From 42abf35bff7c0664bdf7725cad311c39295c5700 Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 11 Jun 2026 08:26:07 +0000 Subject: [PATCH] feat: scope all repo reads/writes to the caller's ownerId Co-Authored-By: Claude Fable 5 --- server/utils/repo.ts | 97 +++++++++++++-------- tests/repo.test.ts | 198 ++++++++++++++++++++++++++++++------------- 2 files changed, 202 insertions(+), 93 deletions(-) diff --git a/server/utils/repo.ts b/server/utils/repo.ts index 7e7f6b9..0b0a4e3 100644 --- a/server/utils/repo.ts +++ b/server/utils/repo.ts @@ -6,6 +6,7 @@ type Sql = ReturnType; export interface ListRow { id: string; name: string; + owner_id: string | null; } export interface TaskRow { @@ -15,52 +16,68 @@ export interface TaskRow { description: string | null; source: string; consumed: boolean; + owner_id: string | null; created_at: Date; updated_at: Date; } -export async function getLists(sql: Sql): Promise { - return sql`select id, name from lists order by name`; +// Ownership model: every read/write is scoped to the caller's Zitadel sub (ownerId). +// owner_id NULL = legacy row from before multi-user — visible to every authorized user +// and adopted (stamped with the caller's sub) by the caller's next write that touches it. +// Upserts use `on conflict … where` so they can never modify a row owned by someone else. + +export async function getLists(sql: Sql, ownerId: string): Promise { + return sql` + select id, name, owner_id from lists + where owner_id = ${ownerId} or owner_id is null + order by name`; } -/** Full-replace catalog: upsert all supplied, delete any list not present (cascades tasks). */ +/** Full-replace of the caller's catalog: upsert all supplied, delete the caller's (and legacy) lists not present (cascades tasks). */ export async function replaceLists( sql: Sql, + ownerId: string, lists: { id: string; name: string }[], ): Promise { await sql.begin(async (tx) => { for (const l of lists) { await tx` - insert into lists (id, name, updated_at) - values (${l.id}, ${l.name}, now()) - on conflict (id) do update set name = excluded.name, updated_at = now()`; + insert into lists (id, name, owner_id, updated_at) + values (${l.id}, ${l.name}, ${ownerId}, now()) + on conflict (id) do update set name = excluded.name, owner_id = ${ownerId}, updated_at = now() + where lists.owner_id = ${ownerId} or lists.owner_id is null`; } - if (lists.length) { - const ids = lists.map((l) => l.id); - await tx`delete from lists where id <> all(${ids})`; + const ids = lists.map((l) => l.id); + if (ids.length) { + await tx`delete from lists where (owner_id = ${ownerId} or owner_id is null) and id <> all(${ids})`; } else { - await tx`delete from lists`; + await tx`delete from lists where owner_id = ${ownerId} or owner_id is null`; } }); } -export async function listExists(sql: Sql, id: string): Promise { - const rows = await sql`select 1 from lists where id = ${id}`; +export async function listExists(sql: Sql, ownerId: string, id: string): Promise { + const rows = await sql` + select 1 from lists where id = ${id} and (owner_id = ${ownerId} or owner_id is null)`; return rows.length > 0; } -export async function getTasksForList(sql: Sql, listId: string): Promise { - return sql`select * from tasks where list_id = ${listId} order by created_at`; +export async function getTasksForList(sql: Sql, ownerId: string, listId: string): Promise { + return sql` + select * from tasks + where list_id = ${listId} and (owner_id = ${ownerId} or owner_id is null) + order by created_at`; } export async function createWebTask( sql: Sql, + ownerId: string, t: { listId: string; title: string; description: string | null }, ): Promise { const id = randomUUID(); const [row] = await sql` - insert into tasks (id, list_id, title, description, source, consumed) - values (${id}, ${t.listId}, ${t.title}, ${t.description}, 'web', false) + insert into tasks (id, list_id, title, description, source, consumed, owner_id) + values (${id}, ${t.listId}, ${t.title}, ${t.description}, 'web', false, ${ownerId}) returning *`; return row; } @@ -68,64 +85,76 @@ export async function createWebTask( /** Idempotent upsert of a desktop Idle task by id. Returns whether a row was inserted. */ export async function upsertDesktopTask( sql: Sql, + ownerId: string, id: string, t: { listId: string; title: string; description?: string | null }, ): Promise<{ created: boolean }> { const [row] = await sql<{ created: boolean }[]>` - insert into tasks (id, list_id, title, description, source) - values (${id}, ${t.listId}, ${t.title}, ${t.description ?? null}, 'desktop') + insert into tasks (id, list_id, title, description, source, owner_id) + values (${id}, ${t.listId}, ${t.title}, ${t.description ?? null}, 'desktop', ${ownerId}) on conflict (id) do update set list_id = excluded.list_id, title = excluded.title, description = excluded.description, + owner_id = ${ownerId}, updated_at = now() + where tasks.owner_id = ${ownerId} or tasks.owner_id is null returning (xmax = 0) as created`; - return { created: row.created }; + // row is undefined when the id exists but belongs to another user: blocked no-op. + return { created: row?.created ?? false }; } /** - * Full-replace of the desktop-owned partition (the desktop's current Idle backlog). + * Full-replace of the caller's desktop-owned partition (their current Idle backlog). * Mirrors `replaceLists`: upsert every supplied task as desktop-owned (consumed=true), and - * delete any desktop-owned (consumed=true) task not in the payload. Web-created tasks still - * awaiting pull (consumed=false) are left untouched. An empty array clears the partition. + * delete any of the caller's (or legacy) desktop-owned tasks not in the payload. Web-created + * tasks still awaiting pull (consumed=false) and other users' rows are left untouched. */ export async function mirrorDesktopTasks( sql: Sql, + ownerId: string, items: { id: string; listId: string; title: string; description?: string | null }[], ): Promise { await sql.begin(async (tx) => { for (const t of items) { await tx` - insert into tasks (id, list_id, title, description, source, consumed) - values (${t.id}, ${t.listId}, ${t.title}, ${t.description ?? null}, 'desktop', true) + insert into tasks (id, list_id, title, description, source, consumed, owner_id) + values (${t.id}, ${t.listId}, ${t.title}, ${t.description ?? null}, 'desktop', true, ${ownerId}) on conflict (id) do update set list_id = excluded.list_id, title = excluded.title, description = excluded.description, source = 'desktop', consumed = true, - updated_at = now()`; + owner_id = ${ownerId}, + updated_at = now() + where tasks.owner_id = ${ownerId} or tasks.owner_id is null`; } const ids = items.map((t) => t.id); if (ids.length) { - await tx`delete from tasks where consumed = true and id <> all(${ids})`; + await tx`delete from tasks + where consumed = true and (owner_id = ${ownerId} or owner_id is null) and id <> all(${ids})`; } else { - await tx`delete from tasks where consumed = true`; + await tx`delete from tasks where consumed = true and (owner_id = ${ownerId} or owner_id is null)`; } }); } -/** Web-created tasks the desktop has not yet imported. */ -export async function getUnconsumed(sql: Sql): Promise { +/** The caller's web-created tasks the desktop has not yet imported. */ +export async function getUnconsumed(sql: Sql, ownerId: string): Promise { return sql` - select * from tasks where source = 'web' and consumed = false order by created_at`; + select * from tasks + where source = 'web' and consumed = false and (owner_id = ${ownerId} or owner_id is null) + order by created_at`; } -export async function consume(sql: Sql, id: string): Promise { - const res = await sql`update tasks set consumed = true, updated_at = now() where id = ${id}`; +export async function consume(sql: Sql, ownerId: string, id: string): Promise { + const res = await sql` + update tasks set consumed = true, updated_at = now() + where id = ${id} and (owner_id = ${ownerId} or owner_id is null)`; return res.count > 0; } -export async function deleteTask(sql: Sql, id: string): Promise { - await sql`delete from tasks where id = ${id}`; +export async function deleteTask(sql: Sql, ownerId: string, id: string): Promise { + await sql`delete from tasks where id = ${id} and (owner_id = ${ownerId} or owner_id is null)`; } diff --git a/tests/repo.test.ts b/tests/repo.test.ts index aa0f32f..321ab7b 100644 --- a/tests/repo.test.ts +++ b/tests/repo.test.ts @@ -4,6 +4,9 @@ import * as repo from "../server/utils/repo"; const sql = postgres(process.env.DATABASE_URL!, { max: 1, onnotice: () => {} }); +const U1 = "user-1"; +const U2 = "user-2"; + beforeEach(async () => { await sql`truncate lists cascade`; }); @@ -14,54 +17,56 @@ afterAll(async () => { describe("lists", () => { it("full-replace upserts supplied and deletes missing", async () => { - await repo.replaceLists(sql, [ + await repo.replaceLists(sql, U1, [ { id: "a", name: "A" }, { id: "b", name: "B" }, ]); - await repo.replaceLists(sql, [{ id: "a", name: "A2" }]); // b removed, a renamed - const got = await repo.getLists(sql); - expect(got).toEqual([{ id: "a", name: "A2" }]); + await repo.replaceLists(sql, U1, [{ id: "a", name: "A2" }]); // b removed, a renamed + const got = await repo.getLists(sql, U1); + expect(got).toEqual([{ id: "a", name: "A2", owner_id: U1 }]); }); - it("empty payload clears all lists", async () => { - await repo.replaceLists(sql, [{ id: "a", name: "A" }]); - await repo.replaceLists(sql, []); - expect(await repo.getLists(sql)).toEqual([]); + it("empty payload clears all my lists", async () => { + await repo.replaceLists(sql, U1, [{ id: "a", name: "A" }]); + await repo.replaceLists(sql, U1, []); + expect(await repo.getLists(sql, U1)).toEqual([]); }); it("deleting a list cascades its tasks", async () => { - await repo.replaceLists(sql, [{ id: "a", name: "A" }]); - await repo.upsertDesktopTask(sql, "t1", { listId: "a", title: "x" }); - await repo.replaceLists(sql, []); // removes a + cascades t1 - expect(await repo.getUnconsumed(sql)).toEqual([]); + await repo.replaceLists(sql, U1, [{ id: "a", name: "A" }]); + await repo.upsertDesktopTask(sql, U1, "t1", { listId: "a", title: "x" }); + await repo.replaceLists(sql, U1, []); // removes a + cascades t1 + expect(await repo.getUnconsumed(sql, U1)).toEqual([]); }); - it("listExists validates listId", async () => { - await repo.replaceLists(sql, [{ id: "L", name: "List" }]); - expect(await repo.listExists(sql, "L")).toBe(true); - expect(await repo.listExists(sql, "ghost")).toBe(false); + it("listExists validates listId within the caller's scope", async () => { + await repo.replaceLists(sql, U1, [{ id: "L", name: "List" }]); + expect(await repo.listExists(sql, U1, "L")).toBe(true); + expect(await repo.listExists(sql, U1, "ghost")).toBe(false); + expect(await repo.listExists(sql, U2, "L")).toBe(false); // not my list }); }); describe("tasks", () => { beforeEach(async () => { - await repo.replaceLists(sql, [{ id: "L", name: "List" }]); + await repo.replaceLists(sql, U1, [{ id: "L", name: "List" }]); }); - it("web create returns generated GUID, source=web, consumed=false", async () => { - const t = await repo.createWebTask(sql, { listId: "L", title: "buy milk", description: null }); + it("web create returns generated GUID, source=web, consumed=false, stamped owner", async () => { + const t = await repo.createWebTask(sql, U1, { listId: "L", title: "buy milk", description: null }); expect(t.id).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/); expect(t.source).toBe("web"); expect(t.consumed).toBe(false); expect(t.title).toBe("buy milk"); + expect(t.owner_id).toBe(U1); }); it("desktop upsert is idempotent by id; source=desktop on insert", async () => { - const a = await repo.upsertDesktopTask(sql, "fixed-id", { listId: "L", title: "one" }); + const a = await repo.upsertDesktopTask(sql, U1, "fixed-id", { listId: "L", title: "one" }); expect(a.created).toBe(true); - const b = await repo.upsertDesktopTask(sql, "fixed-id", { listId: "L", title: "two", description: "d" }); + const b = await repo.upsertDesktopTask(sql, U1, "fixed-id", { listId: "L", title: "two", description: "d" }); expect(b.created).toBe(false); - const tasks = await repo.getTasksForList(sql, "L"); + const tasks = await repo.getTasksForList(sql, U1, "L"); expect(tasks).toHaveLength(1); expect(tasks[0].title).toBe("two"); expect(tasks[0].description).toBe("d"); @@ -69,90 +74,165 @@ describe("tasks", () => { }); it("getUnconsumed returns only web tasks with consumed=false", async () => { - await repo.createWebTask(sql, { listId: "L", title: "web1", description: null }); - await repo.upsertDesktopTask(sql, "d1", { listId: "L", title: "desk1" }); - const u = await repo.getUnconsumed(sql); + await repo.createWebTask(sql, U1, { listId: "L", title: "web1", description: null }); + await repo.upsertDesktopTask(sql, U1, "d1", { listId: "L", title: "desk1" }); + const u = await repo.getUnconsumed(sql, U1); expect(u).toHaveLength(1); expect(u[0].title).toBe("web1"); }); it("consume sets consumed=true and is reflected in getUnconsumed", async () => { - const t = await repo.createWebTask(sql, { listId: "L", title: "c", description: null }); - expect(await repo.consume(sql, t.id)).toBe(true); - expect(await repo.getUnconsumed(sql)).toEqual([]); + const t = await repo.createWebTask(sql, U1, { listId: "L", title: "c", description: null }); + expect(await repo.consume(sql, U1, t.id)).toBe(true); + expect(await repo.getUnconsumed(sql, U1)).toEqual([]); }); it("consume on unknown id returns false", async () => { - expect(await repo.consume(sql, "nope")).toBe(false); + expect(await repo.consume(sql, U1, "nope")).toBe(false); }); it("deleteTask is idempotent", async () => { - const t = await repo.createWebTask(sql, { listId: "L", title: "c", description: null }); - await repo.deleteTask(sql, t.id); - await repo.deleteTask(sql, t.id); // no throw on absent - expect(await repo.getTasksForList(sql, "L")).toEqual([]); + const t = await repo.createWebTask(sql, U1, { listId: "L", title: "c", description: null }); + await repo.deleteTask(sql, U1, t.id); + await repo.deleteTask(sql, U1, t.id); // no throw on absent + expect(await repo.getTasksForList(sql, U1, "L")).toEqual([]); }); }); describe("mirrorDesktopTasks (desktop Idle full-replace)", () => { beforeEach(async () => { - await repo.replaceLists(sql, [ + await repo.replaceLists(sql, U1, [ { id: "L", name: "List" }, { id: "L2", name: "List 2" }, ]); }); - it("inserts items as desktop-owned (consumed=true, source=desktop)", async () => { - await repo.mirrorDesktopTasks(sql, [ + it("inserts items as desktop-owned (consumed=true, source=desktop, stamped owner)", async () => { + await repo.mirrorDesktopTasks(sql, U1, [ { id: "m1", listId: "L", title: "one", description: "d1" }, { id: "m2", listId: "L2", title: "two" }, ]); - const t = await repo.getTasksForList(sql, "L"); + const t = await repo.getTasksForList(sql, U1, "L"); expect(t).toHaveLength(1); - expect(t[0]).toMatchObject({ id: "m1", title: "one", description: "d1", source: "desktop", consumed: true }); - expect(await repo.getTasksForList(sql, "L2")).toHaveLength(1); + expect(t[0]).toMatchObject({ id: "m1", title: "one", description: "d1", source: "desktop", consumed: true, owner_id: U1 }); + expect(await repo.getTasksForList(sql, U1, "L2")).toHaveLength(1); }); it("upserts existing items by id (title/listId/description)", async () => { - await repo.mirrorDesktopTasks(sql, [{ id: "m1", listId: "L", title: "one" }]); - await repo.mirrorDesktopTasks(sql, [{ id: "m1", listId: "L2", title: "renamed", description: "x" }]); - const onL = await repo.getTasksForList(sql, "L"); - const onL2 = await repo.getTasksForList(sql, "L2"); + await repo.mirrorDesktopTasks(sql, U1, [{ id: "m1", listId: "L", title: "one" }]); + await repo.mirrorDesktopTasks(sql, U1, [{ id: "m1", listId: "L2", title: "renamed", description: "x" }]); + const onL = await repo.getTasksForList(sql, U1, "L"); + const onL2 = await repo.getTasksForList(sql, U1, "L2"); expect(onL).toHaveLength(0); expect(onL2).toHaveLength(1); expect(onL2[0]).toMatchObject({ title: "renamed", description: "x" }); }); it("deletes desktop tasks whose id is not in the array", async () => { - await repo.mirrorDesktopTasks(sql, [ + await repo.mirrorDesktopTasks(sql, U1, [ { id: "m1", listId: "L", title: "one" }, { id: "m2", listId: "L", title: "two" }, ]); - await repo.mirrorDesktopTasks(sql, [{ id: "m1", listId: "L", title: "one" }]); // m2 dropped - const t = await repo.getTasksForList(sql, "L"); + await repo.mirrorDesktopTasks(sql, U1, [{ id: "m1", listId: "L", title: "one" }]); // m2 dropped + const t = await repo.getTasksForList(sql, U1, "L"); expect(t.map((x) => x.id)).toEqual(["m1"]); }); - it("empty array deletes all desktop tasks", async () => { - await repo.mirrorDesktopTasks(sql, [{ id: "m1", listId: "L", title: "one" }]); - await repo.mirrorDesktopTasks(sql, []); - expect(await repo.getTasksForList(sql, "L")).toEqual([]); + it("empty array deletes all my desktop tasks", async () => { + await repo.mirrorDesktopTasks(sql, U1, [{ id: "m1", listId: "L", title: "one" }]); + await repo.mirrorDesktopTasks(sql, U1, []); + expect(await repo.getTasksForList(sql, U1, "L")).toEqual([]); }); it("does NOT touch web-created tasks awaiting pull (consumed=false)", async () => { - const web = await repo.createWebTask(sql, { listId: "L", title: "web", description: null }); - await repo.mirrorDesktopTasks(sql, [{ id: "m1", listId: "L", title: "desk" }]); - // web task survives the mirror (and is still unconsumed) - const unconsumed = await repo.getUnconsumed(sql); + const web = await repo.createWebTask(sql, U1, { listId: "L", title: "web", description: null }); + await repo.mirrorDesktopTasks(sql, U1, [{ id: "m1", listId: "L", title: "desk" }]); + const unconsumed = await repo.getUnconsumed(sql, U1); expect(unconsumed.map((x) => x.id)).toEqual([web.id]); - expect((await repo.getTasksForList(sql, "L")).map((x) => x.id).sort()).toEqual([web.id, "m1"].sort()); + expect((await repo.getTasksForList(sql, U1, "L")).map((x) => x.id).sort()).toEqual([web.id, "m1"].sort()); }); it("claims a web task when its id is mirrored (becomes consumed=true)", async () => { - const web = await repo.createWebTask(sql, { listId: "L", title: "web", description: null }); - await repo.mirrorDesktopTasks(sql, [{ id: web.id, listId: "L", title: "web (imported)" }]); - expect(await repo.getUnconsumed(sql)).toEqual([]); // no longer awaiting pull - const t = await repo.getTasksForList(sql, "L"); + const web = await repo.createWebTask(sql, U1, { listId: "L", title: "web", description: null }); + await repo.mirrorDesktopTasks(sql, U1, [{ id: web.id, listId: "L", title: "web (imported)" }]); + expect(await repo.getUnconsumed(sql, U1)).toEqual([]); // no longer awaiting pull + const t = await repo.getTasksForList(sql, U1, "L"); expect(t[0]).toMatchObject({ id: web.id, title: "web (imported)", consumed: true }); }); }); + +describe("owner isolation", () => { + it("lists are invisible to other users; legacy (NULL owner) lists visible to everyone", async () => { + await repo.replaceLists(sql, U1, [{ id: "mine", name: "Mine" }]); + await sql`insert into lists (id, name) values ('legacy', 'Old')`; // pre-multi-user row + expect((await repo.getLists(sql, U1)).map((l) => l.id).sort()).toEqual(["legacy", "mine"]); + expect((await repo.getLists(sql, U2)).map((l) => l.id)).toEqual(["legacy"]); + }); + + it("replaceLists never deletes or renames another user's lists", async () => { + await repo.replaceLists(sql, U1, [{ id: "a", name: "A" }]); + await repo.replaceLists(sql, U2, [{ id: "b", name: "B" }]); // U2's full catalog: just b + expect((await repo.getLists(sql, U1)).map((l) => l.id)).toEqual(["a"]); + expect((await repo.getLists(sql, U2)).map((l) => l.id)).toEqual(["b"]); + // U2 upserting U1's id must not steal/rename it + await repo.replaceLists(sql, U2, [{ id: "a", name: "stolen" }, { id: "b", name: "B" }]); + const u1Lists = await repo.getLists(sql, U1); + expect(u1Lists).toEqual([{ id: "a", name: "A", owner_id: U1 }]); + }); + + it("replaceLists adopts legacy lists (stamps the caller as owner)", async () => { + await sql`insert into lists (id, name) values ('legacy', 'Old')`; + await repo.replaceLists(sql, U1, [{ id: "legacy", name: "Old" }]); + expect((await repo.getLists(sql, U2)).map((l) => l.id)).toEqual([]); // no longer legacy + expect((await repo.getLists(sql, U1))[0]).toMatchObject({ id: "legacy", owner_id: U1 }); + }); + + it("tasks are invisible to other users; legacy tasks visible to everyone", async () => { + await repo.replaceLists(sql, U1, [{ id: "L", name: "List" }]); + await repo.createWebTask(sql, U1, { listId: "L", title: "mine", description: null }); + await sql`insert into tasks (id, list_id, title, source) values ('legacy-t', 'L', 'old', 'web')`; + expect((await repo.getUnconsumed(sql, U2)).map((t) => t.id)).toEqual(["legacy-t"]); + expect((await repo.getTasksForList(sql, U2, "L")).map((t) => t.id)).toEqual(["legacy-t"]); + expect(await repo.getUnconsumed(sql, U1)).toHaveLength(2); + }); + + it("one user's mirror never deletes another user's desktop tasks", async () => { + await repo.replaceLists(sql, U1, [{ id: "L1", name: "U1 List" }]); + await repo.replaceLists(sql, U2, [{ id: "L2", name: "U2 List" }]); + await repo.mirrorDesktopTasks(sql, U1, [{ id: "m1", listId: "L1", title: "u1 task" }]); + await repo.mirrorDesktopTasks(sql, U2, [{ id: "m2", listId: "L2", title: "u2 task" }]); + // U2's full-replace (only m2) must not have wiped U1's m1: + expect((await repo.getTasksForList(sql, U1, "L1")).map((t) => t.id)).toEqual(["m1"]); + // and an empty mirror from U2 clears only U2's partition: + await repo.mirrorDesktopTasks(sql, U2, []); + expect((await repo.getTasksForList(sql, U1, "L1")).map((t) => t.id)).toEqual(["m1"]); + expect(await repo.getTasksForList(sql, U2, "L2")).toEqual([]); + }); + + it("mirror upsert cannot claim another user's task by id", async () => { + await repo.replaceLists(sql, U1, [{ id: "L1", name: "U1 List" }]); + await repo.replaceLists(sql, U2, [{ id: "L2", name: "U2 List" }]); + const web = await repo.createWebTask(sql, U1, { listId: "L1", title: "u1 web", description: null }); + await repo.mirrorDesktopTasks(sql, U2, [{ id: web.id, listId: "L2", title: "hijack" }]); + // U1's web task is untouched and still awaiting pull: + const u1 = await repo.getUnconsumed(sql, U1); + expect(u1.map((t) => t.id)).toEqual([web.id]); + expect(u1[0].title).toBe("u1 web"); + }); + + it("upsertDesktopTask cannot overwrite another user's task", async () => { + await repo.replaceLists(sql, U1, [{ id: "L", name: "List" }]); + await repo.upsertDesktopTask(sql, U1, "shared-id", { listId: "L", title: "u1 owns this" }); + const res = await repo.upsertDesktopTask(sql, U2, "shared-id", { listId: "L", title: "u2 steal" }); + expect(res.created).toBe(false); + expect((await repo.getTasksForList(sql, U1, "L"))[0].title).toBe("u1 owns this"); + }); + + it("consume and delete are scoped to the caller", async () => { + await repo.replaceLists(sql, U1, [{ id: "L", name: "List" }]); + const t = await repo.createWebTask(sql, U1, { listId: "L", title: "w", description: null }); + expect(await repo.consume(sql, U2, t.id)).toBe(false); + await repo.deleteTask(sql, U2, t.id); // no-op for U2 + expect((await repo.getUnconsumed(sql, U1)).map((x) => x.id)).toEqual([t.id]); + }); +});