xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0323d923812447303bf884755b2270eef5b0800e
lotteryLaravel/tests/Feature/AdminReportAuthorizationFixTest.php
kang e27a00f260 feat: 更新玩法配置管理,简化字段并增强功能 
- 将玩法相关的显示名称字段统一为 `display_name`,移除多语言字段。
- 在 `PlayTypePatchController` 中新增即时切换玩法开关的功能,并推送大厅更新。
- 优化多个控制器和服务中的权限检查与数据处理逻辑,提升代码可读性与维护性。
2026-05-25 14:34:24 +08:00

91 lines
2.9 KiB
PHP
Raw Blame History

<?php
use App\Models\AdminRole;
use App\Models\AdminUser;
use Database\Seeders\AdminRbacAndUserSeeder;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
function makeFinanceReportAdminToken(): string
{
$admin = AdminUser::query()->create([
'username' => 'finance_report_tester',
'name' => 'Tester',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
$role = AdminRole::query()->where('slug', 'finance')->firstOrFail();
$siteId = AdminUser::defaultAdminSiteId();
$admin->roles()->sync([
(int) $role->id => [
'site_id' => $siteId,
'granted_at' => now(),
],
]);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
}
test('finance role with report legacy can access report jobs after rbac seed', function (): void {
$this->seed(AdminRbacAndUserSeeder::class);
$finance = AdminRole::query()->where('slug', 'finance')->firstOrFail();
expect($finance->legacyPermissionSlugs())->toContain('prd.report.view');
$hasReportAction = DB::table('admin_role_menu_actions as rma')
->join('admin_menu_actions as ma', 'ma.id', '=', 'rma.menu_action_id')
->where('rma.role_id', $finance->id)
->where('ma.permission_code', 'service.report.view')
->exists();
expect($hasReportAction)->toBeTrue();
$token = makeFinanceReportAdminToken();
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/report-jobs')
->assertOk();
});
test('report read api resources bind service.report.view only', function (): void {
$this->seed(AdminRbacAndUserSeeder::class);
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
$codes = [
'admin.reports.daily-profit',
'admin.report-jobs.index',
];
foreach ($codes as $code) {
$bindings = bindingsForResource($code);
expect($bindings)->toBe(['service.report.view']);
}
});
test('report export api resources bind service.report.export', function (): void {
$this->seed(AdminRbacAndUserSeeder::class);
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
expect(bindingsForResource('admin.report-jobs.download'))->toBe(['service.report.export']);
expect(bindingsForResource('admin.report-jobs.store'))->toBe(['service.report.export']);
});
/** @return list<string> */
function bindingsForResource(string $code): array
{
return DB::table('admin_api_resources as ar')
->join('admin_api_resource_bindings as arb', 'arb.api_resource_id', '=', 'ar.id')
->join('admin_menu_actions as ma', 'ma.id', '=', 'arb.menu_action_id')
->where('ar.code', $code)
->orderBy('ma.permission_code')
->pluck('ma.permission_code')
->all();
}
Reference in New Issue View Git Blame Copy Permalink