xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c74bec3f6451e5d06467a71b05065edd7da2b17d
lotteryLaravel/tests/Feature/AdminPermissionGranularityTest.php
kang e27a00f260 feat: 更新玩法配置管理,简化字段并增强功能 
- 将玩法相关的显示名称字段统一为 `display_name`,移除多语言字段。
- 在 `PlayTypePatchController` 中新增即时切换玩法开关的功能,并推送大厅更新。
- 优化多个控制器和服务中的权限检查与数据处理逻辑,提升代码可读性与维护性。
2026-05-25 14:34:24 +08:00

76 lines
2.6 KiB
PHP
Raw Blame History

<?php
use App\Models\AdminRole;
use App\Models\AdminUser;
use App\Support\AdminAuthorizationRegistry;
use Database\Seeders\AdminRbacAndUserSeeder;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
test('config mutate resources require domain manage slugs only', function (): void {
$this->seed(AdminRbacAndUserSeeder::class);
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
$playStore = resourceLegacySlugs('admin.config.play-versions.store');
expect($playStore)->toBe(['prd.play_switch.manage']);
$oddsStore = resourceLegacySlugs('admin.config.odds-versions.store');
expect($oddsStore)->toContain('prd.odds.manage')
->and($oddsStore)->not->toContain('prd.play_switch.manage');
$riskCapStore = resourceLegacySlugs('admin.config.risk-cap-versions.store');
expect($riskCapStore)->toBe(['prd.risk_cap.manage']);
});
test('user with report view only cannot create report export job', function (): void {
$this->seed(AdminRbacAndUserSeeder::class);
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
$admin = AdminUser::query()->create([
'username' => 'report_view_only',
'name' => 'Tester',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
$role = AdminRole::query()->create(['slug' => 'report_view_only', 'name' => 'Report view only']);
$role->syncLegacyPermissionSlugs(['prd.report.view', 'prd.dashboard.view']);
$siteId = AdminUser::defaultAdminSiteId();
$admin->roles()->sync([
(int) $role->id => ['site_id' => $siteId, 'granted_at' => now()],
]);
$token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/reports/daily-profit')
->assertOk();
$this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/report-jobs', [
'report_type' => 'daily_profit_summary',
'export_format' => 'csv',
'parameters' => [
'date_from' => '2026-05-01',
'date_to' => '2026-05-07',
],
])
->assertForbidden();
});
/** @return list<string> */
function resourceLegacySlugs(string $code): array
{
$resource = collect(AdminAuthorizationRegistry::resourceDefinitions())
->firstWhere('code', $code);
expect($resource)->not->toBeNull();
return $resource['legacy_permission_slugs'] ?? [];
}
Reference in New Issue View Git Blame Copy Permalink