140 lines
4.9 KiB
PHP
140 lines
4.9 KiB
PHP
<?php
|
|
|
|
use App\Models\AuditLog;
|
|
use App\Models\AdminUser;
|
|
use App\Support\AuditLogApiPresenter;
|
|
use App\Lottery\ErrorCode;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use App\Services\AuditLogger;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function (): void {
|
|
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
|
|
});
|
|
|
|
test('audit log presenter maps business action and entity target', function (): void {
|
|
$row = new AuditLog([
|
|
'operator_type' => 'admin',
|
|
'operator_id' => 1,
|
|
'module_code' => 'agent',
|
|
'action_code' => 'agent_role.sync_permissions',
|
|
'target_type' => 'admin_role',
|
|
'target_id' => '5',
|
|
]);
|
|
$row->id = 1;
|
|
|
|
$payload = AuditLogApiPresenter::row($row);
|
|
|
|
expect($payload['operator_label'])->toBe('管理员 #1')
|
|
->and($payload['operator_subtitle'])->toBeNull()
|
|
->and($payload['module_label'])->toBe('代理')
|
|
->and($payload['action_label'])->toBe('同步代理角色权限')
|
|
->and($payload['target_label'])->toBe('角色 #5');
|
|
});
|
|
|
|
test('audit log presenter uses admin api resource name for middleware style rows', function (): void {
|
|
$resourceName = (string) DB::table('admin_api_resources')
|
|
->where('code', 'admin.agent-roles.permissions.sync')
|
|
->value('name');
|
|
expect($resourceName)->not->toBe('');
|
|
|
|
$row = new AuditLog([
|
|
'operator_type' => 'admin',
|
|
'operator_id' => 1,
|
|
'module_code' => 'agent',
|
|
'action_code' => 'sync',
|
|
'target_type' => 'admin.agent-roles.permissions.sync',
|
|
'target_id' => '5',
|
|
]);
|
|
$row->id = 2;
|
|
|
|
$resourceNames = ['admin.agent-roles.permissions.sync' => $resourceName];
|
|
$payload = AuditLogApiPresenter::row($row, $resourceNames);
|
|
|
|
expect($payload['action_label'])->toBe($resourceName)
|
|
->and($payload['target_label'])->toBe($resourceName.' #5');
|
|
});
|
|
|
|
test('agent role permission sync records one business audit and skips middleware duplicate', function (): void {
|
|
$siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
|
|
$rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
|
|
$service = app(\App\Services\Agent\AgentNodeService::class);
|
|
|
|
$super = AdminUser::query()->create([
|
|
'username' => 'audit_dedup_super',
|
|
'name' => 'Super',
|
|
'email' => null,
|
|
'password' => Hash::make('secret-strong'),
|
|
'status' => 0,
|
|
]);
|
|
grantSuperAdminRole($super);
|
|
$token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
|
|
|
$branch = $service->createChild($super, [
|
|
'parent_id' => $rootId,
|
|
'code' => 'audit-branch',
|
|
'name' => 'Audit Branch',
|
|
]);
|
|
|
|
$create = $this->withHeader('Authorization', 'Bearer '.$token)
|
|
->postJson('/api/v1/admin/agent-nodes/'.$branch->id.'/roles', [
|
|
'slug' => 'audit_role',
|
|
'name' => 'Audit Role',
|
|
'permission_slugs' => ['prd.agent.view'],
|
|
])
|
|
->assertOk();
|
|
|
|
$roleId = (int) $create->json('data.id');
|
|
$maxIdBeforeSync = (int) AuditLog::query()->max('id');
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->putJson('/api/v1/admin/agent-roles/'.$roleId.'/permissions', [
|
|
'permission_slugs' => ['prd.agent.view', 'prd.agent.role.view'],
|
|
])
|
|
->assertOk();
|
|
|
|
$newRows = AuditLog::query()
|
|
->where('id', '>', $maxIdBeforeSync)
|
|
->orderBy('id')
|
|
->get();
|
|
|
|
expect($newRows)->toHaveCount(1)
|
|
->and($newRows[0]->action_code)->toBe('agent_role.sync_permissions')
|
|
->and($newRows[0]->target_type)->toBe('admin_role')
|
|
->and($newRows[0]->target_id)->toBe((string) $roleId);
|
|
});
|
|
|
|
test('audit log index returns chinese display labels', function (): void {
|
|
$admin = AdminUser::query()->create([
|
|
'username' => 'audit_list_super',
|
|
'name' => '超管甲',
|
|
'email' => null,
|
|
'password' => Hash::make('secret-strong'),
|
|
'status' => 0,
|
|
]);
|
|
grantSuperAdminRole($admin);
|
|
$token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
|
|
|
AuditLogger::record(
|
|
AuditLogger::OPERATOR_ADMIN,
|
|
(int) $admin->id,
|
|
'agent',
|
|
'agent_role.sync_permissions',
|
|
'admin_role',
|
|
'9',
|
|
);
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->getJson('/api/v1/admin/audit-logs?per_page=5')
|
|
->assertOk()
|
|
->assertJsonPath('code', ErrorCode::Success->value)
|
|
->assertJsonPath('data.items.0.operator_label', '超管甲')
|
|
->assertJsonPath('data.items.0.operator_subtitle', '管理员 #'.$admin->id)
|
|
->assertJsonPath('data.items.0.module_label', '代理')
|
|
->assertJsonPath('data.items.0.action_label', '同步代理角色权限')
|
|
->assertJsonPath('data.items.0.target_label', '角色 #9');
|
|
});
|