novalon-manage-system/novalon-manage-web/e2e/journeys/user-permission-boundary.spec.ts

import { test, expect } from '@playwright/test';

test.describe('用户权限边界验证', () => {
  test('管理员可以访问所有管理功能', async ({ page }) => {
    await test.step('验证可以访问用户管理', async () => {
      await page.goto('/users');
      await expect(page).toHaveURL(/.*users/);
    });

    await test.step('验证可以访问角色管理', async () => {
      await page.goto('/roles');
      await expect(page).toHaveURL(/.*roles/);
    });

    await test.step('验证可以访问菜单管理', async () => {
      await page.goto('/menus');
      await expect(page).toHaveURL(/.*menus/);
    });

    await test.step('验证可以访问系统配置', async () => {
      await page.goto('/sys/config');
      await expect(page).toHaveURL(/.*sys\/config/);
    });
  });

  test('普通用户只能访问个人信息', async ({ page }) => {
    
    await test.step('管理员登出', async () => {
      await page.goto('/dashboard');
      await page.waitForLoadState('networkidle');
      
      const avatarButton = page.locator('.el-avatar').first();
      await avatarButton.click();
      await page.waitForTimeout(500);
      
      await page.locator('text=退出登录').click();
      await page.waitForURL(/.*login/, { timeout: 10000 });
    });
    
    await test.step('普通用户登录', async () => {
      await page.goto('/login');
      await page.waitForLoadState('networkidle');
      
      const usernameInput = page.locator('input[placeholder*="用户名"]');
      const passwordInput = page.locator('input[placeholder*="密码"]');
      const loginButton = page.locator('button:has-text("登录")');
      
      await usernameInput.waitFor({ state: 'visible' });
      await usernameInput.fill('normaluser');
      
      await passwordInput.waitFor({ state: 'visible' });
      await passwordInput.fill('Test@123');
      
      await loginButton.waitFor({ state: 'visible' });
      await loginButton.click();
      
      await page.waitForURL('**/dashboard', { timeout: 30000 });
    });

    await test.step('验证无法访问用户管理', async () => {
      await page.goto('/users');
      await page.waitForTimeout(1000);
      const currentUrl = page.url();
      expect(currentUrl).not.toContain('/users');
    });

    await test.step('验证无法访问角色管理', async () => {
      await page.goto('/roles');
      await page.waitForTimeout(1000);
      const currentUrl = page.url();
      expect(currentUrl).not.toContain('/roles');
    });

    await test.step('验证无法访问菜单管理', async () => {
      await page.goto('/menus');
      await page.waitForTimeout(1000);
      const currentUrl = page.url();
      expect(currentUrl).not.toContain('/menus');
    });
  });

  test('权限不足时显示提示信息', async ({ page }) => {
    
    await test.step('管理员登出', async () => {
      await page.goto('/dashboard');
      await page.waitForLoadState('networkidle');
      
      const avatarButton = page.locator('.el-avatar').first();
      await avatarButton.click();
      await page.waitForTimeout(500);
      
      await page.locator('text=退出登录').click();
      await page.waitForURL(/.*login/, { timeout: 10000 });
    });
    
    await test.step('普通用户登录', async () => {
      await page.goto('/login');
      await page.waitForLoadState('networkidle');
      
      const usernameInput = page.locator('input[placeholder*="用户名"]');
      const passwordInput = page.locator('input[placeholder*="密码"]');
      const loginButton = page.locator('button:has-text("登录")');
      
      await usernameInput.waitFor({ state: 'visible' });
      await usernameInput.fill('normaluser');
      
      await passwordInput.waitFor({ state: 'visible' });
      await passwordInput.fill('Test@123');
      
      await loginButton.waitFor({ state: 'visible' });
      await loginButton.click();
      
      await page.waitForURL('**/dashboard', { timeout: 30000 });
    });

    await test.step('尝试访问受限页面', async () => {
      await page.goto('/users');
      await page.waitForTimeout(2000);

      const errorMessage = page.locator('.el-message, .error-message, [role="alert"]');
      const isVisible = await errorMessage.isVisible().catch(() => false);

      if (isVisible) {
        const text = await errorMessage.textContent();
        expect(text).toMatch(/权限|禁止|无权/i);
      }
    });
  });
});