feat: 初始化知识库系统项目

- 实现基于 Laravel 11 和 Filament 3.X 的文档管理系统 - 添加用户认证和分组管理功能 - 实现文档上传、分类和权限控制 - 集成 Word 文档自动转换为 Markdown - 集成 Meilisearch 全文搜索引擎 - 实现文档在线预览功能 - 添加安全日志和审计功能 - 完整的简体中文界面 - 包含完整的项目文档和部署指南技术栈: - Laravel 11.x - Filament 3.X - Meilisearch 1.5+ - Pandoc 文档转换 - Redis 队列系统 - Pest PHP 测试框架
2025-12-05 14:44:44 +08:00
commit acf549c43c
165 changed files with 32838 additions and 0 deletions
--- a/tests/Feature/DocumentPolicyTest.php
+++ b/tests/Feature/DocumentPolicyTest.php
@@ -0,0 +1,174 @@
+<?php
+
+use App\Models\Document;
+use App\Models\Group;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+describe('DocumentPolicy', function () {
+    
+    test('viewAny 允许所有已认证用户查看文档列表', function () {
+        $user = User::factory()->create();
+        
+        expect($user->can('viewAny', Document::class))->toBeTrue();
+    });
+
+    test('view 允许所有用户查看全局文档', function () {
+        $user = User::factory()->create();
+        $document = Document::factory()->create([
+            'type' => 'global',
+            'group_id' => null,
+        ]);
+        
+        expect($user->can('view', $document))->toBeTrue();
+    });
+
+    test('view 允许分组成员查看该分组的专用文档', function () {
+        $group = Group::factory()->create();
+        $user = User::factory()->create();
+        $user->groups()->attach($group);
+        
+        $document = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => $group->id,
+        ]);
+        
+        expect($user->can('view', $document))->toBeTrue();
+    });
+
+    test('view 拒绝非分组成员查看专用文档', function () {
+        $group = Group::factory()->create();
+        $user = User::factory()->create();
+        // 用户不属于该分组
+        
+        $document = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => $group->id,
+        ]);
+        
+        expect($user->can('view', $document))->toBeFalse();
+    });
+
+    test('view 拒绝访问没有分组的专用文档', function () {
+        $user = User::factory()->create();
+        
+        $document = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => null,
+        ]);
+        
+        expect($user->can('view', $document))->toBeFalse();
+    });
+
+    test('create 允许所有已认证用户创建文档', function () {
+        $user = User::factory()->create();
+        
+        expect($user->can('create', Document::class))->toBeTrue();
+    });
+
+    test('update 只允许文档上传者更新文档', function () {
+        $uploader = User::factory()->create();
+        $otherUser = User::factory()->create();
+        
+        $document = Document::factory()->create([
+            'uploaded_by' => $uploader->id,
+        ]);
+        
+        expect($uploader->can('update', $document))->toBeTrue();
+        expect($otherUser->can('update', $document))->toBeFalse();
+    });
+
+    test('delete 只允许文档上传者删除文档', function () {
+        $uploader = User::factory()->create();
+        $otherUser = User::factory()->create();
+        
+        $document = Document::factory()->create([
+            'uploaded_by' => $uploader->id,
+        ]);
+        
+        expect($uploader->can('delete', $document))->toBeTrue();
+        expect($otherUser->can('delete', $document))->toBeFalse();
+    });
+
+    test('download 允许所有用户下载全局文档', function () {
+        $user = User::factory()->create();
+        $document = Document::factory()->create([
+            'type' => 'global',
+            'group_id' => null,
+        ]);
+        
+        expect($user->can('download', $document))->toBeTrue();
+    });
+
+    test('download 允许分组成员下载该分组的专用文档', function () {
+        $group = Group::factory()->create();
+        $user = User::factory()->create();
+        $user->groups()->attach($group);
+        
+        $document = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => $group->id,
+        ]);
+        
+        expect($user->can('download', $document))->toBeTrue();
+    });
+
+    test('download 拒绝非分组成员下载专用文档', function () {
+        $group = Group::factory()->create();
+        $user = User::factory()->create();
+        // 用户不属于该分组
+        
+        $document = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => $group->id,
+        ]);
+        
+        expect($user->can('download', $document))->toBeFalse();
+    });
+
+    test('用户从分组移除后失去访问权限', function () {
+        $group = Group::factory()->create();
+        $user = User::factory()->create();
+        $user->groups()->attach($group);
+        
+        $document = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => $group->id,
+        ]);
+        
+        // 用户在分组中时可以访问
+        expect($user->can('view', $document))->toBeTrue();
+        
+        // 从分组中移除用户
+        $user->groups()->detach($group);
+        
+        // 刷新用户关系
+        $user->refresh();
+        
+        // 用户不再能访问该文档
+        expect($user->can('view', $document))->toBeFalse();
+    });
+
+    test('用户属于多个分组时可以访问所有分组的专用文档', function () {
+        $group1 = Group::factory()->create();
+        $group2 = Group::factory()->create();
+        $user = User::factory()->create();
+        
+        $user->groups()->attach([$group1->id, $group2->id]);
+        
+        $document1 = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => $group1->id,
+        ]);
+        
+        $document2 = Document::factory()->create([
+            'type' => 'dedicated',
+            'group_id' => $group2->id,
+        ]);
+        
+        expect($user->can('view', $document1))->toBeTrue();
+        expect($user->can('view', $document2))->toBeTrue();
+    });
+});