enoch
bb9d7a869d
Some checks failed
Deploy to Production / Run Tests (push) Failing after 16m35s
Deploy to Production / Security Scan (push) Has been skipped
Deploy to Production / Build Docker Image (push) Has been skipped
Deploy to Production / Deploy to Staging (push) Has been skipped
Deploy to Production / Deploy to Production (push) Has been skipped
Deploy to Production / Notify Results (push) Successful in 31s
✨ 新功能: - SQLite数据库集成和持久化存储 - 数据库迁移系统和版本管理 - API分页功能和高效查询 - 用户搜索和过滤机制 - 完整的RBAC角色权限系统 - 结构化日志记录和系统监控 - API限流和多层安全防护 - Docker容器化和生产部署配置 🔒 安全特性: - JWT认证和授权 - 限流和防暴力破解 - 安全头和CORS配置 - 输入验证和XSS防护 - 审计日志和安全监控 📊 监控和运维: - Prometheus指标收集 - 健康检查和系统监控 - 自动化备份和恢复 - 完整的运维文档和脚本 - CI/CD流水线配置 🚀 部署支持: - 多环境Docker配置 - 生产环境部署指南 - 性能优化和安全加固 - 故障排除和应急响应 - 自动化运维脚本 📚 文档完善: - API使用文档 - 部署检查清单 - 运维操作手册 - 性能和安全指南 - 故障排除指南
296 lines
11 KiB
Rust
296 lines
11 KiB
Rust
//! 角色管理功能测试
|
|
|
|
use rust_user_api::{
|
|
models::{
|
|
user::User,
|
|
role::{UserRole, Permission, get_role_permissions},
|
|
},
|
|
storage::{database::DatabaseUserStore, memory::MemoryUserStore, UserStore},
|
|
utils::errors::ApiError,
|
|
};
|
|
use uuid::Uuid;
|
|
use chrono::Utc;
|
|
|
|
/// 创建测试用户
|
|
fn create_test_user(username: &str, email: &str, role: UserRole) -> User {
|
|
User {
|
|
id: Uuid::new_v4(),
|
|
username: username.to_string(),
|
|
email: email.to_string(),
|
|
password_hash: "hashed_password".to_string(),
|
|
role,
|
|
created_at: Utc::now(),
|
|
updated_at: Utc::now(),
|
|
}
|
|
}
|
|
|
|
/// 测试角色权限系统
|
|
#[test]
|
|
fn test_role_permission_system() {
|
|
// 测试角色权限级别
|
|
assert!(UserRole::Admin.permission_level() > UserRole::Manager.permission_level());
|
|
assert!(UserRole::Manager.permission_level() > UserRole::User.permission_level());
|
|
assert!(UserRole::User.permission_level() > UserRole::Guest.permission_level());
|
|
|
|
// 测试权限检查
|
|
assert!(UserRole::Admin.has_permission(&UserRole::User));
|
|
assert!(UserRole::Manager.has_permission(&UserRole::User));
|
|
assert!(!UserRole::User.has_permission(&UserRole::Manager));
|
|
assert!(!UserRole::Guest.has_permission(&UserRole::User));
|
|
}
|
|
|
|
/// 测试角色字符串转换
|
|
#[test]
|
|
fn test_role_string_conversion() {
|
|
assert_eq!(UserRole::from_str("admin"), Some(UserRole::Admin));
|
|
assert_eq!(UserRole::from_str("manager"), Some(UserRole::Manager));
|
|
assert_eq!(UserRole::from_str("user"), Some(UserRole::User));
|
|
assert_eq!(UserRole::from_str("guest"), Some(UserRole::Guest));
|
|
assert_eq!(UserRole::from_str("invalid"), None);
|
|
|
|
assert_eq!(UserRole::Admin.as_str(), "admin");
|
|
assert_eq!(UserRole::Manager.as_str(), "manager");
|
|
assert_eq!(UserRole::User.as_str(), "user");
|
|
assert_eq!(UserRole::Guest.as_str(), "guest");
|
|
}
|
|
|
|
/// 测试权限检查
|
|
#[test]
|
|
fn test_permission_checks() {
|
|
// 测试基础权限
|
|
assert!(Permission::ReadUser.check_role(&UserRole::Guest));
|
|
assert!(Permission::ReadUser.check_role(&UserRole::User));
|
|
assert!(Permission::ReadUser.check_role(&UserRole::Manager));
|
|
assert!(Permission::ReadUser.check_role(&UserRole::Admin));
|
|
|
|
// 测试用户权限
|
|
assert!(!Permission::UpdateUser.check_role(&UserRole::Guest));
|
|
assert!(Permission::UpdateUser.check_role(&UserRole::User));
|
|
assert!(Permission::UpdateUser.check_role(&UserRole::Manager));
|
|
assert!(Permission::UpdateUser.check_role(&UserRole::Admin));
|
|
|
|
// 测试管理员权限
|
|
assert!(!Permission::CreateUser.check_role(&UserRole::Guest));
|
|
assert!(!Permission::CreateUser.check_role(&UserRole::User));
|
|
assert!(Permission::CreateUser.check_role(&UserRole::Manager));
|
|
assert!(Permission::CreateUser.check_role(&UserRole::Admin));
|
|
|
|
// 测试超级管理员权限
|
|
assert!(!Permission::ManageRoles.check_role(&UserRole::Guest));
|
|
assert!(!Permission::ManageRoles.check_role(&UserRole::User));
|
|
assert!(!Permission::ManageRoles.check_role(&UserRole::Manager));
|
|
assert!(Permission::ManageRoles.check_role(&UserRole::Admin));
|
|
}
|
|
|
|
/// 测试角色权限获取
|
|
#[test]
|
|
fn test_get_role_permissions() {
|
|
let admin_permissions = get_role_permissions(&UserRole::Admin);
|
|
let manager_permissions = get_role_permissions(&UserRole::Manager);
|
|
let user_permissions = get_role_permissions(&UserRole::User);
|
|
let guest_permissions = get_role_permissions(&UserRole::Guest);
|
|
|
|
// 管理员应该有最多权限
|
|
assert!(admin_permissions.len() > manager_permissions.len());
|
|
assert!(manager_permissions.len() > user_permissions.len());
|
|
assert!(user_permissions.len() > guest_permissions.len());
|
|
|
|
// 验证特定权限
|
|
assert!(admin_permissions.contains(&Permission::ManageRoles));
|
|
assert!(!manager_permissions.contains(&Permission::ManageRoles));
|
|
|
|
assert!(manager_permissions.contains(&Permission::CreateUser));
|
|
assert!(!user_permissions.contains(&Permission::CreateUser));
|
|
|
|
assert!(user_permissions.contains(&Permission::UpdateUser));
|
|
assert!(!guest_permissions.contains(&Permission::UpdateUser));
|
|
|
|
assert!(guest_permissions.contains(&Permission::ReadUser));
|
|
}
|
|
|
|
/// 测试内存存储的角色功能
|
|
#[tokio::test]
|
|
async fn test_memory_store_role_operations() {
|
|
let store = MemoryUserStore::new();
|
|
|
|
// 创建不同角色的用户
|
|
let admin_user = create_test_user("admin", "admin@example.com", UserRole::Admin);
|
|
let manager_user = create_test_user("manager", "manager@example.com", UserRole::Manager);
|
|
let regular_user = create_test_user("user", "user@example.com", UserRole::User);
|
|
let guest_user = create_test_user("guest", "guest@example.com", UserRole::Guest);
|
|
|
|
let admin_id = admin_user.id;
|
|
let manager_id = manager_user.id;
|
|
let user_id = regular_user.id;
|
|
let guest_id = guest_user.id;
|
|
|
|
// 创建用户
|
|
store.create_user(admin_user).await.unwrap();
|
|
store.create_user(manager_user).await.unwrap();
|
|
store.create_user(regular_user).await.unwrap();
|
|
store.create_user(guest_user).await.unwrap();
|
|
|
|
// 验证角色正确保存
|
|
let retrieved_admin = store.get_user(&admin_id).await.unwrap().unwrap();
|
|
assert_eq!(retrieved_admin.role, UserRole::Admin);
|
|
|
|
let retrieved_manager = store.get_user(&manager_id).await.unwrap().unwrap();
|
|
assert_eq!(retrieved_manager.role, UserRole::Manager);
|
|
|
|
let retrieved_user = store.get_user(&user_id).await.unwrap().unwrap();
|
|
assert_eq!(retrieved_user.role, UserRole::User);
|
|
|
|
let retrieved_guest = store.get_user(&guest_id).await.unwrap().unwrap();
|
|
assert_eq!(retrieved_guest.role, UserRole::Guest);
|
|
|
|
// 测试角色更新
|
|
let mut updated_user = retrieved_user.clone();
|
|
updated_user.role = UserRole::Manager;
|
|
updated_user.updated_at = Utc::now();
|
|
|
|
let update_result = store.update_user(&user_id, updated_user).await.unwrap();
|
|
assert!(update_result.is_some());
|
|
assert_eq!(update_result.unwrap().role, UserRole::Manager);
|
|
|
|
// 验证更新后的角色
|
|
let final_user = store.get_user(&user_id).await.unwrap().unwrap();
|
|
assert_eq!(final_user.role, UserRole::Manager);
|
|
}
|
|
|
|
/// 测试数据库存储的角色功能
|
|
#[tokio::test]
|
|
async fn test_database_store_role_operations() {
|
|
let database_url = "sqlite::memory:";
|
|
let store = DatabaseUserStore::from_url(database_url).await.unwrap();
|
|
|
|
// 创建不同角色的用户
|
|
let admin_user = create_test_user("db_admin", "db_admin@example.com", UserRole::Admin);
|
|
let manager_user = create_test_user("db_manager", "db_manager@example.com", UserRole::Manager);
|
|
|
|
let admin_id = admin_user.id;
|
|
let manager_id = manager_user.id;
|
|
|
|
// 创建用户
|
|
store.create_user(admin_user).await.unwrap();
|
|
store.create_user(manager_user).await.unwrap();
|
|
|
|
// 验证角色正确保存到数据库
|
|
let retrieved_admin = store.get_user(&admin_id).await.unwrap().unwrap();
|
|
assert_eq!(retrieved_admin.role, UserRole::Admin);
|
|
|
|
let retrieved_manager = store.get_user(&manager_id).await.unwrap().unwrap();
|
|
assert_eq!(retrieved_manager.role, UserRole::Manager);
|
|
|
|
// 测试角色更新
|
|
let mut updated_manager = retrieved_manager.clone();
|
|
updated_manager.role = UserRole::User;
|
|
updated_manager.updated_at = Utc::now();
|
|
|
|
let update_result = store.update_user(&manager_id, updated_manager).await.unwrap();
|
|
assert!(update_result.is_some());
|
|
assert_eq!(update_result.unwrap().role, UserRole::User);
|
|
|
|
// 验证数据库中的角色确实被更新
|
|
let final_manager = store.get_user(&manager_id).await.unwrap().unwrap();
|
|
assert_eq!(final_manager.role, UserRole::User);
|
|
}
|
|
|
|
/// 测试角色搜索功能
|
|
#[tokio::test]
|
|
async fn test_role_based_search() {
|
|
let store = MemoryUserStore::new();
|
|
|
|
// 创建多个不同角色的用户
|
|
let users = vec![
|
|
create_test_user("admin1", "admin1@example.com", UserRole::Admin),
|
|
create_test_user("admin2", "admin2@example.com", UserRole::Admin),
|
|
create_test_user("manager1", "manager1@example.com", UserRole::Manager),
|
|
create_test_user("manager2", "manager2@example.com", UserRole::Manager),
|
|
create_test_user("manager3", "manager3@example.com", UserRole::Manager),
|
|
create_test_user("user1", "user1@example.com", UserRole::User),
|
|
create_test_user("user2", "user2@example.com", UserRole::User),
|
|
create_test_user("guest1", "guest1@example.com", UserRole::Guest),
|
|
];
|
|
|
|
for user in users {
|
|
store.create_user(user).await.unwrap();
|
|
}
|
|
|
|
// 获取所有用户并按角色分类
|
|
let all_users = store.list_users().await.unwrap();
|
|
|
|
let admin_count = all_users.iter().filter(|u| u.role == UserRole::Admin).count();
|
|
let manager_count = all_users.iter().filter(|u| u.role == UserRole::Manager).count();
|
|
let user_count = all_users.iter().filter(|u| u.role == UserRole::User).count();
|
|
let guest_count = all_users.iter().filter(|u| u.role == UserRole::Guest).count();
|
|
|
|
assert_eq!(admin_count, 2);
|
|
assert_eq!(manager_count, 3);
|
|
assert_eq!(user_count, 2);
|
|
assert_eq!(guest_count, 1);
|
|
assert_eq!(all_users.len(), 8);
|
|
}
|
|
|
|
/// 测试角色默认值
|
|
#[test]
|
|
fn test_role_defaults() {
|
|
let default_role = UserRole::default();
|
|
assert_eq!(default_role, UserRole::User);
|
|
|
|
// 测试角色辅助方法
|
|
assert!(UserRole::Admin.is_admin());
|
|
assert!(!UserRole::Manager.is_admin());
|
|
|
|
assert!(UserRole::Admin.is_manager_or_above());
|
|
assert!(UserRole::Manager.is_manager_or_above());
|
|
assert!(!UserRole::User.is_manager_or_above());
|
|
|
|
assert!(UserRole::User.is_user_or_above());
|
|
assert!(UserRole::Manager.is_user_or_above());
|
|
assert!(!UserRole::Guest.is_user_or_above());
|
|
}
|
|
|
|
/// 测试角色序列化和反序列化
|
|
#[test]
|
|
fn test_role_serialization() {
|
|
use serde_json;
|
|
|
|
// 测试序列化
|
|
let admin_role = UserRole::Admin;
|
|
let serialized = serde_json::to_string(&admin_role).unwrap();
|
|
assert_eq!(serialized, "\"admin\"");
|
|
|
|
let manager_role = UserRole::Manager;
|
|
let serialized = serde_json::to_string(&manager_role).unwrap();
|
|
assert_eq!(serialized, "\"manager\"");
|
|
|
|
// 测试反序列化
|
|
let deserialized: UserRole = serde_json::from_str("\"admin\"").unwrap();
|
|
assert_eq!(deserialized, UserRole::Admin);
|
|
|
|
let deserialized: UserRole = serde_json::from_str("\"user\"").unwrap();
|
|
assert_eq!(deserialized, UserRole::User);
|
|
}
|
|
|
|
/// 测试创建用户时的默认角色
|
|
#[tokio::test]
|
|
async fn test_create_user_default_role() {
|
|
let store = MemoryUserStore::new();
|
|
|
|
// 创建用户时不指定角色,应该使用默认角色
|
|
let user = User {
|
|
id: Uuid::new_v4(),
|
|
username: "default_role_user".to_string(),
|
|
email: "default@example.com".to_string(),
|
|
password_hash: "hashed_password".to_string(),
|
|
role: UserRole::default(), // 使用默认角色
|
|
created_at: Utc::now(),
|
|
updated_at: Utc::now(),
|
|
};
|
|
|
|
let user_id = user.id;
|
|
store.create_user(user).await.unwrap();
|
|
|
|
let retrieved_user = store.get_user(&user_id).await.unwrap().unwrap();
|
|
assert_eq!(retrieved_user.role, UserRole::User); // 默认应该是User角色
|
|
} |