huang
eaa70ac255
主要功能: - 实现完整的 RBAC 权限系统(账号、角色、权限的多对多关联) - 基于 owner_id + shop_id 的自动数据权限过滤 - 使用 PostgreSQL WITH RECURSIVE 查询下级账号 - Redis 缓存优化下级账号查询性能(30分钟过期) - 支持多租户数据隔离和层级权限管理 技术实现: - 新增 Account、Role、Permission 模型及关联关系表 - 实现 GORM Scopes 自动应用数据权限过滤 - 添加数据库迁移脚本(000002_rbac_data_permission、000003_add_owner_id_shop_id) - 完善错误码定义(1010-1027 为 RBAC 相关错误) - 重构 main.go 采用函数拆分提高可读性 测试覆盖: - 添加 Account、Role、Permission 的集成测试 - 添加数据权限过滤的单元测试和集成测试 - 添加下级账号查询和缓存的单元测试 - 添加 API 回归测试确保向后兼容 文档更新: - 更新 README.md 添加 RBAC 功能说明 - 更新 CLAUDE.md 添加技术栈和开发原则 - 添加 docs/004-rbac-data-permission/ 功能总结和使用指南 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
456 lines
13 KiB
Go
456 lines
13 KiB
Go
package integration
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"github.com/testcontainers/testcontainers-go"
|
|
testcontainers_postgres "github.com/testcontainers/testcontainers-go/modules/postgres"
|
|
"github.com/testcontainers/testcontainers-go/wait"
|
|
"gorm.io/driver/postgres"
|
|
"gorm.io/gorm"
|
|
"gorm.io/gorm/logger"
|
|
|
|
"github.com/break/junhong_cmp_fiber/internal/handler"
|
|
"github.com/break/junhong_cmp_fiber/internal/model"
|
|
"github.com/break/junhong_cmp_fiber/internal/routes"
|
|
permissionService "github.com/break/junhong_cmp_fiber/internal/service/permission"
|
|
postgresStore "github.com/break/junhong_cmp_fiber/internal/store/postgres"
|
|
"github.com/break/junhong_cmp_fiber/pkg/constants"
|
|
"github.com/break/junhong_cmp_fiber/pkg/errors"
|
|
"github.com/break/junhong_cmp_fiber/pkg/middleware"
|
|
"github.com/break/junhong_cmp_fiber/pkg/response"
|
|
)
|
|
|
|
// permTestEnv 权限测试环境
|
|
type permTestEnv struct {
|
|
db *gorm.DB
|
|
app *fiber.App
|
|
permissionService *permissionService.Service
|
|
cleanup func()
|
|
}
|
|
|
|
// setupPermTestEnv 设置权限测试环境
|
|
func setupPermTestEnv(t *testing.T) *permTestEnv {
|
|
t.Helper()
|
|
|
|
ctx := context.Background()
|
|
|
|
// 启动 PostgreSQL 容器
|
|
pgContainer, err := testcontainers_postgres.RunContainer(ctx,
|
|
testcontainers.WithImage("postgres:14-alpine"),
|
|
testcontainers_postgres.WithDatabase("testdb"),
|
|
testcontainers_postgres.WithUsername("postgres"),
|
|
testcontainers_postgres.WithPassword("password"),
|
|
testcontainers.WithWaitStrategy(
|
|
wait.ForLog("database system is ready to accept connections").
|
|
WithOccurrence(2).
|
|
WithStartupTimeout(30*time.Second),
|
|
),
|
|
)
|
|
require.NoError(t, err, "启动 PostgreSQL 容器失败")
|
|
|
|
pgConnStr, err := pgContainer.ConnectionString(ctx, "sslmode=disable")
|
|
require.NoError(t, err)
|
|
|
|
// 连接数据库
|
|
db, err := gorm.Open(postgres.Open(pgConnStr), &gorm.Config{
|
|
Logger: logger.Default.LogMode(logger.Silent),
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
// 自动迁移
|
|
err = db.AutoMigrate(
|
|
&model.Permission{},
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
// 初始化 Store
|
|
permStore := postgresStore.NewPermissionStore(db)
|
|
|
|
// 初始化 Service
|
|
permSvc := permissionService.New(permStore)
|
|
|
|
// 初始化 Handler
|
|
permHandler := handler.NewPermissionHandler(permSvc)
|
|
|
|
// 创建 Fiber App
|
|
app := fiber.New(fiber.Config{
|
|
ErrorHandler: func(c *fiber.Ctx, err error) error {
|
|
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
|
|
},
|
|
})
|
|
|
|
// 注册路由
|
|
services := &routes.Services{
|
|
PermissionHandler: permHandler,
|
|
}
|
|
routes.RegisterRoutes(app, services)
|
|
|
|
return &permTestEnv{
|
|
db: db,
|
|
app: app,
|
|
permissionService: permSvc,
|
|
cleanup: func() {
|
|
if err := pgContainer.Terminate(ctx); err != nil {
|
|
t.Logf("终止 PostgreSQL 容器失败: %v", err)
|
|
}
|
|
},
|
|
}
|
|
}
|
|
|
|
// TestPermissionAPI_Create 测试创建权限 API
|
|
func TestPermissionAPI_Create(t *testing.T) {
|
|
env := setupPermTestEnv(t)
|
|
defer env.cleanup()
|
|
|
|
// 添加测试中间件
|
|
testUserID := uint(1)
|
|
env.app.Use(func(c *fiber.Ctx) error {
|
|
ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeRoot, 0)
|
|
c.SetUserContext(ctx)
|
|
return c.Next()
|
|
})
|
|
|
|
t.Run("成功创建权限", func(t *testing.T) {
|
|
reqBody := model.CreatePermissionRequest{
|
|
PermName: "用户管理",
|
|
PermCode: "user:manage",
|
|
PermType: constants.PermissionTypeMenu,
|
|
URL: "/admin/users",
|
|
}
|
|
|
|
jsonBody, _ := json.Marshal(reqBody)
|
|
req := httptest.NewRequest("POST", "/api/v1/permissions", bytes.NewReader(jsonBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
|
|
var result response.Response
|
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, 0, result.Code)
|
|
|
|
// 验证数据库中权限已创建
|
|
var count int64
|
|
env.db.Model(&model.Permission{}).Where("perm_code = ?", "user:manage").Count(&count)
|
|
assert.Equal(t, int64(1), count)
|
|
})
|
|
|
|
t.Run("权限编码重复时返回错误", func(t *testing.T) {
|
|
// 先创建一个权限
|
|
existingPerm := &model.Permission{
|
|
PermName: "已存在权限",
|
|
PermCode: "existing:perm",
|
|
PermType: constants.PermissionTypeMenu,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(existingPerm)
|
|
|
|
// 尝试创建相同编码的权限
|
|
reqBody := model.CreatePermissionRequest{
|
|
PermName: "新权限",
|
|
PermCode: "existing:perm",
|
|
PermType: constants.PermissionTypeMenu,
|
|
}
|
|
|
|
jsonBody, _ := json.Marshal(reqBody)
|
|
req := httptest.NewRequest("POST", "/api/v1/permissions", bytes.NewReader(jsonBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
|
|
var result response.Response
|
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, errors.CodePermCodeExists, result.Code)
|
|
})
|
|
|
|
t.Run("创建子权限", func(t *testing.T) {
|
|
// 先创建父权限
|
|
parentPerm := &model.Permission{
|
|
PermName: "系统管理",
|
|
PermCode: "system:manage",
|
|
PermType: constants.PermissionTypeMenu,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(parentPerm)
|
|
|
|
// 创建子权限
|
|
reqBody := model.CreatePermissionRequest{
|
|
PermName: "用户列表",
|
|
PermCode: "system:user:list",
|
|
PermType: constants.PermissionTypeButton,
|
|
ParentID: &parentPerm.ID,
|
|
}
|
|
|
|
jsonBody, _ := json.Marshal(reqBody)
|
|
req := httptest.NewRequest("POST", "/api/v1/permissions", bytes.NewReader(jsonBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
|
|
// 验证父权限ID已设置
|
|
var child model.Permission
|
|
env.db.Where("perm_code = ?", "system:user:list").First(&child)
|
|
assert.NotNil(t, child.ParentID)
|
|
assert.Equal(t, parentPerm.ID, *child.ParentID)
|
|
})
|
|
}
|
|
|
|
// TestPermissionAPI_Get 测试获取权限详情 API
|
|
func TestPermissionAPI_Get(t *testing.T) {
|
|
env := setupPermTestEnv(t)
|
|
defer env.cleanup()
|
|
|
|
// 添加测试中间件
|
|
testUserID := uint(1)
|
|
env.app.Use(func(c *fiber.Ctx) error {
|
|
ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeRoot, 0)
|
|
c.SetUserContext(ctx)
|
|
return c.Next()
|
|
})
|
|
|
|
// 创建测试权限
|
|
testPerm := &model.Permission{
|
|
PermName: "获取测试权限",
|
|
PermCode: "get:test:perm",
|
|
PermType: constants.PermissionTypeMenu,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(testPerm)
|
|
|
|
t.Run("成功获取权限详情", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", fmt.Sprintf("/api/v1/permissions/%d", testPerm.ID), nil)
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
|
|
var result response.Response
|
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, 0, result.Code)
|
|
})
|
|
|
|
t.Run("权限不存在时返回错误", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/api/v1/permissions/99999", nil)
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
|
|
var result response.Response
|
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, errors.CodePermissionNotFound, result.Code)
|
|
})
|
|
}
|
|
|
|
// TestPermissionAPI_Update 测试更新权限 API
|
|
func TestPermissionAPI_Update(t *testing.T) {
|
|
env := setupPermTestEnv(t)
|
|
defer env.cleanup()
|
|
|
|
// 添加测试中间件
|
|
testUserID := uint(1)
|
|
env.app.Use(func(c *fiber.Ctx) error {
|
|
ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeRoot, 0)
|
|
c.SetUserContext(ctx)
|
|
return c.Next()
|
|
})
|
|
|
|
// 创建测试权限
|
|
testPerm := &model.Permission{
|
|
PermName: "更新测试权限",
|
|
PermCode: "update:test:perm",
|
|
PermType: constants.PermissionTypeMenu,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(testPerm)
|
|
|
|
t.Run("成功更新权限", func(t *testing.T) {
|
|
newName := "更新后权限"
|
|
reqBody := model.UpdatePermissionRequest{
|
|
PermName: &newName,
|
|
}
|
|
|
|
jsonBody, _ := json.Marshal(reqBody)
|
|
req := httptest.NewRequest("PUT", fmt.Sprintf("/api/v1/permissions/%d", testPerm.ID), bytes.NewReader(jsonBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
|
|
// 验证数据库已更新
|
|
var updated model.Permission
|
|
env.db.First(&updated, testPerm.ID)
|
|
assert.Equal(t, newName, updated.PermName)
|
|
})
|
|
}
|
|
|
|
// TestPermissionAPI_Delete 测试删除权限 API
|
|
func TestPermissionAPI_Delete(t *testing.T) {
|
|
env := setupPermTestEnv(t)
|
|
defer env.cleanup()
|
|
|
|
// 添加测试中间件
|
|
testUserID := uint(1)
|
|
env.app.Use(func(c *fiber.Ctx) error {
|
|
ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeRoot, 0)
|
|
c.SetUserContext(ctx)
|
|
return c.Next()
|
|
})
|
|
|
|
t.Run("成功软删除权限", func(t *testing.T) {
|
|
// 创建测试权限
|
|
testPerm := &model.Permission{
|
|
PermName: "删除测试权限",
|
|
PermCode: "delete:test:perm",
|
|
PermType: constants.PermissionTypeMenu,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(testPerm)
|
|
|
|
req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/v1/permissions/%d", testPerm.ID), nil)
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
|
|
// 验证权限已软删除
|
|
var deleted model.Permission
|
|
err = env.db.Unscoped().First(&deleted, testPerm.ID).Error
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, deleted.DeletedAt)
|
|
})
|
|
}
|
|
|
|
// TestPermissionAPI_List 测试权限列表 API
|
|
func TestPermissionAPI_List(t *testing.T) {
|
|
env := setupPermTestEnv(t)
|
|
defer env.cleanup()
|
|
|
|
// 添加测试中间件
|
|
testUserID := uint(1)
|
|
env.app.Use(func(c *fiber.Ctx) error {
|
|
ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeRoot, 0)
|
|
c.SetUserContext(ctx)
|
|
return c.Next()
|
|
})
|
|
|
|
// 创建多个测试权限
|
|
for i := 1; i <= 5; i++ {
|
|
perm := &model.Permission{
|
|
PermName: fmt.Sprintf("列表测试权限_%d", i),
|
|
PermCode: fmt.Sprintf("list:test:perm:%d", i),
|
|
PermType: constants.PermissionTypeMenu,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(perm)
|
|
}
|
|
|
|
t.Run("成功获取权限列表", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/api/v1/permissions?page=1&page_size=10", nil)
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
|
|
var result response.Response
|
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, 0, result.Code)
|
|
})
|
|
|
|
t.Run("按类型过滤权限", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", fmt.Sprintf("/api/v1/permissions?perm_type=%d", constants.PermissionTypeMenu), nil)
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
})
|
|
}
|
|
|
|
// TestPermissionAPI_GetTree 测试获取权限树 API
|
|
func TestPermissionAPI_GetTree(t *testing.T) {
|
|
env := setupPermTestEnv(t)
|
|
defer env.cleanup()
|
|
|
|
// 添加测试中间件
|
|
testUserID := uint(1)
|
|
env.app.Use(func(c *fiber.Ctx) error {
|
|
ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeRoot, 0)
|
|
c.SetUserContext(ctx)
|
|
return c.Next()
|
|
})
|
|
|
|
// 创建层级权限结构
|
|
// 根权限
|
|
rootPerm := &model.Permission{
|
|
PermName: "系统管理",
|
|
PermCode: "system",
|
|
PermType: constants.PermissionTypeMenu,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(rootPerm)
|
|
|
|
// 子权限
|
|
childPerm := &model.Permission{
|
|
PermName: "用户管理",
|
|
PermCode: "system:user",
|
|
PermType: constants.PermissionTypeMenu,
|
|
ParentID: &rootPerm.ID,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(childPerm)
|
|
|
|
// 孙子权限
|
|
grandchildPerm := &model.Permission{
|
|
PermName: "用户列表",
|
|
PermCode: "system:user:list",
|
|
PermType: constants.PermissionTypeButton,
|
|
ParentID: &childPerm.ID,
|
|
Status: constants.StatusEnabled,
|
|
Creator: 1,
|
|
Updater: 1,
|
|
}
|
|
env.db.Create(grandchildPerm)
|
|
|
|
t.Run("成功获取权限树", func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/api/v1/permissions/tree", nil)
|
|
resp, err := env.app.Test(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, fiber.StatusOK, resp.StatusCode)
|
|
|
|
var result response.Response
|
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, 0, result.Code)
|
|
})
|
|
}
|