Complex auth - types & test importance
In one of the previous posts, I wrote about how tedious problem caching and cache invalidation can be after we introduced a way more complicated relations in Localazy - adding organizations and teams instead of simple user-project.
Such a huge change across the whole system may introduce a lot of bugs and issues. It's not only about a different authorization mechanism that also considers the new relations between organizations and teams.
In many places, the list of users of the given project or list of projects for the given user is required. It's used for search details, invitations, etc. We certainly want all of them to work nicely for organizations and teams.
First, to find all these places where the change is necessary, we just changed the name of key methods - no refactoring, of course. And the compiler informed us about all call sites that need our love :-). It would be crazy to do this without types!
There are several hundreds of tests, and that was the second thing to save our lives! After the huge change, the first run failed - as expected :-). A few minor issues, no big deal. After a fix, from all these tests, just 6 failed to show us fundamental problems in edge cases.
A few more minor fixes, and all tests passed! Yayks.
Tests are overly important!