven't already started this. |
barronstone
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Spike into how we can test our Postgres Row Level Security rules. The LF API will set most of the rules, but the frontend will also have some of it's own (ex. avatar storage uploading, not API related, but handled by Sveltekit backend).
It can sometimes be difficult to test these rules with browser based End-To-End (Playwright) tests because there's no way to get yourself into some of these edge cases with the UI. Example- I maliciously try to delete another user's Assistant.
We may required a different E2E testing tool (like Postman) to test the RLS rules.
Additional context
These tests should be integrated into the workflow, but may not necessarily have to be associated with just the UI or just the API.
The text was updated successfully, but these errors were encountered: