feat(shop-role): 实现店铺角色继承功能和权限检查优化

- 新增店铺角色管理 API 和数据模型
- 实现角色继承和权限检查逻辑
- 添加流程测试框架和集成测试
- 更新权限服务和账号管理逻辑
- 添加数据库迁移脚本
- 归档 OpenSpec 变更文档

Ultraworked with Sisyphus

internal/service/account/role_resolver_test.go

@@ -0,0 +1,211 @@
+package account
+
+import (
+	"context"
+	"testing"
+
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/internal/store/postgres"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/tests/testutils"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetRoleIDsForAccount(t *testing.T) {
+	tx := testutils.NewTestTransaction(t)
+	rdb := testutils.GetTestRedis(t)
+	testutils.CleanTestRedisKeys(t, rdb)
+
+	accountStore := postgres.NewAccountStore(tx, rdb)
+	roleStore := postgres.NewRoleStore(tx)
+	accountRoleStore := postgres.NewAccountRoleStore(tx, rdb)
+	shopRoleStore := postgres.NewShopRoleStore(tx, rdb)
+
+	service := New(
+		accountStore,
+		roleStore,
+		accountRoleStore,
+		shopRoleStore,
+		nil,
+		nil,
+		nil,
+	)
+
+	ctx := context.Background()
+
+	t.Run("超级管理员返回空数组", func(t *testing.T) {
+		account := &model.Account{
+			Username: "admin_roletest",
+			Phone:    "13800010001",
+			Password: "hashed",
+			UserType: constants.UserTypeSuperAdmin,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, accountStore.Create(ctx, account))
+
+		roleIDs, err := service.GetRoleIDsForAccount(ctx, account.ID)
+		require.NoError(t, err)
+		assert.Empty(t, roleIDs)
+	})
+
+	t.Run("平台用户返回账号级角色", func(t *testing.T) {
+		account := &model.Account{
+			Username: "platform_roletest",
+			Phone:    "13800010002",
+			Password: "hashed",
+			UserType: constants.UserTypePlatform,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, accountStore.Create(ctx, account))
+
+		role := &model.Role{
+			RoleName: "平台管理员",
+			RoleType: constants.RoleTypePlatform,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, roleStore.Create(ctx, role))
+
+		accountRole := &model.AccountRole{
+			AccountID: account.ID,
+			RoleID:    role.ID,
+			Status:    constants.StatusEnabled,
+			Creator:   1,
+			Updater:   1,
+		}
+		require.NoError(t, accountRoleStore.Create(ctx, accountRole))
+
+		roleIDs, err := service.GetRoleIDsForAccount(ctx, account.ID)
+		require.NoError(t, err)
+		assert.Equal(t, []uint{role.ID}, roleIDs)
+	})
+
+	t.Run("代理账号有账号级角色，不继承店铺角色", func(t *testing.T) {
+		shopID := uint(1)
+		account := &model.Account{
+			Username: "agent_with_roletest",
+			Phone:    "13800010003",
+			Password: "hashed",
+			UserType: constants.UserTypeAgent,
+			ShopID:   &shopID,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, accountStore.Create(ctx, account))
+
+		accountRole := &model.Role{
+			RoleName: "账号角色",
+			RoleType: constants.RoleTypeCustomer,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, roleStore.Create(ctx, accountRole))
+
+		shopRole := &model.Role{
+			RoleName: "店铺角色",
+			RoleType: constants.RoleTypeCustomer,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, roleStore.Create(ctx, shopRole))
+
+		require.NoError(t, accountRoleStore.Create(ctx, &model.AccountRole{
+			AccountID: account.ID,
+			RoleID:    accountRole.ID,
+			Status:    constants.StatusEnabled,
+			Creator:   1,
+			Updater:   1,
+		}))
+
+		require.NoError(t, shopRoleStore.Create(ctx, &model.ShopRole{
+			ShopID:  shopID,
+			RoleID:  shopRole.ID,
+			Status:  constants.StatusEnabled,
+			Creator: 1,
+			Updater: 1,
+		}))
+
+		roleIDs, err := service.GetRoleIDsForAccount(ctx, account.ID)
+		require.NoError(t, err)
+		assert.Equal(t, []uint{accountRole.ID}, roleIDs)
+	})
+
+	t.Run("代理账号无账号级角色，继承店铺角色", func(t *testing.T) {
+		shopID := uint(2)
+		account := &model.Account{
+			Username: "agent_inheritest",
+			Phone:    "13800010004",
+			Password: "hashed",
+			UserType: constants.UserTypeAgent,
+			ShopID:   &shopID,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, accountStore.Create(ctx, account))
+
+		shopRole := &model.Role{
+			RoleName: "店铺默认角色",
+			RoleType: constants.RoleTypeCustomer,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, roleStore.Create(ctx, shopRole))
+
+		require.NoError(t, shopRoleStore.Create(ctx, &model.ShopRole{
+			ShopID:  shopID,
+			RoleID:  shopRole.ID,
+			Status:  constants.StatusEnabled,
+			Creator: 1,
+			Updater: 1,
+		}))
+
+		roleIDs, err := service.GetRoleIDsForAccount(ctx, account.ID)
+		require.NoError(t, err)
+		assert.Equal(t, []uint{shopRole.ID}, roleIDs)
+	})
+
+	t.Run("代理账号无角色且店铺无角色，返回空数组", func(t *testing.T) {
+		shopID := uint(3)
+		account := &model.Account{
+			Username: "agent_notest",
+			Phone:    "13800010005",
+			Password: "hashed",
+			UserType: constants.UserTypeAgent,
+			ShopID:   &shopID,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, accountStore.Create(ctx, account))
+
+		roleIDs, err := service.GetRoleIDsForAccount(ctx, account.ID)
+		require.NoError(t, err)
+		assert.Empty(t, roleIDs)
+	})
+
+	t.Run("企业账号返回账号级角色", func(t *testing.T) {
+		enterpriseID := uint(1)
+		account := &model.Account{
+			Username:     "enterprise_roletest",
+			Phone:        "13800010006",
+			Password:     "hashed",
+			UserType:     constants.UserTypeEnterprise,
+			EnterpriseID: &enterpriseID,
+			Status:       constants.StatusEnabled,
+		}
+		require.NoError(t, accountStore.Create(ctx, account))
+
+		role := &model.Role{
+			RoleName: "企业管理员",
+			RoleType: constants.RoleTypeCustomer,
+			Status:   constants.StatusEnabled,
+		}
+		require.NoError(t, roleStore.Create(ctx, role))
+
+		accountRole := &model.AccountRole{
+			AccountID: account.ID,
+			RoleID:    role.ID,
+			Status:    constants.StatusEnabled,
+			Creator:   1,
+			Updater:   1,
+		}
+		require.NoError(t, accountRoleStore.Create(ctx, accountRole))
+
+		roleIDs, err := service.GetRoleIDsForAccount(ctx, account.ID)
+		require.NoError(t, err)
+		assert.Equal(t, []uint{role.ID}, roleIDs)
+	})
+}