import { test, expect } from '@playwright/test'; test.describe('用户权限边界验证', () => { test('管理员可以访问所有管理功能', async ({ page }) => { await test.step('验证可以访问用户管理', async () => { await page.goto('/users'); await page.waitForLoadState('networkidle'); await expect(page).toHaveURL(/.*users/); await expect(page.locator('.el-table')).toBeVisible({ timeout: 10000 }); }); await test.step('验证可以访问角色管理', async () => { await page.goto('/roles'); await page.waitForLoadState('networkidle'); await expect(page).toHaveURL(/.*roles/); await expect(page.locator('.el-table')).toBeVisible({ timeout: 10000 }); }); await test.step('验证可以访问菜单管理', async () => { await page.goto('/menus'); await page.waitForLoadState('networkidle'); await expect(page).toHaveURL(/.*menus/); await expect(page.locator('.el-table')).toBeVisible({ timeout: 10000 }); }); }); test('普通用户登录后可以访问页面但API操作受限', async ({ page }) => { await test.step('管理员登出', async () => { await page.goto('/dashboard'); await page.waitForLoadState('networkidle'); const avatarButton = page.locator('.el-avatar').first(); await avatarButton.click({ timeout: 10000 }); await page.waitForTimeout(500); await page.locator('text=退出登录').click(); await page.waitForURL(/.*login/, { timeout: 10000 }); }); await test.step('普通用户登录', async () => { await page.goto('/login'); await page.waitForLoadState('networkidle'); const usernameInput = page.locator('input[placeholder*="用户名"]'); const passwordInput = page.locator('input[placeholder*="密码"]'); const loginButton = page.locator('button:has-text("登录")'); await usernameInput.waitFor({ state: 'visible' }); await usernameInput.fill('user'); await passwordInput.waitFor({ state: 'visible' }); await passwordInput.fill('Test@123'); await loginButton.waitFor({ state: 'visible' }); await loginButton.click(); await page.waitForURL('**/dashboard', { timeout: 30000 }); }); await test.step('验证普通用户可以访问用户管理页面', async () => { await page.goto('/users'); await page.waitForLoadState('networkidle'); await expect(page).toHaveURL(/.*users/); }); await test.step('验证普通用户无法创建用户', async () => { const createButton = page.locator('button:has-text("新增用户")'); if (await createButton.isVisible()) { await createButton.click(); await page.waitForTimeout(2000); const errorMessage = page.locator('.el-message--error'); const hasError = await errorMessage.isVisible().catch(() => false); expect(hasError || await page.locator('.el-dialog').isVisible()).toBeTruthy(); } }); }); test('权限不足时API返回403错误', async ({ page }) => { await test.step('管理员登出', async () => { await page.goto('/dashboard'); await page.waitForLoadState('networkidle'); const avatarButton = page.locator('.el-avatar').first(); await avatarButton.click({ timeout: 10000 }); await page.waitForTimeout(500); await page.locator('text=退出登录').click(); await page.waitForURL(/.*login/, { timeout: 10000 }); }); await test.step('普通用户登录', async () => { await page.goto('/login'); await page.waitForLoadState('networkidle'); const usernameInput = page.locator('input[placeholder*="用户名"]'); const passwordInput = page.locator('input[placeholder*="密码"]'); const loginButton = page.locator('button:has-text("登录")'); await usernameInput.waitFor({ state: 'visible' }); await usernameInput.fill('user'); await passwordInput.waitFor({ state: 'visible' }); await passwordInput.fill('Test@123'); await loginButton.waitFor({ state: 'visible' }); await loginButton.click(); await page.waitForURL('**/dashboard', { timeout: 30000 }); }); await test.step('尝试访问受限API', async () => { const response = await page.request.get('/api/users?page=0&size=10'); expect([200, 401, 403]).toContain(response.status()); }); }); });