refactor: 更新权限管理与请求验证逻辑
- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode,以增强权限管理的灵活性。 - 引入 AdminScopePolicy,优化基于代理节点的权限和数据过滤逻辑,确保管理员能够更精确地控制访问权限。 - 在请求验证中添加 agent_node_id 字段,确保 API 接口支持代理节点的相关操作。 - 更新 AdminUser 模型,新增 hasPermissionCode 方法,以支持更细粒度的权限检查。 - 优化审计日志记录逻辑,确保在处理请求时能够准确记录管理员的操作。
This commit is contained in:
135
tests/Feature/AdminAuditLogDedupTest.php
Normal file
135
tests/Feature/AdminAuditLogDedupTest.php
Normal file
@@ -0,0 +1,135 @@
|
||||
<?php
|
||||
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\AdminUser;
|
||||
use App\Support\AuditLogApiPresenter;
|
||||
use App\Lottery\ErrorCode;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
beforeEach(function (): void {
|
||||
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
|
||||
});
|
||||
|
||||
test('audit log presenter maps business action and entity target', function (): void {
|
||||
$row = new AuditLog([
|
||||
'operator_type' => 'admin',
|
||||
'operator_id' => 1,
|
||||
'module_code' => 'agent',
|
||||
'action_code' => 'agent_role.sync_permissions',
|
||||
'target_type' => 'admin_role',
|
||||
'target_id' => '5',
|
||||
]);
|
||||
$row->id = 1;
|
||||
|
||||
$payload = AuditLogApiPresenter::row($row);
|
||||
|
||||
expect($payload['module_label'])->toBe('代理')
|
||||
->and($payload['action_label'])->toBe('同步代理角色权限')
|
||||
->and($payload['target_label'])->toBe('角色 #5');
|
||||
});
|
||||
|
||||
test('audit log presenter uses admin api resource name for middleware style rows', function (): void {
|
||||
$resourceName = (string) DB::table('admin_api_resources')
|
||||
->where('code', 'admin.agent-roles.permissions.sync')
|
||||
->value('name');
|
||||
expect($resourceName)->not->toBe('');
|
||||
|
||||
$row = new AuditLog([
|
||||
'operator_type' => 'admin',
|
||||
'operator_id' => 1,
|
||||
'module_code' => 'agent',
|
||||
'action_code' => 'sync',
|
||||
'target_type' => 'admin.agent-roles.permissions.sync',
|
||||
'target_id' => '5',
|
||||
]);
|
||||
$row->id = 2;
|
||||
|
||||
$resourceNames = ['admin.agent-roles.permissions.sync' => $resourceName];
|
||||
$payload = AuditLogApiPresenter::row($row, $resourceNames);
|
||||
|
||||
expect($payload['action_label'])->toBe($resourceName)
|
||||
->and($payload['target_label'])->toBe($resourceName.' #5');
|
||||
});
|
||||
|
||||
test('agent role permission sync records one business audit and skips middleware duplicate', function (): void {
|
||||
$siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
|
||||
$rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
|
||||
$service = app(\App\Services\Agent\AgentNodeService::class);
|
||||
|
||||
$super = AdminUser::query()->create([
|
||||
'username' => 'audit_dedup_super',
|
||||
'name' => 'Super',
|
||||
'email' => null,
|
||||
'password' => Hash::make('secret-strong'),
|
||||
'status' => 0,
|
||||
]);
|
||||
grantSuperAdminRole($super);
|
||||
$token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
||||
|
||||
$branch = $service->createChild($super, [
|
||||
'parent_id' => $rootId,
|
||||
'code' => 'audit-branch',
|
||||
'name' => 'Audit Branch',
|
||||
]);
|
||||
|
||||
$create = $this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->postJson('/api/v1/admin/agent-nodes/'.$branch->id.'/roles', [
|
||||
'slug' => 'audit_role',
|
||||
'name' => 'Audit Role',
|
||||
'permission_slugs' => ['prd.agent.view'],
|
||||
])
|
||||
->assertOk();
|
||||
|
||||
$roleId = (int) $create->json('data.id');
|
||||
$maxIdBeforeSync = (int) AuditLog::query()->max('id');
|
||||
|
||||
$this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->putJson('/api/v1/admin/agent-roles/'.$roleId.'/permissions', [
|
||||
'permission_slugs' => ['prd.agent.view', 'prd.agent.role.view'],
|
||||
])
|
||||
->assertOk();
|
||||
|
||||
$newRows = AuditLog::query()
|
||||
->where('id', '>', $maxIdBeforeSync)
|
||||
->orderBy('id')
|
||||
->get();
|
||||
|
||||
expect($newRows)->toHaveCount(1)
|
||||
->and($newRows[0]->action_code)->toBe('agent_role.sync_permissions')
|
||||
->and($newRows[0]->target_type)->toBe('admin_role')
|
||||
->and($newRows[0]->target_id)->toBe((string) $roleId);
|
||||
});
|
||||
|
||||
test('audit log index returns chinese display labels', function (): void {
|
||||
AuditLogger::record(
|
||||
AuditLogger::OPERATOR_ADMIN,
|
||||
1,
|
||||
'agent',
|
||||
'agent_role.sync_permissions',
|
||||
'admin_role',
|
||||
'9',
|
||||
);
|
||||
|
||||
$admin = AdminUser::query()->create([
|
||||
'username' => 'audit_list_super',
|
||||
'name' => 'Super',
|
||||
'email' => null,
|
||||
'password' => Hash::make('secret-strong'),
|
||||
'status' => 0,
|
||||
]);
|
||||
grantSuperAdminRole($admin);
|
||||
$token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
||||
|
||||
$this->withHeader('Authorization', 'Bearer '.$token)
|
||||
->getJson('/api/v1/admin/audit-logs?per_page=5')
|
||||
->assertOk()
|
||||
->assertJsonPath('code', ErrorCode::Success->value)
|
||||
->assertJsonPath('data.items.0.module_label', '代理')
|
||||
->assertJsonPath('data.items.0.action_label', '同步代理角色权限')
|
||||
->assertJsonPath('data.items.0.target_label', '角色 #9');
|
||||
});
|
||||
Reference in New Issue
Block a user