xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e8ab58970b02bade3aba87a6a091dafe8054b0e
lotteryLaravel/tests/Feature/AdminUserPermissionApiTest.php
kang 83f2dd43db feat(admin): 补全报表中心汇总 API 并恢复 report-jobs 导出 
新增每日盈亏、玩家输赢、玩法维度、佣金回水四类聚合查询与权限注册,恢复报表异步导出任务;审计日志支持按操作人与日期筛选。

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-22 10:08:41 +08:00

370 lines
13 KiB
PHP
Raw Blame History

<?php
use App\Models\AdminRole;
use App\Models\AdminUser;
use App\Lottery\ErrorCode;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use App\Support\AdminPermissionBridge;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
function makeAdminWithPermissions(string $username, array $permissionSlugs): string
{
$admin = AdminUser::query()->create([
'username' => $username,
'name' => 'Tester',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
$role = AdminRole::query()->create([
'slug' => 'role_'.$username,
'name' => 'Role '.$username,
]);
$role->syncLegacyPermissionSlugs($permissionSlugs);
$siteId = AdminUser::defaultAdminSiteId();
$admin->roles()->sync([
(int) $role->id => [
'site_id' => $siteId,
'granted_at' => now(),
],
]);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
}
test('admin user permission apis require rbac permission', function (): void {
$token = makeAdminWithPermissions('rbac_viewer', ['prd.report.player']);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/admin-users')
->assertForbidden()
->assertJsonPath('code', ErrorCode::AdminForbidden->value);
});
test('admin can list users and sync direct permissions', function (): void {
$token = makeAdminWithPermissions('rbac_manager', ['prd.admin_user.manage']);
$target = AdminUser::query()->create([
'username' => 'target_user',
'name' => 'Target User',
'email' => 'target@example.com',
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
$targetRole = AdminRole::query()->create(['slug' => 'target_role', 'name' => 'Target Role']);
$drawCodes = AdminPermissionBridge::menuActionCodesForLegacy('prd.draw_result.view');
$drawIds = DB::table('admin_menu_actions')
->whereIn('permission_code', $drawCodes)
->where('status', 1)
->pluck('id')
->all();
foreach ($drawIds as $mid) {
DB::table('admin_role_menu_actions')->insert([
'role_id' => $targetRole->id,
'menu_action_id' => (int) $mid,
]);
}
$siteId = AdminUser::defaultAdminSiteId();
$target->roles()->sync([
(int) $targetRole->id => [
'site_id' => $siteId,
'granted_at' => now(),
],
]);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/admin-user-permission-catalog')
->assertOk()
->assertJsonPath('code', ErrorCode::Success->value)
->assertJsonFragment(['slug' => 'prd.admin_user.manage']);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/admin-users?keyword=target')
->assertOk()
->assertJsonPath('code', ErrorCode::Success->value)
->assertJsonPath('data.items.0.username', 'target_user')
->assertJsonPath('data.items.0.roles.0', 'target_role');
$this->withHeader('Authorization', 'Bearer '.$token)
->putJson('/api/v1/admin/admin-users/'.$target->id.'/permissions', [
'permission_slugs' => ['prd.report.player'],
])
->assertOk()
->assertJsonPath('code', ErrorCode::Success->value)
->assertJsonFragment(['prd.report.player']);
expect($target->fresh()->directLegacyPermissionSlugs())->toContain('prd.report.player');
$list = $this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/admin-users?keyword=target')
->assertOk()
->json('data.items.0.effective_permissions');
expect($list)->toContain('prd.draw_result.view');
expect($list)->toContain('prd.report.player');
});
test('admin can sync user roles for default site', function (): void {
$token = makeAdminWithPermissions('rbac_role_editor', ['prd.admin_user.manage', 'prd.admin_role.manage']);
$r1 = AdminRole::query()->create(['slug' => 'role_sync_a', 'name' => 'Role A']);
$r2 = AdminRole::query()->create(['slug' => 'role_sync_b', 'name' => 'Role B']);
$target = AdminUser::query()->create([
'username' => 'role_target',
'name' => 'Role Target',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
$this->withHeader('Authorization', 'Bearer '.$token)
->putJson('/api/v1/admin/admin-users/'.$target->id.'/roles', [
'role_slugs' => ['role_sync_b', 'role_sync_a'],
])
->assertOk()
->assertJsonPath('code', ErrorCode::Success->value);
$slugs = $target->fresh()->adminRoleSlugs();
sort($slugs);
expect($slugs)->toBe(['role_sync_a', 'role_sync_b']);
});
test('permission catalog groups permissions by admin navigation order', function (): void {
$token = makeAdminWithPermissions('nav_group_catalog', ['prd.admin_user.manage', 'prd.admin_role.manage']);
$groups = $this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/admin-user-permission-catalog')
->assertOk()
->json('data.permission_menu_groups');
expect(array_column($groups, 'key'))->toBe([
'draws',
'tickets',
'players',
'rules_plays',
'rules_odds',
'jackpot',
'risk_cap',
'wallet',
'settlement',
'reconcile',
'reports',
'currencies',
'admin_users',
'admin_roles',
'risk',
'audit',
]);
expect($groups[0]['key'])->toBe('draws');
expect($groups[12]['label'])->toBe('管理列表');
expect(array_column($groups[12]['permissions'], 'slug'))->toBe(['prd.admin_user.manage']);
expect($groups[13]['label'])->toBe('角色管理');
expect(array_column($groups[13]['permissions'], 'slug'))->toBe(['prd.admin_role.manage']);
$groupsByKey = collect($groups)->keyBy('key');
expect(array_column($groupsByKey['tickets']['permissions'], 'slug'))->toBe([
'prd.users.view_cs',
'prd.users.manage',
]);
expect(array_column($groupsByKey['reports']['permissions'], 'slug'))->toContain(
'prd.report.player',
'prd.report.all',
);
expect(array_column($groupsByKey['jackpot']['permissions'], 'slug'))->toContain(
'prd.jackpot.manage',
'prd.jackpot.view',
);
expect(array_column($groupsByKey['reconcile']['permissions'], 'slug'))->toBe([
'prd.wallet_reconcile.manage',
'prd.wallet_reconcile.view',
'prd.wallet_reconcile.view_cs',
]);
});
test('admin can repair role permissions from the full catalog after role creation', function (): void {
$token = makeAdminWithPermissions('role_permission_repairer', ['prd.admin_user.manage', 'prd.admin_role.manage']);
$catalog = $this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/admin-user-permission-catalog')
->assertOk()
->json('data');
$catalogSlugs = collect($catalog['permission_menu_groups'])
->flatMap(static fn (array $group): array => array_column($group['permissions'], 'slug'))
->unique()
->values()
->all();
expect($catalogSlugs)
->toContain('prd.admin_user.manage')
->toContain('prd.admin_role.manage')
->toContain('prd.report.player')
->toContain('prd.wallet_reconcile.manage');
$role = $this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/admin-roles', [
'slug' => 'repairable_role',
'name' => 'Repairable Role',
'permission_slugs' => [],
])
->assertOk()
->assertJsonPath('data.permission_slugs', [])
->json('data');
$this->withHeader('Authorization', 'Bearer '.$token)
->putJson('/api/v1/admin/admin-roles/'.$role['id'].'/permissions', [
'permission_slugs' => ['prd.report.player', 'prd.wallet_reconcile.manage'],
])
->assertOk()
->assertJsonPath('data.slug', 'repairable_role')
->assertJsonPath('data.permission_slugs', ['prd.report.player', 'prd.wallet_reconcile.manage']);
$this->withHeader('Authorization', 'Bearer '.$token)
->putJson('/api/v1/admin/admin-roles/'.$role['id'].'/permissions', [
'permission_slugs' => ['prd.admin_role.manage'],
])
->assertOk()
->assertJsonPath('data.permission_slugs', ['prd.admin_role.manage']);
$persistedPermissions = $this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/admin-roles')
->assertOk()
->json('data.items');
$persistedRole = collect($persistedPermissions)->firstWhere('slug', 'repairable_role');
expect($persistedRole['permission_slugs'])->toBe(['prd.admin_role.manage']);
});
test('admin can create update and delete users with crud rules', function (): void {
$token = makeAdminWithPermissions('crud_actor', ['prd.admin_user.manage']);
$crudRole = AdminRole::query()->create(['slug' => 'crud_new_user_role', 'name' => 'Crud Role']);
$this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/admin-users', [
'username' => 'NewUser_XX',
'nickname' => '新用户',
'email' => 'newuser@example.com',
'password' => 'secret-long',
'status' => 0,
'role_slugs' => ['crud_new_user_role'],
])
->assertOk()
->assertJsonPath('code', ErrorCode::Success->value)
->assertJsonPath('data.username', 'newuser_xx')
->assertJsonPath('data.roles.0', 'crud_new_user_role');
$created = AdminUser::query()->where('username', 'newuser_xx')->firstOrFail();
expect($created->adminRoleSlugs())->toContain('crud_new_user_role');
$this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/admin-users', [
'username' => 'newuser_xx',
'nickname' => 'dup',
'email' => null,
'password' => 'secret-long',
'role_slugs' => [$crudRole->slug],
])
->assertStatus(422)
->assertJsonPath('code', ErrorCode::ValidationFailed->value);
$target = AdminUser::query()->where('username', 'newuser_xx')->firstOrFail();
$this->withHeader('Authorization', 'Bearer '.$token)
->putJson('/api/v1/admin/admin-users/'.$target->id, [
'nickname' => '已改名',
'email' => null,
'password' => 'new-secret-9',
])
->assertOk()
->assertJsonPath('data.nickname', '已改名');
expect(Hash::check('new-secret-9', $target->fresh()->password))->toBeTrue();
$victim = AdminUser::query()->create([
'username' => 'to_delete',
'name' => 'Delete Me',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/admin-users/'.$victim->id)
->assertOk()
->assertJsonPath('data.deleted', true);
expect(AdminUser::query()->whereKey($victim->id)->exists())->toBeFalse();
});
test('admin user create requires at least one role slug', function (): void {
$token = makeAdminWithPermissions('create_need_roles', ['prd.admin_user.manage']);
AdminRole::query()->create(['slug' => 'role_for_create_gate', 'name' => 'Gate Role']);
$this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/admin-users', [
'username' => 'no_roles_user',
'nickname' => 'NR',
'email' => null,
'password' => 'secret-long',
'role_slugs' => [],
])
->assertStatus(422)
->assertJsonPath('code', ErrorCode::ValidationFailed->value);
});
test('admin cannot delete self', function (): void {
$token = makeAdminWithPermissions('self_guard', ['prd.admin_user.manage']);
$me = AdminUser::query()->where('username', 'self_guard')->firstOrFail();
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/admin-users/'.$me->id)
->assertStatus(422)
->assertJsonPath('code', ErrorCode::ValidationFailed->value)
->assertJsonPath('msg', '不能删除当前登录账号');
});
test('admin cannot delete the last super admin', function (): void {
$token = makeAdminWithPermissions('super_deleter', ['prd.admin_user.manage']);
$s1 = AdminUser::query()->create([
'username' => 'super_one',
'name' => 'S1',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
grantSuperAdminRole($s1);
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/admin-users/'.$s1->id)
->assertStatus(422)
->assertJsonPath('msg', '不能删除最后一个超级管理员');
$s2 = AdminUser::query()->create([
'username' => 'super_two',
'name' => 'S2',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
grantSuperAdminRole($s2);
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/admin-users/'.$s1->id)
->assertOk();
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/admin-users/'.$s2->id)
->assertStatus(422)
->assertJsonPath('msg', '不能删除最后一个超级管理员');
});
Reference in New Issue View Git Blame Copy Permalink