diff --git a/novalon-manage-web/e2e/role-based-tests/scenarios/user-management/admin-creates-user.spec.ts b/novalon-manage-web/e2e/role-based-tests/scenarios/user-management/admin-creates-user.spec.ts new file mode 100644 index 0000000..2a503e3 --- /dev/null +++ b/novalon-manage-web/e2e/role-based-tests/scenarios/user-management/admin-creates-user.spec.ts @@ -0,0 +1,102 @@ +import { test, expect } from '@playwright/test'; +import { RoleFactory } from '../../roles/role-factory'; +import { createAuthenticatedPage } from '../../shared/auth-helper'; +import { getTestDataManager } from '../../shared/test-data-manager'; + +test.describe('管理员创建用户测试', () => { + test.beforeEach(async ({ page, context }) => { + await createAuthenticatedPage(page, context, 'admin'); + getTestDataManager().setPage(page); + }); + + test.afterEach(async () => { + await getTestDataManager().cleanup('user'); + }); + + test('管理员可以创建新用户', async ({ page }) => { + await page.goto('/user-management'); + + await page.click('button:has-text("新增")'); + + const timestamp = Date.now(); + const userData = { + username: `testuser_${timestamp}`, + password: 'Test@123', + email: `testuser_${timestamp}@test.com`, + phone: '13800138000', + nickname: '测试用户', + }; + + await page.fill('input[placeholder*="用户名"]', userData.username); + await page.fill('input[placeholder*="密码"]', userData.password); + await page.fill('input[placeholder*="邮箱"]', userData.email); + await page.fill('input[placeholder*="手机号"]', userData.phone); + await page.fill('input[placeholder*="昵称"]', userData.nickname); + + await page.click('button:has-text("确定")'); + + const successMessage = page.locator('text=/创建成功|操作成功/i'); + await expect(successMessage).toBeVisible({ timeout: 10000 }); + + const createdUser = page.locator(`text=${userData.username}`); + await expect(createdUser).toBeVisible(); + }); + + test('管理员可以编辑用户信息', async ({ page }) => { + await page.goto('/user-management'); + + const firstEditButton = page.locator('button:has-text("编辑")').first(); + await firstEditButton.click(); + + const nicknameInput = page.locator('input[placeholder*="昵称"]'); + await nicknameInput.fill('更新后的昵称'); + + await page.click('button:has-text("确定")'); + + const successMessage = page.locator('text=/更新成功|操作成功/i'); + await expect(successMessage).toBeVisible({ timeout: 10000 }); + }); + + test('管理员可以删除用户', async ({ page }) => { + await page.goto('/user-management'); + + const firstDeleteButton = page.locator('button:has-text("删除")').first(); + await firstDeleteButton.click(); + + const confirmButton = page.locator('button:has-text("确定")'); + await confirmButton.click(); + + const successMessage = page.locator('text=/删除成功|操作成功/i'); + await expect(successMessage).toBeVisible({ timeout: 10000 }); + }); + + test('创建用户时用户名重复验证', async ({ page }) => { + await page.goto('/user-management'); + + await page.click('button:has-text("新增")'); + + await page.fill('input[placeholder*="用户名"]', 'admin'); + await page.fill('input[placeholder*="密码"]', 'Test@123'); + await page.fill('input[placeholder*="邮箱"]', 'admin@test.com'); + + await page.click('button:has-text("确定")'); + + const errorMessage = page.locator('text=/用户名已存在|用户名重复/i'); + await expect(errorMessage).toBeVisible({ timeout: 5000 }); + }); + + test('创建用户时邮箱格式验证', async ({ page }) => { + await page.goto('/user-management'); + + await page.click('button:has-text("新增")'); + + await page.fill('input[placeholder*="用户名"]', 'testuser'); + await page.fill('input[placeholder*="密码"]', 'Test@123'); + await page.fill('input[placeholder*="邮箱"]', 'invalid-email'); + + await page.click('button:has-text("确定")'); + + const errorMessage = page.locator('text=/邮箱格式不正确|请输入正确的邮箱/i'); + await expect(errorMessage).toBeVisible({ timeout: 5000 }); + }); +}); diff --git a/novalon-manage-web/e2e/role-based-tests/scenarios/user-management/permission-boundary.spec.ts b/novalon-manage-web/e2e/role-based-tests/scenarios/user-management/permission-boundary.spec.ts new file mode 100644 index 0000000..0c65628 --- /dev/null +++ b/novalon-manage-web/e2e/role-based-tests/scenarios/user-management/permission-boundary.spec.ts @@ -0,0 +1,130 @@ +import { test, expect } from '@playwright/test'; +import { RoleFactory } from '../../roles/role-factory'; +import { createAuthenticatedPage } from '../../shared/auth-helper'; +import { createPermissionHelper } from '../../shared/permission-helper'; + +test.describe('权限边界验证测试', () => { + test.describe('管理员权限', () => { + test.beforeEach(async ({ page, context }) => { + await createAuthenticatedPage(page, context, 'admin'); + }); + + test('管理员可以访问用户管理页面', async ({ page }) => { + const permissionHelper = createPermissionHelper(page); + const adminRole = RoleFactory.getRole('admin'); + + await permissionHelper.verifyCanAccess('/user-management'); + }); + + test('管理员可以访问角色管理页面', async ({ page }) => { + const permissionHelper = createPermissionHelper(page); + + await permissionHelper.verifyCanAccess('/role-management'); + }); + + test('管理员可以创建用户', async ({ page }) => { + await page.goto('/user-management'); + + const createButton = page.locator('button:has-text("新增")'); + await expect(createButton).toBeVisible(); + await expect(createButton).toBeEnabled(); + }); + + test('管理员可以编辑用户', async ({ page }) => { + await page.goto('/user-management'); + + const editButton = page.locator('button:has-text("编辑")').first(); + await expect(editButton).toBeVisible(); + }); + + test('管理员可以删除用户', async ({ page }) => { + await page.goto('/user-management'); + + const deleteButton = page.locator('button:has-text("删除")').first(); + await expect(deleteButton).toBeVisible(); + }); + }); + + test.describe('普通用户权限', () => { + test.beforeEach(async ({ page, context }) => { + await createAuthenticatedPage(page, context, 'user'); + }); + + test('普通用户无法访问用户管理页面', async ({ page }) => { + const permissionHelper = createPermissionHelper(page); + const userRole = RoleFactory.getRole('user'); + + await permissionHelper.verifyCannotAccess('/user-management'); + }); + + test('普通用户无法访问角色管理页面', async ({ page }) => { + const permissionHelper = createPermissionHelper(page); + + await permissionHelper.verifyCannotAccess('/role-management'); + }); + + test('普通用户可以访问个人中心', async ({ page }) => { + await page.goto('/profile'); + + await expect(page).not.toHaveURL(/\/login/); + await expect(page).not.toHaveURL(/\/403/); + }); + + test('普通用户可以修改个人信息', async ({ page }) => { + await page.goto('/profile'); + + const editButton = page.locator('button:has-text("编辑")'); + const count = await editButton.count(); + + if (count > 0) { + await expect(editButton.first()).toBeVisible(); + } + }); + }); + + test.describe('测试用户权限', () => { + test.beforeEach(async ({ page, context }) => { + await createAuthenticatedPage(page, context, 'test'); + }); + + test('测试用户无法访问用户管理页面', async ({ page }) => { + const permissionHelper = createPermissionHelper(page); + + await permissionHelper.verifyCannotAccess('/user-management'); + }); + + test('测试用户可以访问测试页面', async ({ page }) => { + await page.goto('/test'); + + await expect(page).not.toHaveURL(/\/login/); + await expect(page).not.toHaveURL(/\/403/); + }); + }); + + test.describe('跨角色权限对比', () => { + test('不同角色访问权限对比', async ({ page, context }) => { + const roles = ['admin', 'user', 'test']; + const protectedPaths = ['/user-management', '/role-management', '/menu-management']; + + for (const roleName of roles) { + const role = RoleFactory.getRole(roleName); + const helper = new (await import('../../shared/auth-helper')).AuthHelper(page, context); + await helper.clearAuth(); + await helper.loginAsRole(roleName); + + for (const path of protectedPaths) { + await page.goto(path); + + const isForbidden = role.cannotAccess.includes(path); + const url = page.url(); + + if (isForbidden) { + expect(url.includes('/403') || url.includes('/login')).toBeTruthy(); + } else { + expect(url.includes('/403')).toBeFalsy(); + } + } + } + }); + }); +});