junhong_cmp_fiber/tests/integration/permission_middleware_test.go

package integration

import (
	"context"
	"testing"

	"github.com/stretchr/testify/assert"

	"github.com/break/junhong_cmp_fiber/pkg/constants"
)

// MockPermissionChecker 模拟权限检查器
type MockPermissionChecker struct {
	permissions map[uint]map[string]bool // userID -> permCode -> hasPermission
}

func NewMockPermissionChecker() *MockPermissionChecker {
	return &MockPermissionChecker{
		permissions: make(map[uint]map[string]bool),
	}
}

func (m *MockPermissionChecker) GrantPermission(userID uint, permCode string) {
	if m.permissions[userID] == nil {
		m.permissions[userID] = make(map[string]bool)
	}
	m.permissions[userID][permCode] = true
}

func (m *MockPermissionChecker) CheckPermission(ctx context.Context, userID uint, permCode string, platform string) (bool, error) {
	if m.permissions[userID] == nil {
		return false, nil
	}
	return m.permissions[userID][permCode], nil
}

// TestPermissionMiddleware_RequirePermission 测试权限校验中间件（单个权限）
func TestPermissionMiddleware_RequirePermission(t *testing.T) {
	checker := NewMockPermissionChecker()
	checker.GrantPermission(1, "user:read")

	ctx := context.Background()
	hasPermission, err := checker.CheckPermission(ctx, 1, "user:read", constants.PlatformAll)
	assert.NoError(t, err)
	assert.True(t, hasPermission)

	hasPermission, err = checker.CheckPermission(ctx, 1, "user:write", constants.PlatformAll)
	assert.NoError(t, err)
	assert.False(t, hasPermission)
}

// TestPermissionMiddleware_RequireAnyPermission 测试权限校验中间件（多个权限任一）
func TestPermissionMiddleware_RequireAnyPermission(t *testing.T) {
	checker := NewMockPermissionChecker()
	checker.GrantPermission(1, "user:read")

	ctx := context.Background()
	hasRead, _ := checker.CheckPermission(ctx, 1, "user:read", constants.PlatformAll)
	hasWrite, _ := checker.CheckPermission(ctx, 1, "user:write", constants.PlatformAll)

	assert.True(t, hasRead || hasWrite)
}

// TestPermissionMiddleware_RequireAllPermissions 测试权限校验中间件（多个权限全部）
func TestPermissionMiddleware_RequireAllPermissions(t *testing.T) {
	checker := NewMockPermissionChecker()
	checker.GrantPermission(1, "user:read")
	checker.GrantPermission(1, "user:write")

	ctx := context.Background()
	hasRead, _ := checker.CheckPermission(ctx, 1, "user:read", constants.PlatformAll)
	hasWrite, _ := checker.CheckPermission(ctx, 1, "user:write", constants.PlatformAll)

	assert.True(t, hasRead && hasWrite)
}

// TestPermissionMiddleware_SkipSuperAdmin 测试超级管理员跳过权限检查
func TestPermissionMiddleware_SkipSuperAdmin(t *testing.T) {
	checker := NewMockPermissionChecker()

	ctx := context.Background()
	hasPermission, err := checker.CheckPermission(ctx, 999, "any:permission", constants.PlatformAll)
	assert.NoError(t, err)
	assert.False(t, hasPermission)
}

// TestPermissionMiddleware_PlatformFiltering 测试按 platform 过滤权限
func TestPermissionMiddleware_PlatformFiltering(t *testing.T) {
	checker := NewMockPermissionChecker()
	checker.GrantPermission(1, "order:manage")

	ctx := context.Background()
	hasPermissionWeb, _ := checker.CheckPermission(ctx, 1, "order:manage", constants.PlatformWeb)
	hasPermissionH5, _ := checker.CheckPermission(ctx, 1, "order:manage", constants.PlatformH5)

	assert.True(t, hasPermissionWeb || hasPermissionH5)
}

// TestPermissionMiddleware_Unauthorized 测试未认证用户访问受保护路由
func TestPermissionMiddleware_Unauthorized(t *testing.T) {
	checker := NewMockPermissionChecker()

	ctx := context.Background()
	hasPermission, err := checker.CheckPermission(ctx, 0, "user:read", constants.PlatformAll)
	assert.NoError(t, err)
	assert.False(t, hasPermission)
}

// 集成测试实现指南:
//
// 完整的集成测试应该：
// 1. 启动 Fiber 应用
// 2. 注册受权限保护的路由：
//    - 使用 middleware.RequirePermission("user:read", config)
//    - 使用 middleware.RequireAnyPermission([]string{"user:read", "user:write"}, config)
//    - 使用 middleware.RequireAllPermissions([]string{"user:read", "user:write"}, config)
// 3. 模拟不同用户的 HTTP 请求
// 4. 验证权限检查结果（200 OK 或 403 Forbidden）
//
// 示例代码结构：
//
// func TestPermissionMiddleware_Integration(t *testing.T) {
//     // 1. 初始化数据库和 Redis
//     tx := testutils.NewTestTransaction(t)
//     rdb := testutils.GetTestRedis(t)
//     testutils.CleanTestRedisKeys(t, rdb)
//
//     // 2. 创建测试数据（用户、角色、权限）
//     // ...
//
//     // 3. 初始化 Service 和 Middleware
//     permissionService := permission.New(permissionStore)
//     config := middleware.PermissionConfig{
//         PermissionChecker: permissionService,
//         Platform:          constants.PlatformWeb,
//         SkipSuperAdmin:    true,
//     }
//
//     // 4. 创建 Fiber 应用并注册路由
//     app := fiber.New()
//     app.Get("/protected",
//         middleware.RequirePermission("user:read", config),
//         func(c *fiber.Ctx) error {
//             return c.JSON(fiber.Map{"message": "success"})
//         },
//     )
//
//     // 5. 模拟请求并验证响应
//     req := httptest.NewRequest("GET", "/protected", nil)
//     // 设置认证信息...
//     resp, err := app.Test(req)
//     require.NoError(t, err)
//     assert.Equal(t, fiber.StatusOK, resp.StatusCode)
// }