refactor: kb & station & terminal
This commit is contained in:
@@ -1,81 +1,40 @@
|
||||
<?php
|
||||
|
||||
use App\Models\Document;
|
||||
use App\Models\Group;
|
||||
use App\Models\User;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
describe('DocumentPolicy', function () {
|
||||
|
||||
test('viewAny 允许所有已认证用户查看文档列表', function () {
|
||||
|
||||
test('viewAny 允许有权限的用户查看文档列表', function () {
|
||||
$user = User::factory()->create();
|
||||
|
||||
|
||||
expect($user->can('viewAny', Document::class))->toBeTrue();
|
||||
});
|
||||
|
||||
test('view 允许所有用户查看全局文档', function () {
|
||||
test('view 允许有权限的用户查看文档', function () {
|
||||
$user = User::factory()->create();
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'global',
|
||||
'group_id' => null,
|
||||
]);
|
||||
|
||||
$document = Document::factory()->create();
|
||||
|
||||
expect($user->can('view', $document))->toBeTrue();
|
||||
});
|
||||
|
||||
test('view 允许分组成员查看该分组的专用文档', function () {
|
||||
$group = Group::factory()->create();
|
||||
test('create 允许有权限的用户创建文档', function () {
|
||||
$user = User::factory()->create();
|
||||
$user->groups()->attach($group);
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => $group->id,
|
||||
]);
|
||||
|
||||
expect($user->can('view', $document))->toBeTrue();
|
||||
});
|
||||
|
||||
test('view 拒绝非分组成员查看专用文档', function () {
|
||||
$group = Group::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
// 用户不属于该分组
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => $group->id,
|
||||
]);
|
||||
|
||||
expect($user->can('view', $document))->toBeFalse();
|
||||
});
|
||||
|
||||
test('view 拒绝访问没有分组的专用文档', function () {
|
||||
$user = User::factory()->create();
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => null,
|
||||
]);
|
||||
|
||||
expect($user->can('view', $document))->toBeFalse();
|
||||
});
|
||||
|
||||
test('create 允许所有已认证用户创建文档', function () {
|
||||
$user = User::factory()->create();
|
||||
|
||||
expect($user->can('create', Document::class))->toBeTrue();
|
||||
});
|
||||
|
||||
test('update 只允许文档上传者更新文档', function () {
|
||||
$uploader = User::factory()->create();
|
||||
$otherUser = User::factory()->create();
|
||||
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'uploaded_by' => $uploader->id,
|
||||
]);
|
||||
|
||||
|
||||
expect($uploader->can('update', $document))->toBeTrue();
|
||||
expect($otherUser->can('update', $document))->toBeFalse();
|
||||
});
|
||||
@@ -83,92 +42,19 @@ describe('DocumentPolicy', function () {
|
||||
test('delete 只允许文档上传者删除文档', function () {
|
||||
$uploader = User::factory()->create();
|
||||
$otherUser = User::factory()->create();
|
||||
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'uploaded_by' => $uploader->id,
|
||||
]);
|
||||
|
||||
|
||||
expect($uploader->can('delete', $document))->toBeTrue();
|
||||
expect($otherUser->can('delete', $document))->toBeFalse();
|
||||
});
|
||||
|
||||
test('download 允许所有用户下载全局文档', function () {
|
||||
test('download 允许有权限的用户下载文档', function () {
|
||||
$user = User::factory()->create();
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'global',
|
||||
'group_id' => null,
|
||||
]);
|
||||
|
||||
$document = Document::factory()->create();
|
||||
|
||||
expect($user->can('download', $document))->toBeTrue();
|
||||
});
|
||||
|
||||
test('download 允许分组成员下载该分组的专用文档', function () {
|
||||
$group = Group::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
$user->groups()->attach($group);
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => $group->id,
|
||||
]);
|
||||
|
||||
expect($user->can('download', $document))->toBeTrue();
|
||||
});
|
||||
|
||||
test('download 拒绝非分组成员下载专用文档', function () {
|
||||
$group = Group::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
// 用户不属于该分组
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => $group->id,
|
||||
]);
|
||||
|
||||
expect($user->can('download', $document))->toBeFalse();
|
||||
});
|
||||
|
||||
test('用户从分组移除后失去访问权限', function () {
|
||||
$group = Group::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
$user->groups()->attach($group);
|
||||
|
||||
$document = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => $group->id,
|
||||
]);
|
||||
|
||||
// 用户在分组中时可以访问
|
||||
expect($user->can('view', $document))->toBeTrue();
|
||||
|
||||
// 从分组中移除用户
|
||||
$user->groups()->detach($group);
|
||||
|
||||
// 刷新用户关系
|
||||
$user->refresh();
|
||||
|
||||
// 用户不再能访问该文档
|
||||
expect($user->can('view', $document))->toBeFalse();
|
||||
});
|
||||
|
||||
test('用户属于多个分组时可以访问所有分组的专用文档', function () {
|
||||
$group1 = Group::factory()->create();
|
||||
$group2 = Group::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
$user->groups()->attach([$group1->id, $group2->id]);
|
||||
|
||||
$document1 = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => $group1->id,
|
||||
]);
|
||||
|
||||
$document2 = Document::factory()->create([
|
||||
'type' => 'dedicated',
|
||||
'group_id' => $group2->id,
|
||||
]);
|
||||
|
||||
expect($user->can('view', $document1))->toBeTrue();
|
||||
expect($user->can('view', $document2))->toBeTrue();
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user