Blazer Testing

[CraigJZ]

Description

We are using a modified implementation of the Blazer gem to provide direct SQL access to specific tables with data scoped to an organizational level. Additional information about this set up can be found here: blazer_reporting.md. A key part of this setup is the row level security policies restricting users to data belonging only to their organization. We are lacking test coverage of this feature. This issue would add specs to cover, at least, the following scenarios:

• When a user runs a query it returns only data belonging to that users organization
• When a user attempts to run a query against a table they don't have access to, an error is displayed and no data is returned.
• A user only has access to their organization's data through the Blazer interface.

[adub65]

@CraigJZ , would you need a system test, unit test, or both for this?

[CraigJZ]

@adub65 I was thinking system specs, mostly because I've been a bit stuck on how to set them up as unit tests. If you are able to capture the needed test cases in unit tests, that would be great though. The closest example I can point to is this controller spec for ensuring reports for other orgs are not visible.