feat(role): 新增平台角色管理功能增强

- 权限表增加 available_for_role_types 字段，支持标记权限可用角色类型 - 权限列表和权限树接口支持按 available_for_role_type 过滤 - 新增角色状态切换接口 PUT /api/admin/roles/:id/status - 角色分配权限时验证权限的可用角色类型 - 完善数据库迁移脚本和单元测试 - 补充数据库迁移相关开发规范文档
2026-01-14 12:15:57 +08:00
parent 9c399df6bc
commit 5556b1028c
22 changed files with 1474 additions and 87 deletions
--- a/tests/unit/permission_platform_filter_test.go
+++ b/tests/unit/permission_platform_filter_test.go
@@ -192,7 +192,7 @@ func TestPermissionPlatformFilter_Tree(t *testing.T) {
 	require.NoError(t, db.Create(child).Error)

 	// 获取权限树
-	tree, err := service.GetTree(ctx)
+	tree, err := service.GetTree(ctx, nil)
 	require.NoError(t, err)
 	require.Len(t, tree, 1)

--- a/tests/unit/permission_store_test.go
+++ b/tests/unit/permission_store_test.go
@@ -0,0 +1,239 @@
+package unit
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/internal/store/postgres"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/tests/testutils"
+)
+
+func TestPermissionStore_List_AvailableForRoleTypes(t *testing.T) {
+	db, redisClient := testutils.SetupTestDB(t)
+	defer testutils.TeardownTestDB(t, db, redisClient)
+
+	store := postgres.NewPermissionStore(db)
+	ctx := context.Background()
+
+	platformPerm := &model.Permission{
+		PermName:              "平台专用权限",
+		PermCode:              "platform:only",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "1",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err := store.Create(ctx, platformPerm)
+	require.NoError(t, err)
+
+	customerPerm := &model.Permission{
+		PermName:              "客户专用权限",
+		PermCode:              "customer:only",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "2",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = store.Create(ctx, customerPerm)
+	require.NoError(t, err)
+
+	commonPerm := &model.Permission{
+		PermName:              "通用权限",
+		PermCode:              "common:perm",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "1,2",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = store.Create(ctx, commonPerm)
+	require.NoError(t, err)
+
+	t.Run("过滤平台角色可用权限", func(t *testing.T) {
+		filters := map[string]interface{}{
+			"available_for_role_type": 1,
+		}
+		perms, _, err := store.List(ctx, nil, filters)
+		require.NoError(t, err)
+
+		var codes []string
+		for _, p := range perms {
+			codes = append(codes, p.PermCode)
+		}
+		assert.Contains(t, codes, "platform:only")
+		assert.Contains(t, codes, "common:perm")
+		assert.NotContains(t, codes, "customer:only")
+	})
+
+	t.Run("过滤客户角色可用权限", func(t *testing.T) {
+		filters := map[string]interface{}{
+			"available_for_role_type": 2,
+		}
+		perms, _, err := store.List(ctx, nil, filters)
+		require.NoError(t, err)
+
+		var codes []string
+		for _, p := range perms {
+			codes = append(codes, p.PermCode)
+		}
+		assert.Contains(t, codes, "customer:only")
+		assert.Contains(t, codes, "common:perm")
+		assert.NotContains(t, codes, "platform:only")
+	})
+
+	t.Run("不过滤时返回所有权限", func(t *testing.T) {
+		perms, _, err := store.List(ctx, nil, nil)
+		require.NoError(t, err)
+
+		var codes []string
+		for _, p := range perms {
+			codes = append(codes, p.PermCode)
+		}
+		assert.Contains(t, codes, "platform:only")
+		assert.Contains(t, codes, "customer:only")
+		assert.Contains(t, codes, "common:perm")
+	})
+}
+
+func TestPermissionStore_GetAll_AvailableForRoleType(t *testing.T) {
+	db, redisClient := testutils.SetupTestDB(t)
+	defer testutils.TeardownTestDB(t, db, redisClient)
+
+	store := postgres.NewPermissionStore(db)
+	ctx := context.Background()
+
+	platformPerm := &model.Permission{
+		PermName:              "平台菜单",
+		PermCode:              "platform:menu",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "1",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err := store.Create(ctx, platformPerm)
+	require.NoError(t, err)
+
+	customerPerm := &model.Permission{
+		PermName:              "客户菜单",
+		PermCode:              "customer:menu",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "2",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = store.Create(ctx, customerPerm)
+	require.NoError(t, err)
+
+	t.Run("GetAll按平台角色类型过滤", func(t *testing.T) {
+		roleType := 1
+		perms, err := store.GetAll(ctx, &roleType)
+		require.NoError(t, err)
+
+		var codes []string
+		for _, p := range perms {
+			codes = append(codes, p.PermCode)
+		}
+		assert.Contains(t, codes, "platform:menu")
+		assert.NotContains(t, codes, "customer:menu")
+	})
+
+	t.Run("GetAll按客户角色类型过滤", func(t *testing.T) {
+		roleType := 2
+		perms, err := store.GetAll(ctx, &roleType)
+		require.NoError(t, err)
+
+		var codes []string
+		for _, p := range perms {
+			codes = append(codes, p.PermCode)
+		}
+		assert.Contains(t, codes, "customer:menu")
+		assert.NotContains(t, codes, "platform:menu")
+	})
+
+	t.Run("GetAll不过滤时返回所有", func(t *testing.T) {
+		perms, err := store.GetAll(ctx, nil)
+		require.NoError(t, err)
+
+		var codes []string
+		for _, p := range perms {
+			codes = append(codes, p.PermCode)
+		}
+		assert.Contains(t, codes, "platform:menu")
+		assert.Contains(t, codes, "customer:menu")
+	})
+}
+
+func TestPermissionStore_GetByPlatform_AvailableForRoleType(t *testing.T) {
+	db, redisClient := testutils.SetupTestDB(t)
+	defer testutils.TeardownTestDB(t, db, redisClient)
+
+	store := postgres.NewPermissionStore(db)
+	ctx := context.Background()
+
+	webPlatformPerm := &model.Permission{
+		PermName:              "Web平台权限",
+		PermCode:              "web:platform",
+		PermType:              1,
+		Platform:              "web",
+		AvailableForRoleTypes: "1",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err := store.Create(ctx, webPlatformPerm)
+	require.NoError(t, err)
+
+	h5CustomerPerm := &model.Permission{
+		PermName:              "H5客户权限",
+		PermCode:              "h5:customer",
+		PermType:              1,
+		Platform:              "h5",
+		AvailableForRoleTypes: "2",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = store.Create(ctx, h5CustomerPerm)
+	require.NoError(t, err)
+
+	t.Run("同时按平台和角色类型过滤", func(t *testing.T) {
+		roleType := 1
+		perms, err := store.GetByPlatform(ctx, "web", &roleType)
+		require.NoError(t, err)
+
+		var codes []string
+		for _, p := range perms {
+			codes = append(codes, p.PermCode)
+		}
+		assert.Contains(t, codes, "web:platform")
+		assert.NotContains(t, codes, "h5:customer")
+	})
+}
--- a/tests/unit/role_service_test.go
+++ b/tests/unit/role_service_test.go
@@ -0,0 +1,182 @@
+package unit
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/internal/service/role"
+	"github.com/break/junhong_cmp_fiber/internal/store/postgres"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/tests/testutils"
+)
+
+func TestRoleService_AssignPermissions_ValidateAvailableForRoleTypes(t *testing.T) {
+	db, redisClient := testutils.SetupTestDB(t)
+	defer testutils.TeardownTestDB(t, db, redisClient)
+
+	roleStore := postgres.NewRoleStore(db)
+	permStore := postgres.NewPermissionStore(db)
+	rolePermStore := postgres.NewRolePermissionStore(db)
+	service := role.New(roleStore, permStore, rolePermStore)
+
+	ctx := createContextWithUserID(1)
+
+	platformRole := &model.Role{
+		RoleName: "平台管理员",
+		RoleDesc: "平台角色",
+		RoleType: 1,
+		Status:   constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err := roleStore.Create(ctx, platformRole)
+	require.NoError(t, err)
+
+	customerRole := &model.Role{
+		RoleName: "客户管理员",
+		RoleDesc: "客户角色",
+		RoleType: 2,
+		Status:   constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = roleStore.Create(ctx, customerRole)
+	require.NoError(t, err)
+
+	platformPerm := &model.Permission{
+		PermName:              "平台权限",
+		PermCode:              "platform:manage",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "1",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = permStore.Create(ctx, platformPerm)
+	require.NoError(t, err)
+
+	customerPerm := &model.Permission{
+		PermName:              "客户权限",
+		PermCode:              "customer:manage",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "2",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = permStore.Create(ctx, customerPerm)
+	require.NoError(t, err)
+
+	commonPerm := &model.Permission{
+		PermName:              "通用权限",
+		PermCode:              "common:view",
+		PermType:              1,
+		Platform:              "all",
+		AvailableForRoleTypes: "1,2",
+		Status:                constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err = permStore.Create(ctx, commonPerm)
+	require.NoError(t, err)
+
+	t.Run("为平台角色分配平台权限-成功", func(t *testing.T) {
+		rps, err := service.AssignPermissions(ctx, platformRole.ID, []uint{platformPerm.ID})
+		require.NoError(t, err)
+		assert.NotEmpty(t, rps)
+	})
+
+	t.Run("为平台角色分配通用权限-成功", func(t *testing.T) {
+		rps, err := service.AssignPermissions(ctx, platformRole.ID, []uint{commonPerm.ID})
+		require.NoError(t, err)
+		assert.NotEmpty(t, rps)
+	})
+
+	t.Run("为平台角色分配客户专用权限-失败", func(t *testing.T) {
+		_, err := service.AssignPermissions(ctx, platformRole.ID, []uint{customerPerm.ID})
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "不适用于此角色类型")
+	})
+
+	t.Run("为客户角色分配客户权限-成功", func(t *testing.T) {
+		rps, err := service.AssignPermissions(ctx, customerRole.ID, []uint{customerPerm.ID})
+		require.NoError(t, err)
+		assert.NotEmpty(t, rps)
+	})
+
+	t.Run("为客户角色分配平台专用权限-失败", func(t *testing.T) {
+		_, err := service.AssignPermissions(ctx, customerRole.ID, []uint{platformPerm.ID})
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "不适用于此角色类型")
+	})
+
+	t.Run("批量分配权限时部分不匹配-失败", func(t *testing.T) {
+		_, err := service.AssignPermissions(ctx, platformRole.ID, []uint{platformPerm.ID, customerPerm.ID})
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "不适用于此角色类型")
+	})
+}
+
+func TestRoleService_UpdateStatus(t *testing.T) {
+	db, redisClient := testutils.SetupTestDB(t)
+	defer testutils.TeardownTestDB(t, db, redisClient)
+
+	roleStore := postgres.NewRoleStore(db)
+	permStore := postgres.NewPermissionStore(db)
+	rolePermStore := postgres.NewRolePermissionStore(db)
+	service := role.New(roleStore, permStore, rolePermStore)
+
+	ctx := createContextWithUserID(1)
+
+	testRole := &model.Role{
+		RoleName: "测试角色",
+		RoleDesc: "用于测试状态切换",
+		RoleType: 1,
+		Status:   constants.StatusEnabled,
+		BaseModel: model.BaseModel{
+			Creator: 1,
+			Updater: 1,
+		},
+	}
+	err := roleStore.Create(ctx, testRole)
+	require.NoError(t, err)
+
+	t.Run("禁用角色", func(t *testing.T) {
+		err := service.UpdateStatus(ctx, testRole.ID, constants.StatusDisabled)
+		require.NoError(t, err)
+
+		role, err := roleStore.GetByID(ctx, testRole.ID)
+		require.NoError(t, err)
+		assert.Equal(t, constants.StatusDisabled, role.Status)
+	})
+
+	t.Run("启用角色", func(t *testing.T) {
+		err := service.UpdateStatus(ctx, testRole.ID, constants.StatusEnabled)
+		require.NoError(t, err)
+
+		role, err := roleStore.GetByID(ctx, testRole.ID)
+		require.NoError(t, err)
+		assert.Equal(t, constants.StatusEnabled, role.Status)
+	})
+
+	t.Run("更新不存在的角色-失败", func(t *testing.T) {
+		err := service.UpdateStatus(ctx, 99999, constants.StatusEnabled)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "角色不存在")
+	})
+}