mirror of
https://gitee.com/zoujingli/ThinkAdmin.git
synced 2026-06-07 12:38:11 +08:00
e7a8c05556
将 v8 重构分支中残留的 ThinkAdminDeveloper 文本统一调整为 ThinkAdmin,避免迁移到主仓库后继续暴露旧开发仓库名称。 主要内容: - 更新 README 标题与项目描述。 - 统一 PHP 文件头注释中的项目标识。 - 同步调整测试、配置、插件与文档中的旧仓库名称文本。 - 保持旧包删除说明与架构边界测试语义不变,只清理品牌名称残留。
116 lines
4.6 KiB
PHP
116 lines
4.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
/**
|
|
* +----------------------------------------------------------------------
|
|
* | ThinkAdmin Plugin
|
|
* +----------------------------------------------------------------------
|
|
* | Copyright (c) 2014~2026 ThinkAdmin [ thinkadmin.top ]
|
|
* +----------------------------------------------------------------------
|
|
* | Official Website: https://thinkadmin.top
|
|
* +----------------------------------------------------------------------
|
|
* | Licensed: https://mit-license.org
|
|
* | Disclaimer: https://thinkadmin.top/disclaimer
|
|
* | Vip Rights: https://thinkadmin.top/vip-introduce
|
|
* +----------------------------------------------------------------------
|
|
* | Gitee Repository: https://gitee.com/zoujingli/ThinkAdmin
|
|
* | Github Repository: https://github.com/zoujingli/ThinkAdmin
|
|
* +----------------------------------------------------------------------
|
|
*/
|
|
|
|
namespace plugin\system\tests;
|
|
|
|
use plugin\system\middleware\RbacAccess;
|
|
use plugin\system\service\AuthService;
|
|
use think\admin\runtime\RequestContext;
|
|
use think\admin\service\AuthResponse;
|
|
use think\admin\tests\Support\SqliteIntegrationTestCase;
|
|
use think\exception\HttpResponseException;
|
|
use think\Request;
|
|
use think\Response;
|
|
|
|
/**
|
|
* @internal
|
|
* @coversNothing
|
|
*/
|
|
class RbacAccessTest extends SqliteIntegrationTestCase
|
|
{
|
|
protected function defineSchema(): void {}
|
|
|
|
public function testHandleReturnsUnauthorizedResponseWhenAuthMissing(): void
|
|
{
|
|
AuthService::registerCheckCallable(static fn ($current, $methods, $userNodes): bool => false);
|
|
$response = $this->callMiddleware();
|
|
$payload = json_decode($response->getContent(), true) ?: [];
|
|
|
|
$this->assertSame(200, $response->getCode());
|
|
$this->assertSame(AuthResponse::STATUS_UNAUTHORIZED, intval($payload['code'] ?? 0));
|
|
$this->assertSame(AuthResponse::ERROR_UNAUTHORIZED, $payload['error'] ?? '');
|
|
$this->assertSame('请重新登录!', $payload['info'] ?? '');
|
|
$this->assertNotEmpty($payload['url'] ?? '');
|
|
}
|
|
|
|
public function testHandleReturnsForbiddenResponseWhenLoginHasNoPermission(): void
|
|
{
|
|
RequestContext::instance()->setAuth([
|
|
'id' => 1,
|
|
'username' => 'tester',
|
|
'nodes' => [],
|
|
], 'system-token', true);
|
|
AuthService::registerCheckCallable(static fn ($current, $methods, $userNodes): bool => false);
|
|
|
|
$response = $this->callMiddleware();
|
|
$payload = json_decode($response->getContent(), true) ?: [];
|
|
|
|
$this->assertSame(200, $response->getCode());
|
|
$this->assertSame(AuthResponse::STATUS_FORBIDDEN, intval($payload['code'] ?? 0));
|
|
$this->assertSame(AuthResponse::ERROR_FORBIDDEN, $payload['error'] ?? '');
|
|
$this->assertSame('禁用访问!', $payload['info'] ?? '');
|
|
$this->assertArrayNotHasKey('url', $payload);
|
|
}
|
|
|
|
public function testHandleUsesRecordedAuthFailureStatus(): void
|
|
{
|
|
AuthService::registerCheckCallable(static fn ($current, $methods, $userNodes): bool => false);
|
|
|
|
$response = $this->callMiddleware(function (): void {
|
|
RequestContext::instance()->clearAuth(true);
|
|
RequestContext::instance()->setAuthFailure(
|
|
AuthResponse::STATUS_FORBIDDEN,
|
|
'账号已经被禁用,请联系管理员!',
|
|
AuthResponse::ERROR_FORBIDDEN
|
|
);
|
|
});
|
|
$payload = json_decode($response->getContent(), true) ?: [];
|
|
|
|
$this->assertSame(200, $response->getCode());
|
|
$this->assertSame(AuthResponse::STATUS_FORBIDDEN, intval($payload['code'] ?? 0));
|
|
$this->assertSame(AuthResponse::ERROR_FORBIDDEN, $payload['error'] ?? '');
|
|
$this->assertSame('账号已经被禁用,请联系管理员!', $payload['info'] ?? '');
|
|
$this->assertArrayNotHasKey('url', $payload);
|
|
}
|
|
|
|
private function callMiddleware(?callable $beforeHandle = null): Response
|
|
{
|
|
$request = (new Request())
|
|
->setController('index')
|
|
->setAction('index');
|
|
|
|
$this->activateApplicationContext($request);
|
|
$this->app->config->set([
|
|
'rbac_ignore' => [],
|
|
'rbac_login' => 'system/login/index',
|
|
], 'app');
|
|
sysvar('think.admin.methods', []);
|
|
is_callable($beforeHandle) && $beforeHandle();
|
|
|
|
$middleware = new RbacAccess($this->app);
|
|
|
|
try {
|
|
return $middleware->handle($request, static fn (Request $current): Response => Response::create($current->pathinfo() ?: 'ok'));
|
|
} catch (HttpResponseException $exception) {
|
|
return $exception->getResponse();
|
|
}
|
|
}
|
|
}
|