monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): use app_engine for get_db override to preserve RLS enforcement

Browse Source 
get_db must use app_engine (non-superuser, RLS enforced) so tenant
isolation tests work correctly. get_admin_db uses admin_engine.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jason Staack
2026-03-15 07:02:18 -05:00
parent 2a1b6d9d19
commit 84146ea67a
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/tests/integration/conftest.py
View File

@@ -292,12 +292,17 @@ async def test_app(admin_engine, app_engine):
setup_rate_limiting(app) setup_rate_limiting(app)
test_session_factory = async_sessionmaker( # get_db uses app_engine (RLS-enforced) so tenant isolation is tested correctly
test_app_session_factory = async_sessionmaker(
app_engine, class_=AsyncSession, expire_on_commit=False
)
# get_admin_db uses admin_engine (superuser) for auth/bootstrap routes
test_admin_session_factory = async_sessionmaker(
admin_engine, class_=AsyncSession, expire_on_commit=False admin_engine, class_=AsyncSession, expire_on_commit=False
) )
async def override_get_db() -> AsyncGenerator[AsyncSession, None]: async def override_get_db() -> AsyncGenerator[AsyncSession, None]:
async with test_session_factory() as session: async with test_app_session_factory() as session:
try: try:
yield session yield session
await session.commit() await session.commit()
@@ -306,7 +311,7 @@ async def test_app(admin_engine, app_engine):
raise raise
async def override_get_admin_db() -> AsyncGenerator[AsyncSession, None]: async def override_get_admin_db() -> AsyncGenerator[AsyncSession, None]:
async with test_session_factory() as session: async with test_admin_session_factory() as session:
try: try:
yield session yield session
await session.commit() await session.commit()