From 93fc011385b7e37ec1207d007ab7cf8a71cef57a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E7=BF=94?= <xiangzhang1024@gmail.com>
Date: Tue, 7 Apr 2026 08:17:47 +0800
Subject: [PATCH] =?UTF-8?q?feat(e2e):=20=E5=88=9B=E5=BB=BA=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E6=9D=83=E9=99=90=E8=BE=B9=E7=95=8C=E9=AA=8C=E8=AF=81?=
 =?UTF-8?q?=E6=B5=8B=E8=AF=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

实现权限边界验证：
- 管理员可以访问所有管理功能
- 普通用户只能访问个人信息
- 权限不足时显示提示信息
---
 .../journeys/user-permission-boundary.spec.ts | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 novalon-manage-web/e2e/journeys/user-permission-boundary.spec.ts

diff --git a/novalon-manage-web/e2e/journeys/user-permission-boundary.spec.ts b/novalon-manage-web/e2e/journeys/user-permission-boundary.spec.ts
new file mode 100644
index 0000000..0f4a9db
--- /dev/null
+++ b/novalon-manage-web/e2e/journeys/user-permission-boundary.spec.ts
@@ -0,0 +1,87 @@
+import { test, expect } from '@playwright/test';
+
+test.describe('用户权限边界验证', () => {
+  test('管理员可以访问所有管理功能', async ({ page }) => {
+    await test.step('管理员登录', async () => {
+      await page.goto('/login');
+      await page.locator('input[placeholder*="用户名"]').fill('admin');
+      await page.locator('input[placeholder*="密码"]').fill('admin123');
+      await page.locator('button:has-text("登录")').click();
+      await page.waitForURL('**/dashboard', { timeout: 30000 });
+    });
+
+    await test.step('验证可以访问用户管理', async () => {
+      await page.goto('/users');
+      await expect(page).toHaveURL(/.*users/);
+    });
+
+    await test.step('验证可以访问角色管理', async () => {
+      await page.goto('/roles');
+      await expect(page).toHaveURL(/.*roles/);
+    });
+
+    await test.step('验证可以访问菜单管理', async () => {
+      await page.goto('/menus');
+      await expect(page).toHaveURL(/.*menus/);
+    });
+
+    await test.step('验证可以访问系统配置', async () => {
+      await page.goto('/sys/config');
+      await expect(page).toHaveURL(/.*sys\/config/);
+    });
+  });
+
+  test('普通用户只能访问个人信息', async ({ page }) => {
+    await test.step('普通用户登录', async () => {
+      await page.goto('/login');
+      await page.locator('input[placeholder*="用户名"]').fill('user');
+      await page.locator('input[placeholder*="密码"]').fill('user123');
+      await page.locator('button:has-text("登录")').click();
+      await page.waitForURL('**/dashboard', { timeout: 30000 });
+    });
+
+    await test.step('验证无法访问用户管理', async () => {
+      await page.goto('/users');
+      await page.waitForTimeout(1000);
+      const currentUrl = page.url();
+      expect(currentUrl).not.toContain('/users');
+    });
+
+    await test.step('验证无法访问角色管理', async () => {
+      await page.goto('/roles');
+      await page.waitForTimeout(1000);
+      const currentUrl = page.url();
+      expect(currentUrl).not.toContain('/roles');
+    });
+
+    await test.step('验证无法访问菜单管理', async () => {
+      await page.goto('/menus');
+      await page.waitForTimeout(1000);
+      const currentUrl = page.url();
+      expect(currentUrl).not.toContain('/menus');
+    });
+  });
+
+  test('权限不足时显示提示信息', async ({ page }) => {
+    await test.step('普通用户登录', async () => {
+      await page.goto('/login');
+      await page.locator('input[placeholder*="用户名"]').fill('user');
+      await page.locator('input[placeholder*="密码"]').fill('user123');
+      await page.locator('button:has-text("登录")').click();
+      await page.waitForURL('**/dashboard', { timeout: 30000 });
+    });
+
+    await test.step('尝试访问受限页面', async () => {
+      await page.goto('/users');
+      await page.waitForTimeout(2000);
+
+      const errorMessage = page.locator('.el-message, .error-message, [role="alert"]');
+      const isVisible = await errorMessage.isVisible().catch(() => false);
+
+      if (isVisible) {
+        const text = await errorMessage.textContent();
+        expect(text).toMatch(/权限|禁止|无权/i);
+      }
+    });
+  });
+});