feat(admin): 更新后台权限管理与同步逻辑,简化权限检查并优化文档
- 新增后台 RBAC 相关文档,提供权限目录与维护命令说明。 - 移除不必要的角色资源同步检查,简化权限审计命令。 - 更新权限描述与同步逻辑,确保一致性与可维护性。 - 统一权限注册表,替换过时的权限别名,增强代码可读性。
This commit is contained in:
@@ -39,7 +39,7 @@ function makeAdminWithPermissions(string $username, array $permissionSlugs): str
|
||||
}
|
||||
|
||||
test('admin user permission apis require rbac permission', function (): void {
|
||||
$token = makeAdminWithPermissions('rbac_viewer', ['prd.report.player']);
|
||||
$token = makeAdminWithPermissions('rbac_viewer', ['prd.report.view']);
|
||||
|
||||
$this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->getJson('/api/v1/admin/admin-users')
|
||||
@@ -95,13 +95,13 @@ test('admin can list users and sync direct permissions', function (): void {
|
||||
|
||||
$this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->putJson('/api/v1/admin/admin-users/'.$target->id.'/permissions', [
|
||||
'permission_slugs' => ['prd.report.player'],
|
||||
'permission_slugs' => ['prd.report.view'],
|
||||
])
|
||||
->assertOk()
|
||||
->assertJsonPath('code', ErrorCode::Success->value)
|
||||
->assertJsonFragment(['prd.report.player']);
|
||||
->assertJsonFragment(['prd.report.view']);
|
||||
|
||||
expect($target->fresh()->directLegacyPermissionSlugs())->toContain('prd.report.player');
|
||||
expect($target->fresh()->directLegacyPermissionSlugs())->toContain('prd.report.view');
|
||||
|
||||
$list = $this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->getJson('/api/v1/admin/admin-users?keyword=target')
|
||||
@@ -109,7 +109,7 @@ test('admin can list users and sync direct permissions', function (): void {
|
||||
->json('data.items.0.effective_permissions');
|
||||
|
||||
expect($list)->toContain('prd.draw_result.view');
|
||||
expect($list)->toContain('prd.report.player');
|
||||
expect($list)->toContain('prd.report.view');
|
||||
});
|
||||
|
||||
test('admin can sync user roles for default site', function (): void {
|
||||
@@ -176,8 +176,7 @@ test('permission catalog groups permissions by admin navigation order', function
|
||||
'prd.users.manage',
|
||||
]);
|
||||
expect(array_column($groupsByKey['reports']['permissions'], 'slug'))->toContain(
|
||||
'prd.report.player',
|
||||
'prd.report.all',
|
||||
'prd.report.view',
|
||||
);
|
||||
expect(array_column($groupsByKey['jackpot']['permissions'], 'slug'))->toContain(
|
||||
'prd.jackpot.manage',
|
||||
@@ -207,7 +206,7 @@ test('admin can repair role permissions from the full catalog after role creatio
|
||||
expect($catalogSlugs)
|
||||
->toContain('prd.admin_user.manage')
|
||||
->toContain('prd.admin_role.manage')
|
||||
->toContain('prd.report.player')
|
||||
->toContain('prd.report.view')
|
||||
->toContain('prd.wallet_reconcile.manage');
|
||||
|
||||
$role = $this->withHeader('Authorization', 'Bearer '.$token)
|
||||
@@ -220,13 +219,15 @@ test('admin can repair role permissions from the full catalog after role creatio
|
||||
->assertJsonPath('data.permission_slugs', [])
|
||||
->json('data');
|
||||
|
||||
$this->withHeader('Authorization', 'Bearer '.$token)
|
||||
$repairResponse = $this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->putJson('/api/v1/admin/admin-roles/'.$role['id'].'/permissions', [
|
||||
'permission_slugs' => ['prd.report.player', 'prd.wallet_reconcile.manage'],
|
||||
'permission_slugs' => ['prd.report.view', 'prd.wallet_reconcile.manage'],
|
||||
])
|
||||
->assertOk()
|
||||
->assertJsonPath('data.slug', 'repairable_role')
|
||||
->assertJsonPath('data.permission_slugs', ['prd.report.player', 'prd.wallet_reconcile.manage']);
|
||||
->assertJsonPath('data.slug', 'repairable_role');
|
||||
|
||||
expect($repairResponse->json('data.permission_slugs'))
|
||||
->toContain('prd.report.view', 'prd.wallet_reconcile.manage');
|
||||
|
||||
$this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->putJson('/api/v1/admin/admin-roles/'.$role['id'].'/permissions', [
|
||||
|
||||
Reference in New Issue
Block a user