xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
270d2e9af1a2a9c8183446675cf23cb6a46d2e0f
lotteryLaravel/tests/Feature/AdminReportAuthorizationFixTest.php
kang 1d31f9e872 feat(admin): 更新后台权限管理与同步逻辑,简化权限检查并优化文档 
- 新增后台 RBAC 相关文档,提供权限目录与维护命令说明。
- 移除不必要的角色资源同步检查,简化权限审计命令。
- 更新权限描述与同步逻辑,确保一致性与可维护性。
- 统一权限注册表,替换过时的权限别名,增强代码可读性。
2026-05-22 16:11:48 +08:00

76 lines
2.3 KiB
PHP
Raw Blame History

<?php
use App\Models\AdminRole;
use App\Models\AdminUser;
use Database\Seeders\AdminRbacAndUserSeeder;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
function makeFinanceReportAdminToken(): string
{
$admin = AdminUser::query()->create([
'username' => 'finance_report_tester',
'name' => 'Tester',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
$role = AdminRole::query()->where('slug', 'finance')->firstOrFail();
$siteId = AdminUser::defaultAdminSiteId();
$admin->roles()->sync([
(int) $role->id => [
'site_id' => $siteId,
'granted_at' => now(),
],
]);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
}
test('finance role with report legacy can access report jobs after rbac seed', function (): void {
$this->seed(AdminRbacAndUserSeeder::class);
$finance = AdminRole::query()->where('slug', 'finance')->firstOrFail();
expect($finance->legacyPermissionSlugs())->toContain('prd.report.view');
$hasReportAction = DB::table('admin_role_menu_actions as rma')
->join('admin_menu_actions as ma', 'ma.id', '=', 'rma.menu_action_id')
->where('rma.role_id', $finance->id)
->where('ma.permission_code', 'service.report.view')
->exists();
expect($hasReportAction)->toBeTrue();
$token = makeFinanceReportAdminToken();
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/report-jobs')
->assertOk();
});
test('report api resources only bind service.report.view', function (): void {
$this->seed(AdminRbacAndUserSeeder::class);
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
$codes = [
'admin.reports.daily-profit',
'admin.report-jobs.index',
];
foreach ($codes as $code) {
$bindings = DB::table('admin_api_resources as ar')
->join('admin_api_resource_bindings as arb', 'arb.api_resource_id', '=', 'ar.id')
->join('admin_menu_actions as ma', 'ma.id', '=', 'arb.menu_action_id')
->where('ar.code', $code)
->pluck('ma.permission_code')
->all();
expect($bindings)->toBe(['service.report.view']);
}
});
Reference in New Issue View Git Blame Copy Permalink