create(); expect($user->can('viewAny', Document::class))->toBeTrue(); }); test('view 允许所有用户查看全局文档', function () { $user = User::factory()->create(); $document = Document::factory()->create([ 'type' => 'global', 'group_id' => null, ]); expect($user->can('view', $document))->toBeTrue(); }); test('view 允许分组成员查看该分组的专用文档', function () { $group = Group::factory()->create(); $user = User::factory()->create(); $user->groups()->attach($group); $document = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => $group->id, ]); expect($user->can('view', $document))->toBeTrue(); }); test('view 拒绝非分组成员查看专用文档', function () { $group = Group::factory()->create(); $user = User::factory()->create(); // 用户不属于该分组 $document = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => $group->id, ]); expect($user->can('view', $document))->toBeFalse(); }); test('view 拒绝访问没有分组的专用文档', function () { $user = User::factory()->create(); $document = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => null, ]); expect($user->can('view', $document))->toBeFalse(); }); test('create 允许所有已认证用户创建文档', function () { $user = User::factory()->create(); expect($user->can('create', Document::class))->toBeTrue(); }); test('update 只允许文档上传者更新文档', function () { $uploader = User::factory()->create(); $otherUser = User::factory()->create(); $document = Document::factory()->create([ 'uploaded_by' => $uploader->id, ]); expect($uploader->can('update', $document))->toBeTrue(); expect($otherUser->can('update', $document))->toBeFalse(); }); test('delete 只允许文档上传者删除文档', function () { $uploader = User::factory()->create(); $otherUser = User::factory()->create(); $document = Document::factory()->create([ 'uploaded_by' => $uploader->id, ]); expect($uploader->can('delete', $document))->toBeTrue(); expect($otherUser->can('delete', $document))->toBeFalse(); }); test('download 允许所有用户下载全局文档', function () { $user = User::factory()->create(); $document = Document::factory()->create([ 'type' => 'global', 'group_id' => null, ]); expect($user->can('download', $document))->toBeTrue(); }); test('download 允许分组成员下载该分组的专用文档', function () { $group = Group::factory()->create(); $user = User::factory()->create(); $user->groups()->attach($group); $document = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => $group->id, ]); expect($user->can('download', $document))->toBeTrue(); }); test('download 拒绝非分组成员下载专用文档', function () { $group = Group::factory()->create(); $user = User::factory()->create(); // 用户不属于该分组 $document = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => $group->id, ]); expect($user->can('download', $document))->toBeFalse(); }); test('用户从分组移除后失去访问权限', function () { $group = Group::factory()->create(); $user = User::factory()->create(); $user->groups()->attach($group); $document = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => $group->id, ]); // 用户在分组中时可以访问 expect($user->can('view', $document))->toBeTrue(); // 从分组中移除用户 $user->groups()->detach($group); // 刷新用户关系 $user->refresh(); // 用户不再能访问该文档 expect($user->can('view', $document))->toBeFalse(); }); test('用户属于多个分组时可以访问所有分组的专用文档', function () { $group1 = Group::factory()->create(); $group2 = Group::factory()->create(); $user = User::factory()->create(); $user->groups()->attach([$group1->id, $group2->id]); $document1 = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => $group1->id, ]); $document2 = Document::factory()->create([ 'type' => 'dedicated', 'group_id' => $group2->id, ]); expect($user->can('view', $document1))->toBeTrue(); expect($user->can('view', $document2))->toBeTrue(); }); });