import { test, expect } from '@playwright/test'; import { RoleFactory } from '../../roles/role-factory'; import { createAuthenticatedPage } from '../../shared/auth-helper'; import { createPermissionHelper } from '../../shared/permission-helper'; test.describe('权限边界验证测试', () => { test.describe('管理员权限', () => { test.beforeEach(async ({ page, context }) => { await createAuthenticatedPage(page, context, 'admin'); }); test('管理员可以访问用户管理页面', async ({ page }) => { const permissionHelper = createPermissionHelper(page); const adminRole = RoleFactory.getRole('admin'); await permissionHelper.verifyCanAccess('/user-management'); }); test('管理员可以访问角色管理页面', async ({ page }) => { const permissionHelper = createPermissionHelper(page); await permissionHelper.verifyCanAccess('/role-management'); }); test('管理员可以创建用户', async ({ page }) => { await page.goto('/user-management'); const createButton = page.locator('button:has-text("新增")'); await expect(createButton).toBeVisible(); await expect(createButton).toBeEnabled(); }); test('管理员可以编辑用户', async ({ page }) => { await page.goto('/user-management'); const editButton = page.locator('button:has-text("编辑")').first(); await expect(editButton).toBeVisible(); }); test('管理员可以删除用户', async ({ page }) => { await page.goto('/user-management'); const deleteButton = page.locator('button:has-text("删除")').first(); await expect(deleteButton).toBeVisible(); }); }); test.describe('普通用户权限', () => { test.beforeEach(async ({ page, context }) => { await createAuthenticatedPage(page, context, 'user'); }); test('普通用户无法访问用户管理页面', async ({ page }) => { const permissionHelper = createPermissionHelper(page); const userRole = RoleFactory.getRole('user'); await permissionHelper.verifyCannotAccess('/user-management'); }); test('普通用户无法访问角色管理页面', async ({ page }) => { const permissionHelper = createPermissionHelper(page); await permissionHelper.verifyCannotAccess('/role-management'); }); test('普通用户可以访问个人中心', async ({ page }) => { await page.goto('/profile'); await expect(page).not.toHaveURL(/\/login/); await expect(page).not.toHaveURL(/\/403/); }); test('普通用户可以修改个人信息', async ({ page }) => { await page.goto('/profile'); const editButton = page.locator('button:has-text("编辑")'); const count = await editButton.count(); if (count > 0) { await expect(editButton.first()).toBeVisible(); } }); }); test.describe('测试用户权限', () => { test.beforeEach(async ({ page, context }) => { await createAuthenticatedPage(page, context, 'test'); }); test('测试用户无法访问用户管理页面', async ({ page }) => { const permissionHelper = createPermissionHelper(page); await permissionHelper.verifyCannotAccess('/user-management'); }); test('测试用户可以访问测试页面', async ({ page }) => { await page.goto('/test'); await expect(page).not.toHaveURL(/\/login/); await expect(page).not.toHaveURL(/\/403/); }); }); test.describe('跨角色权限对比', () => { test('不同角色访问权限对比', async ({ page, context }) => { const roles = ['admin', 'user', 'test']; const protectedPaths = ['/user-management', '/role-management', '/menu-management']; for (const roleName of roles) { const role = RoleFactory.getRole(roleName); const helper = new (await import('../../shared/auth-helper')).AuthHelper(page, context); await helper.clearAuth(); await helper.loginAsRole(roleName); for (const path of protectedPaths) { await page.goto(path); const isForbidden = role.cannotAccess.includes(path); const url = page.url(); if (isForbidden) { expect(url.includes('/403') || url.includes('/login')).toBeTruthy(); } else { expect(url.includes('/403')).toBeFalsy(); } } } }); }); });