//! 角色管理功能测试 use rust_user_api::{ models::{ user::User, role::{UserRole, Permission, get_role_permissions}, }, storage::{database::DatabaseUserStore, memory::MemoryUserStore, UserStore}, utils::errors::ApiError, }; use uuid::Uuid; use chrono::Utc; /// 创建测试用户 fn create_test_user(username: &str, email: &str, role: UserRole) -> User { User { id: Uuid::new_v4(), username: username.to_string(), email: email.to_string(), password_hash: "hashed_password".to_string(), role, created_at: Utc::now(), updated_at: Utc::now(), } } /// 测试角色权限系统 #[test] fn test_role_permission_system() { // 测试角色权限级别 assert!(UserRole::Admin.permission_level() > UserRole::Manager.permission_level()); assert!(UserRole::Manager.permission_level() > UserRole::User.permission_level()); assert!(UserRole::User.permission_level() > UserRole::Guest.permission_level()); // 测试权限检查 assert!(UserRole::Admin.has_permission(&UserRole::User)); assert!(UserRole::Manager.has_permission(&UserRole::User)); assert!(!UserRole::User.has_permission(&UserRole::Manager)); assert!(!UserRole::Guest.has_permission(&UserRole::User)); } /// 测试角色字符串转换 #[test] fn test_role_string_conversion() { assert_eq!(UserRole::from_str("admin"), Some(UserRole::Admin)); assert_eq!(UserRole::from_str("manager"), Some(UserRole::Manager)); assert_eq!(UserRole::from_str("user"), Some(UserRole::User)); assert_eq!(UserRole::from_str("guest"), Some(UserRole::Guest)); assert_eq!(UserRole::from_str("invalid"), None); assert_eq!(UserRole::Admin.as_str(), "admin"); assert_eq!(UserRole::Manager.as_str(), "manager"); assert_eq!(UserRole::User.as_str(), "user"); assert_eq!(UserRole::Guest.as_str(), "guest"); } /// 测试权限检查 #[test] fn test_permission_checks() { // 测试基础权限 assert!(Permission::ReadUser.check_role(&UserRole::Guest)); assert!(Permission::ReadUser.check_role(&UserRole::User)); assert!(Permission::ReadUser.check_role(&UserRole::Manager)); assert!(Permission::ReadUser.check_role(&UserRole::Admin)); // 测试用户权限 assert!(!Permission::UpdateUser.check_role(&UserRole::Guest)); assert!(Permission::UpdateUser.check_role(&UserRole::User)); assert!(Permission::UpdateUser.check_role(&UserRole::Manager)); assert!(Permission::UpdateUser.check_role(&UserRole::Admin)); // 测试管理员权限 assert!(!Permission::CreateUser.check_role(&UserRole::Guest)); assert!(!Permission::CreateUser.check_role(&UserRole::User)); assert!(Permission::CreateUser.check_role(&UserRole::Manager)); assert!(Permission::CreateUser.check_role(&UserRole::Admin)); // 测试超级管理员权限 assert!(!Permission::ManageRoles.check_role(&UserRole::Guest)); assert!(!Permission::ManageRoles.check_role(&UserRole::User)); assert!(!Permission::ManageRoles.check_role(&UserRole::Manager)); assert!(Permission::ManageRoles.check_role(&UserRole::Admin)); } /// 测试角色权限获取 #[test] fn test_get_role_permissions() { let admin_permissions = get_role_permissions(&UserRole::Admin); let manager_permissions = get_role_permissions(&UserRole::Manager); let user_permissions = get_role_permissions(&UserRole::User); let guest_permissions = get_role_permissions(&UserRole::Guest); // 管理员应该有最多权限 assert!(admin_permissions.len() > manager_permissions.len()); assert!(manager_permissions.len() > user_permissions.len()); assert!(user_permissions.len() > guest_permissions.len()); // 验证特定权限 assert!(admin_permissions.contains(&Permission::ManageRoles)); assert!(!manager_permissions.contains(&Permission::ManageRoles)); assert!(manager_permissions.contains(&Permission::CreateUser)); assert!(!user_permissions.contains(&Permission::CreateUser)); assert!(user_permissions.contains(&Permission::UpdateUser)); assert!(!guest_permissions.contains(&Permission::UpdateUser)); assert!(guest_permissions.contains(&Permission::ReadUser)); } /// 测试内存存储的角色功能 #[tokio::test] async fn test_memory_store_role_operations() { let store = MemoryUserStore::new(); // 创建不同角色的用户 let admin_user = create_test_user("admin", "admin@example.com", UserRole::Admin); let manager_user = create_test_user("manager", "manager@example.com", UserRole::Manager); let regular_user = create_test_user("user", "user@example.com", UserRole::User); let guest_user = create_test_user("guest", "guest@example.com", UserRole::Guest); let admin_id = admin_user.id; let manager_id = manager_user.id; let user_id = regular_user.id; let guest_id = guest_user.id; // 创建用户 store.create_user(admin_user).await.unwrap(); store.create_user(manager_user).await.unwrap(); store.create_user(regular_user).await.unwrap(); store.create_user(guest_user).await.unwrap(); // 验证角色正确保存 let retrieved_admin = store.get_user(&admin_id).await.unwrap().unwrap(); assert_eq!(retrieved_admin.role, UserRole::Admin); let retrieved_manager = store.get_user(&manager_id).await.unwrap().unwrap(); assert_eq!(retrieved_manager.role, UserRole::Manager); let retrieved_user = store.get_user(&user_id).await.unwrap().unwrap(); assert_eq!(retrieved_user.role, UserRole::User); let retrieved_guest = store.get_user(&guest_id).await.unwrap().unwrap(); assert_eq!(retrieved_guest.role, UserRole::Guest); // 测试角色更新 let mut updated_user = retrieved_user.clone(); updated_user.role = UserRole::Manager; updated_user.updated_at = Utc::now(); let update_result = store.update_user(&user_id, updated_user).await.unwrap(); assert!(update_result.is_some()); assert_eq!(update_result.unwrap().role, UserRole::Manager); // 验证更新后的角色 let final_user = store.get_user(&user_id).await.unwrap().unwrap(); assert_eq!(final_user.role, UserRole::Manager); } /// 测试数据库存储的角色功能 #[tokio::test] async fn test_database_store_role_operations() { let database_url = "sqlite::memory:"; let store = DatabaseUserStore::from_url(database_url).await.unwrap(); // 创建不同角色的用户 let admin_user = create_test_user("db_admin", "db_admin@example.com", UserRole::Admin); let manager_user = create_test_user("db_manager", "db_manager@example.com", UserRole::Manager); let admin_id = admin_user.id; let manager_id = manager_user.id; // 创建用户 store.create_user(admin_user).await.unwrap(); store.create_user(manager_user).await.unwrap(); // 验证角色正确保存到数据库 let retrieved_admin = store.get_user(&admin_id).await.unwrap().unwrap(); assert_eq!(retrieved_admin.role, UserRole::Admin); let retrieved_manager = store.get_user(&manager_id).await.unwrap().unwrap(); assert_eq!(retrieved_manager.role, UserRole::Manager); // 测试角色更新 let mut updated_manager = retrieved_manager.clone(); updated_manager.role = UserRole::User; updated_manager.updated_at = Utc::now(); let update_result = store.update_user(&manager_id, updated_manager).await.unwrap(); assert!(update_result.is_some()); assert_eq!(update_result.unwrap().role, UserRole::User); // 验证数据库中的角色确实被更新 let final_manager = store.get_user(&manager_id).await.unwrap().unwrap(); assert_eq!(final_manager.role, UserRole::User); } /// 测试角色搜索功能 #[tokio::test] async fn test_role_based_search() { let store = MemoryUserStore::new(); // 创建多个不同角色的用户 let users = vec![ create_test_user("admin1", "admin1@example.com", UserRole::Admin), create_test_user("admin2", "admin2@example.com", UserRole::Admin), create_test_user("manager1", "manager1@example.com", UserRole::Manager), create_test_user("manager2", "manager2@example.com", UserRole::Manager), create_test_user("manager3", "manager3@example.com", UserRole::Manager), create_test_user("user1", "user1@example.com", UserRole::User), create_test_user("user2", "user2@example.com", UserRole::User), create_test_user("guest1", "guest1@example.com", UserRole::Guest), ]; for user in users { store.create_user(user).await.unwrap(); } // 获取所有用户并按角色分类 let all_users = store.list_users().await.unwrap(); let admin_count = all_users.iter().filter(|u| u.role == UserRole::Admin).count(); let manager_count = all_users.iter().filter(|u| u.role == UserRole::Manager).count(); let user_count = all_users.iter().filter(|u| u.role == UserRole::User).count(); let guest_count = all_users.iter().filter(|u| u.role == UserRole::Guest).count(); assert_eq!(admin_count, 2); assert_eq!(manager_count, 3); assert_eq!(user_count, 2); assert_eq!(guest_count, 1); assert_eq!(all_users.len(), 8); } /// 测试角色默认值 #[test] fn test_role_defaults() { let default_role = UserRole::default(); assert_eq!(default_role, UserRole::User); // 测试角色辅助方法 assert!(UserRole::Admin.is_admin()); assert!(!UserRole::Manager.is_admin()); assert!(UserRole::Admin.is_manager_or_above()); assert!(UserRole::Manager.is_manager_or_above()); assert!(!UserRole::User.is_manager_or_above()); assert!(UserRole::User.is_user_or_above()); assert!(UserRole::Manager.is_user_or_above()); assert!(!UserRole::Guest.is_user_or_above()); } /// 测试角色序列化和反序列化 #[test] fn test_role_serialization() { use serde_json; // 测试序列化 let admin_role = UserRole::Admin; let serialized = serde_json::to_string(&admin_role).unwrap(); assert_eq!(serialized, "\"admin\""); let manager_role = UserRole::Manager; let serialized = serde_json::to_string(&manager_role).unwrap(); assert_eq!(serialized, "\"manager\""); // 测试反序列化 let deserialized: UserRole = serde_json::from_str("\"admin\"").unwrap(); assert_eq!(deserialized, UserRole::Admin); let deserialized: UserRole = serde_json::from_str("\"user\"").unwrap(); assert_eq!(deserialized, UserRole::User); } /// 测试创建用户时的默认角色 #[tokio::test] async fn test_create_user_default_role() { let store = MemoryUserStore::new(); // 创建用户时不指定角色,应该使用默认角色 let user = User { id: Uuid::new_v4(), username: "default_role_user".to_string(), email: "default@example.com".to_string(), password_hash: "hashed_password".to_string(), role: UserRole::default(), // 使用默认角色 created_at: Utc::now(), updated_at: Utc::now(), }; let user_id = user.id; store.create_user(user).await.unwrap(); let retrieved_user = store.get_user(&user_id).await.unwrap().unwrap(); assert_eq!(retrieved_user.role, UserRole::User); // 默认应该是User角色 }