csxj2026/junhong_cmp_fiber
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
1b9080e3ab268e98c47984535885ea59449b6944
junhong_cmp_fiber/tests/integration/account_role_test.go
huang 1b9080e3ab 实现角色权限体系重构 
本次提交完成了角色权限体系的重构,主要包括:

1. 数据库迁移
   - 添加 tb_permission.platform 字段(all/web/h5)
   - 更新 tb_role.role_type 注释(1=平台角色,2=客户角色)

2. GORM 模型更新
   - Permission 模型添加 Platform 字段
   - Role 模型更新 RoleType 注释

3. 常量定义
   - 新增角色类型常量(RoleTypePlatform, RoleTypeCustomer)
   - 新增权限端口常量(PlatformAll, PlatformWeb, PlatformH5)
   - 添加角色类型与用户类型匹配规则函数

4. Store 层实现
   - Permission Store 支持按 platform 过滤
   - Account Role Store 添加 CountByAccountID 方法

5. Service 层实现
   - 角色分配支持类型匹配校验
   - 角色分配支持数量限制(超级管理员0个,平台用户无限制,代理/企业1个)
   - Permission Service 支持 platform 过滤

6. 权限校验中间件
   - 实现 RequirePermission、RequireAnyPermission、RequireAllPermissions
   - 支持 platform 字段过滤
   - 支持跳过超级管理员检查

7. 测试用例
   - 角色类型匹配规则单元测试
   - 角色分配数量限制单元测试
   - 权限 platform 过滤单元测试
   - 权限校验中间件集成测试(占位)

8. 代码清理
   - 删除过时的 subordinate 测试文件
   - 移除 Account.ParentID 相关引用
   - 更新 DTO 验证规则

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-10 09:51:52 +08:00

349 lines
10 KiB
Go
Raw Blame History

package integration
import (
"context"
"testing"
"time"
"github.com/redis/go-redis/v9"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/testcontainers/testcontainers-go"
testcontainers_postgres "github.com/testcontainers/testcontainers-go/modules/postgres"
testcontainers_redis "github.com/testcontainers/testcontainers-go/modules/redis"
"github.com/testcontainers/testcontainers-go/wait"
"gorm.io/driver/postgres"
"gorm.io/gorm"
"gorm.io/gorm/logger"
"github.com/break/junhong_cmp_fiber/internal/model"
accountService "github.com/break/junhong_cmp_fiber/internal/service/account"
postgresStore "github.com/break/junhong_cmp_fiber/internal/store/postgres"
"github.com/break/junhong_cmp_fiber/pkg/constants"
"github.com/break/junhong_cmp_fiber/pkg/middleware"
)
// TestAccountRoleAssociation_AssignRoles 测试账号角色分配功能
func TestAccountRoleAssociation_AssignRoles(t *testing.T) {
ctx := context.Background()
// 启动 PostgreSQL 容器
pgContainer, err := testcontainers_postgres.Run(ctx,
"postgres:14-alpine",
testcontainers_postgres.WithDatabase("testdb"),
testcontainers_postgres.WithUsername("postgres"),
testcontainers_postgres.WithPassword("password"),
testcontainers.WithWaitStrategy(
wait.ForLog("database system is ready to accept connections").
WithOccurrence(2).
WithStartupTimeout(30*time.Second),
),
)
require.NoError(t, err, "启动 PostgreSQL 容器失败")
defer func() { _ = pgContainer.Terminate(ctx) }()
pgConnStr, err := pgContainer.ConnectionString(ctx, "sslmode=disable")
require.NoError(t, err)
// 启动 Redis 容器
redisContainer, err := testcontainers_redis.Run(ctx,
"redis:6-alpine",
)
require.NoError(t, err, "启动 Redis 容器失败")
defer func() { _ = redisContainer.Terminate(ctx) }()
redisHost, _ := redisContainer.Host(ctx)
redisPort, _ := redisContainer.MappedPort(ctx, "6379")
// 连接数据库
db, err := gorm.Open(postgres.Open(pgConnStr), &gorm.Config{
Logger: logger.Default.LogMode(logger.Silent),
})
require.NoError(t, err)
// 自动迁移
err = db.AutoMigrate(
&model.Account{},
&model.Role{},
&model.AccountRole{},
)
require.NoError(t, err)
// 连接 Redis
redisClient := redis.NewClient(&redis.Options{
Addr: redisHost + ":" + redisPort.Port(),
})
// 初始化 Store 和 Service
accountStore := postgresStore.NewAccountStore(db, redisClient)
roleStore := postgresStore.NewRoleStore(db)
accountRoleStore := postgresStore.NewAccountRoleStore(db)
accService := accountService.New(accountStore, roleStore, accountRoleStore)
// 创建测试用户上下文
userCtx := middleware.SetUserContext(ctx, 1, constants.UserTypeSuperAdmin, 0)
t.Run("成功分配单个角色", func(t *testing.T) {
// 创建测试账号
account := &model.Account{
Username: "single_role_test",
Phone: "13800000100",
Password: "hashedpassword",
UserType: constants.UserTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(account)
// 创建测试角色
role := &model.Role{
RoleName: "单角色测试",
RoleType: constants.RoleTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(role)
// 分配角色
ars, err := accService.AssignRoles(userCtx, account.ID, []uint{role.ID})
require.NoError(t, err)
assert.Len(t, ars, 1)
assert.Equal(t, account.ID, ars[0].AccountID)
assert.Equal(t, role.ID, ars[0].RoleID)
})
t.Run("成功分配多个角色", func(t *testing.T) {
// 创建测试账号
account := &model.Account{
Username: "multi_role_test",
Phone: "13800000101",
Password: "hashedpassword",
UserType: constants.UserTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(account)
// 创建多个测试角色
roles := make([]*model.Role, 3)
roleIDs := make([]uint, 3)
for i := 0; i < 3; i++ {
roles[i] = &model.Role{
RoleName: "多角色测试_" + string(rune('A'+i)),
RoleType: constants.RoleTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(roles[i])
roleIDs[i] = roles[i].ID
}
// 分配角色
ars, err := accService.AssignRoles(userCtx, account.ID, roleIDs)
require.NoError(t, err)
assert.Len(t, ars, 3)
})
t.Run("获取账号的角色列表", func(t *testing.T) {
// 创建测试账号
account := &model.Account{
Username: "get_roles_test",
Phone: "13800000102",
Password: "hashedpassword",
UserType: constants.UserTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(account)
// 创建并分配角色
role := &model.Role{
RoleName: "获取角色列表测试",
RoleType: constants.RoleTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(role)
_, err := accService.AssignRoles(userCtx, account.ID, []uint{role.ID})
require.NoError(t, err)
// 获取角色列表
roles, err := accService.GetRoles(userCtx, account.ID)
require.NoError(t, err)
assert.Len(t, roles, 1)
assert.Equal(t, role.ID, roles[0].ID)
})
t.Run("移除账号的角色", func(t *testing.T) {
// 创建测试账号
account := &model.Account{
Username: "remove_role_test",
Phone: "13800000103",
Password: "hashedpassword",
UserType: constants.UserTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(account)
// 创建并分配角色
role := &model.Role{
RoleName: "移除角色测试",
RoleType: constants.RoleTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(role)
_, err := accService.AssignRoles(userCtx, account.ID, []uint{role.ID})
require.NoError(t, err)
// 移除角色
err = accService.RemoveRole(userCtx, account.ID, role.ID)
require.NoError(t, err)
// 验证角色已被软删除
var ar model.AccountRole
err = db.Unscoped().Where("account_id = ? AND role_id = ?", account.ID, role.ID).First(&ar).Error
require.NoError(t, err)
assert.NotNil(t, ar.DeletedAt)
})
t.Run("重复分配角色不会创建重复记录", func(t *testing.T) {
// 创建测试账号
account := &model.Account{
Username: "duplicate_role_test",
Phone: "13800000104",
Password: "hashedpassword",
UserType: constants.UserTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(account)
// 创建测试角色
role := &model.Role{
RoleName: "重复分配测试",
RoleType: constants.RoleTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(role)
// 第一次分配
_, err := accService.AssignRoles(userCtx, account.ID, []uint{role.ID})
require.NoError(t, err)
// 第二次分配相同角色
_, err = accService.AssignRoles(userCtx, account.ID, []uint{role.ID})
require.NoError(t, err)
// 验证只有一条记录
var count int64
db.Model(&model.AccountRole{}).Where("account_id = ? AND role_id = ?", account.ID, role.ID).Count(&count)
assert.Equal(t, int64(1), count)
})
t.Run("账号不存在时分配角色失败", func(t *testing.T) {
role := &model.Role{
RoleName: "账号不存在测试",
RoleType: constants.RoleTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(role)
_, err := accService.AssignRoles(userCtx, 99999, []uint{role.ID})
assert.Error(t, err)
})
t.Run("角色不存在时分配失败", func(t *testing.T) {
account := &model.Account{
Username: "role_not_exist_test",
Phone: "13800000105",
Password: "hashedpassword",
UserType: constants.UserTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(account)
_, err := accService.AssignRoles(userCtx, account.ID, []uint{99999})
assert.Error(t, err)
})
}
// TestAccountRoleAssociation_SoftDelete 测试软删除对账号角色关联的影响
func TestAccountRoleAssociation_SoftDelete(t *testing.T) {
ctx := context.Background()
// 启动容器
pgContainer, err := testcontainers_postgres.Run(ctx,
"postgres:14-alpine",
testcontainers_postgres.WithDatabase("testdb"),
testcontainers_postgres.WithUsername("postgres"),
testcontainers_postgres.WithPassword("password"),
testcontainers.WithWaitStrategy(
wait.ForLog("database system is ready to accept connections").
WithOccurrence(2).
WithStartupTimeout(30*time.Second),
),
)
require.NoError(t, err)
defer func() { _ = pgContainer.Terminate(ctx) }()
pgConnStr, _ := pgContainer.ConnectionString(ctx, "sslmode=disable")
redisContainer, err := testcontainers_redis.Run(ctx,
"redis:6-alpine",
)
require.NoError(t, err)
defer func() { _ = redisContainer.Terminate(ctx) }()
redisHost, _ := redisContainer.Host(ctx)
redisPort, _ := redisContainer.MappedPort(ctx, "6379")
// 设置环境
db, _ := gorm.Open(postgres.Open(pgConnStr), &gorm.Config{
Logger: logger.Default.LogMode(logger.Silent),
})
_ = db.AutoMigrate(&model.Account{}, &model.Role{}, &model.AccountRole{})
redisClient := redis.NewClient(&redis.Options{
Addr: redisHost + ":" + redisPort.Port(),
})
accountStore := postgresStore.NewAccountStore(db, redisClient)
roleStore := postgresStore.NewRoleStore(db)
accountRoleStore := postgresStore.NewAccountRoleStore(db)
accService := accountService.New(accountStore, roleStore, accountRoleStore)
userCtx := middleware.SetUserContext(ctx, 1, constants.UserTypeSuperAdmin, 0)
t.Run("软删除角色后重新分配可以恢复", func(t *testing.T) {
// 创建测试数据
account := &model.Account{
Username: "restore_role_test",
Phone: "13800000200",
Password: "hashedpassword",
UserType: constants.UserTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(account)
role := &model.Role{
RoleName: "恢复角色测试",
RoleType: constants.RoleTypePlatform,
Status: constants.StatusEnabled,
}
db.Create(role)
// 分配角色
_, err := accService.AssignRoles(userCtx, account.ID, []uint{role.ID})
require.NoError(t, err)
// 移除角色
err = accService.RemoveRole(userCtx, account.ID, role.ID)
require.NoError(t, err)
// 重新分配角色
ars, err := accService.AssignRoles(userCtx, account.ID, []uint{role.ID})
require.NoError(t, err)
assert.Len(t, ars, 1)
// 验证关联已恢复
roles, err := accService.GetRoles(userCtx, account.ID)
require.NoError(t, err)
assert.Len(t, roles, 1)
})
}
Reference in New Issue View Git Blame Copy Permalink