huang
028cfaa7aa
- 完成 CheckPermission 方法的完整实现(账号→角色→权限查询链) - 实现 Redis 缓存机制,大幅提升权限查询性能(~12倍提升) - 自动缓存失效:角色/权限变更时清除相关用户缓存 - 新增完整的单元测试和集成测试(10个测试用例全部通过) - 添加权限检查使用文档和缓存机制说明 - 归档 implement-permission-check OpenSpec 提案 性能优化: - 首次查询: ~18ms(3次DB查询 + 1次Redis写入) - 缓存命中: ~1.5ms(1次Redis查询) - TTL: 30分钟,自动失效机制保证数据一致性
180 lines
6.5 KiB
Go
180 lines
6.5 KiB
Go
package unit
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/break/junhong_cmp_fiber/internal/model"
|
|
"github.com/break/junhong_cmp_fiber/internal/service/account"
|
|
"github.com/break/junhong_cmp_fiber/internal/store/postgres"
|
|
"github.com/break/junhong_cmp_fiber/pkg/constants"
|
|
"github.com/break/junhong_cmp_fiber/pkg/middleware"
|
|
"github.com/break/junhong_cmp_fiber/tests/testutils"
|
|
)
|
|
|
|
// TestRoleAssignmentLimit_PlatformUser 测试平台用户可以分配多个角色(无限制)
|
|
func TestRoleAssignmentLimit_PlatformUser(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db, redisClient)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, middleware.NewSimpleUserContext(1, constants.UserTypeSuperAdmin, 0))
|
|
|
|
// 创建平台用户
|
|
platformUser := &model.Account{
|
|
Username: "platform_user",
|
|
Phone: "13800000001",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypePlatform,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(platformUser).Error)
|
|
|
|
// 创建 3 个平台角色
|
|
roles := []*model.Role{
|
|
{RoleName: "运营", RoleType: constants.RoleTypePlatform, Status: constants.StatusEnabled},
|
|
{RoleName: "客服", RoleType: constants.RoleTypePlatform, Status: constants.StatusEnabled},
|
|
{RoleName: "财务", RoleType: constants.RoleTypePlatform, Status: constants.StatusEnabled},
|
|
}
|
|
for _, role := range roles {
|
|
require.NoError(t, db.Create(role).Error)
|
|
}
|
|
|
|
// 为平台用户分配 3 个角色(应该成功,因为平台用户无限制)
|
|
roleIDs := []uint{roles[0].ID, roles[1].ID, roles[2].ID}
|
|
ars, err := service.AssignRoles(ctx, platformUser.ID, roleIDs)
|
|
require.NoError(t, err)
|
|
assert.Len(t, ars, 3)
|
|
}
|
|
|
|
// TestRoleAssignmentLimit_AgentUser 测试代理账号只能分配一个角色
|
|
func TestRoleAssignmentLimit_AgentUser(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db, redisClient)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, middleware.NewSimpleUserContext(1, constants.UserTypeSuperAdmin, 0))
|
|
|
|
// 创建代理账号
|
|
agentAccount := &model.Account{
|
|
Username: "agent_user",
|
|
Phone: "13800000002",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypeAgent,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(agentAccount).Error)
|
|
|
|
// 创建 2 个客户角色
|
|
roles := []*model.Role{
|
|
{RoleName: "一级代理", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
{RoleName: "二级代理", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
}
|
|
for _, role := range roles {
|
|
require.NoError(t, db.Create(role).Error)
|
|
}
|
|
|
|
// 先分配第一个角色(应该成功)
|
|
ars, err := service.AssignRoles(ctx, agentAccount.ID, []uint{roles[0].ID})
|
|
require.NoError(t, err)
|
|
assert.Len(t, ars, 1)
|
|
|
|
// 尝试分配第二个角色(应该失败,超过数量限制)
|
|
_, err = service.AssignRoles(ctx, agentAccount.ID, []uint{roles[1].ID})
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "最多只能分配 1 个角色")
|
|
}
|
|
|
|
// TestRoleAssignmentLimit_EnterpriseUser 测试企业账号只能分配一个角色
|
|
func TestRoleAssignmentLimit_EnterpriseUser(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db, redisClient)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, middleware.NewSimpleUserContext(1, constants.UserTypeSuperAdmin, 0))
|
|
|
|
// 创建企业账号
|
|
enterpriseAccount := &model.Account{
|
|
Username: "enterprise_user",
|
|
Phone: "13800000003",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypeEnterprise,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(enterpriseAccount).Error)
|
|
|
|
// 创建 2 个客户角色
|
|
roles := []*model.Role{
|
|
{RoleName: "企业普通", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
{RoleName: "企业高级", RoleType: constants.RoleTypeCustomer, Status: constants.StatusEnabled},
|
|
}
|
|
for _, role := range roles {
|
|
require.NoError(t, db.Create(role).Error)
|
|
}
|
|
|
|
// 先分配第一个角色(应该成功)
|
|
ars, err := service.AssignRoles(ctx, enterpriseAccount.ID, []uint{roles[0].ID})
|
|
require.NoError(t, err)
|
|
assert.Len(t, ars, 1)
|
|
|
|
// 尝试分配第二个角色(应该失败,超过数量限制)
|
|
_, err = service.AssignRoles(ctx, enterpriseAccount.ID, []uint{roles[1].ID})
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "最多只能分配 1 个角色")
|
|
}
|
|
|
|
// TestRoleAssignmentLimit_SuperAdmin 测试超级管理员不允许分配角色
|
|
func TestRoleAssignmentLimit_SuperAdmin(t *testing.T) {
|
|
db, redisClient := testutils.SetupTestDB(t)
|
|
defer testutils.TeardownTestDB(t, db, redisClient)
|
|
|
|
accountStore := postgres.NewAccountStore(db, redisClient)
|
|
roleStore := postgres.NewRoleStore(db)
|
|
accountRoleStore := postgres.NewAccountRoleStore(db, redisClient)
|
|
service := account.New(accountStore, roleStore, accountRoleStore)
|
|
|
|
ctx := context.Background()
|
|
ctx = middleware.SetUserContext(ctx, middleware.NewSimpleUserContext(1, constants.UserTypeSuperAdmin, 0))
|
|
|
|
// 创建超级管理员
|
|
superAdmin := &model.Account{
|
|
Username: "superadmin",
|
|
Phone: "13800000004",
|
|
Password: "hashedpassword",
|
|
UserType: constants.UserTypeSuperAdmin,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(superAdmin).Error)
|
|
|
|
// 创建一个平台角色
|
|
role := &model.Role{
|
|
RoleName: "测试角色",
|
|
RoleType: constants.RoleTypePlatform,
|
|
Status: constants.StatusEnabled,
|
|
}
|
|
require.NoError(t, db.Create(role).Error)
|
|
|
|
// 尝试为超级管理员分配角色(应该失败)
|
|
_, err := service.AssignRoles(ctx, superAdmin.ID, []uint{role.ID})
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "不需要分配角色")
|
|
}
|