huang
1b9080e3ab
本次提交完成了角色权限体系的重构,主要包括: 1. 数据库迁移 - 添加 tb_permission.platform 字段(all/web/h5) - 更新 tb_role.role_type 注释(1=平台角色,2=客户角色) 2. GORM 模型更新 - Permission 模型添加 Platform 字段 - Role 模型更新 RoleType 注释 3. 常量定义 - 新增角色类型常量(RoleTypePlatform, RoleTypeCustomer) - 新增权限端口常量(PlatformAll, PlatformWeb, PlatformH5) - 添加角色类型与用户类型匹配规则函数 4. Store 层实现 - Permission Store 支持按 platform 过滤 - Account Role Store 添加 CountByAccountID 方法 5. Service 层实现 - 角色分配支持类型匹配校验 - 角色分配支持数量限制(超级管理员0个,平台用户无限制,代理/企业1个) - Permission Service 支持 platform 过滤 6. 权限校验中间件 - 实现 RequirePermission、RequireAnyPermission、RequireAllPermissions - 支持 platform 字段过滤 - 支持跳过超级管理员检查 7. 测试用例 - 角色类型匹配规则单元测试 - 角色分配数量限制单元测试 - 权限 platform 过滤单元测试 - 权限校验中间件集成测试(占位) 8. 代码清理 - 删除过时的 subordinate 测试文件 - 移除 Account.ParentID 相关引用 - 更新 DTO 验证规则 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
180 lines
6.3 KiB
Go
180 lines
6.3 KiB
Go
package unit
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/break/junhong_cmp_fiber/internal/model"
|
|
"github.com/break/junhong_cmp_fiber/internal/service/account"
|
|
"github.com/break/junhong_cmp_fiber/internal/store/postgres"
|
|
"github.com/break/junhong_cmp_fiber/pkg/constants"
|
|
"github.com/break/junhong_cmp_fiber/pkg/middleware"
|
|
"github.com/break/junhong_cmp_fiber/tests/testutils"
|
|
)
|
|
|
|
// TestRoleAssignmentLimit_PlatformUser 测试平台用户可以分配多个角色(无限制)
|
|
func TestRoleAssignmentLimit_PlatformUser(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, 1, constants.UserTypeSuperAdmin, 0)
|
|
|
|
// 创建平台用户
|
|
platformUser := &model.Account{
|
|
Username: "platform_user",
|
|
Phone: "13800000001",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypePlatform,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(platformUser).Error)
|
|
|
|
// 创建 3 个平台角色
|
|
roles := []*model.Role{
|
|
{RoleName: "运营", RoleType: constants.RoleTypePlatform, Status: constants.StatusEnabled},
|
|
{RoleName: "客服", RoleType: constants.RoleTypePlatform, Status: constants.StatusEnabled},
|
|
{RoleName: "财务", RoleType: constants.RoleTypePlatform, Status: constants.StatusEnabled},
|
|
}
|
|
for _, role := range roles {
|
|
require.NoError(t, db.Create(role).Error)
|
|
}
|
|
|
|
// 为平台用户分配 3 个角色(应该成功,因为平台用户无限制)
|
|
roleIDs := []uint{roles[0].ID, roles[1].ID, roles[2].ID}
|
|
ars, err := service.AssignRoles(ctx, platformUser.ID, roleIDs)
|
|
require.NoError(t, err)
|
|
assert.Len(t, ars, 3)
|
|
}
|
|
|
|
// TestRoleAssignmentLimit_AgentUser 测试代理账号只能分配一个角色
|
|
func TestRoleAssignmentLimit_AgentUser(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, 1, constants.UserTypeSuperAdmin, 0)
|
|
|
|
// 创建代理账号
|
|
agentAccount := &model.Account{
|
|
Username: "agent_user",
|
|
Phone: "13800000002",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypeAgent,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(agentAccount).Error)
|
|
|
|
// 创建 2 个客户角色
|
|
roles := []*model.Role{
|
|
{RoleName: "一级代理", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
{RoleName: "二级代理", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
}
|
|
for _, role := range roles {
|
|
require.NoError(t, db.Create(role).Error)
|
|
}
|
|
|
|
// 先分配第一个角色(应该成功)
|
|
ars, err := service.AssignRoles(ctx, agentAccount.ID, []uint{roles[0].ID})
|
|
require.NoError(t, err)
|
|
assert.Len(t, ars, 1)
|
|
|
|
// 尝试分配第二个角色(应该失败,超过数量限制)
|
|
_, err = service.AssignRoles(ctx, agentAccount.ID, []uint{roles[1].ID})
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "最多只能分配 1 个角色")
|
|
}
|
|
|
|
// TestRoleAssignmentLimit_EnterpriseUser 测试企业账号只能分配一个角色
|
|
func TestRoleAssignmentLimit_EnterpriseUser(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, 1, constants.UserTypeSuperAdmin, 0)
|
|
|
|
// 创建企业账号
|
|
enterpriseAccount := &model.Account{
|
|
Username: "enterprise_user",
|
|
Phone: "13800000003",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypeEnterprise,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(enterpriseAccount).Error)
|
|
|
|
// 创建 2 个客户角色
|
|
roles := []*model.Role{
|
|
{RoleName: "企业普通", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
{RoleName: "企业高级", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
}
|
|
for _, role := range roles {
|
|
require.NoError(t, db.Create(role).Error)
|
|
}
|
|
|
|
// 先分配第一个角色(应该成功)
|
|
ars, err := service.AssignRoles(ctx, enterpriseAccount.ID, []uint{roles[0].ID})
|
|
require.NoError(t, err)
|
|
assert.Len(t, ars, 1)
|
|
|
|
// 尝试分配第二个角色(应该失败,超过数量限制)
|
|
_, err = service.AssignRoles(ctx, enterpriseAccount.ID, []uint{roles[1].ID})
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "最多只能分配 1 个角色")
|
|
}
|
|
|
|
// TestRoleAssignmentLimit_SuperAdmin 测试超级管理员不允许分配角色
|
|
func TestRoleAssignmentLimit_SuperAdmin(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, 1, constants.UserTypeSuperAdmin, 0)
|
|
|
|
// 创建超级管理员
|
|
superAdmin := &model.Account{
|
|
Username: "superadmin",
|
|
Phone: "13800000004",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypeSuperAdmin,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(superAdmin).Error)
|
|
|
|
// 创建一个平台角色
|
|
role := &model.Role{
|
|
RoleName: "测试角色",
|
|
RoleType: constants.RoleTypePlatform,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(role).Error)
|
|
|
|
// 尝试为超级管理员分配角色(应该失败)
|
|
_, err := service.AssignRoles(ctx, superAdmin.ID, []uint{role.ID})
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "不需要分配角色")
|
|
}
|