|
|
@@ -537,5 +537,50 @@ describe('共享CRUD数据权限控制集成测试', () => {
|
|
|
expect(data.userId).toBe(testUser2.id);
|
|
|
}
|
|
|
});
|
|
|
+
|
|
|
+ it('当不传递dataPermission配置时应该允许跨用户访问', async () => {
|
|
|
+ // 创建不传递数据权限控制的路由
|
|
|
+ const noPermissionRoutes = createCrudRoutes({
|
|
|
+ entity: TestEntity,
|
|
|
+ createSchema: createTestSchema,
|
|
|
+ updateSchema: updateTestSchema,
|
|
|
+ getSchema: getTestSchema,
|
|
|
+ listSchema: listTestSchema,
|
|
|
+ middleware: [mockAuthMiddleware]
|
|
|
+ // 不传递 dataPermission 配置
|
|
|
+ });
|
|
|
+
|
|
|
+ const noPermissionClient = testClient(noPermissionRoutes);
|
|
|
+
|
|
|
+ // 创建属于用户2的数据
|
|
|
+ const dataSource = await IntegrationTestDatabase.getDataSource();
|
|
|
+ const testRepository = dataSource.getRepository(TestEntity);
|
|
|
+ const testData = testRepository.create({
|
|
|
+ name: '用户2的数据(无权限配置)',
|
|
|
+ userId: testUser2.id
|
|
|
+ });
|
|
|
+ await testRepository.save(testData);
|
|
|
+
|
|
|
+ // 用户1应该能够访问用户2的数据(没有权限控制配置)
|
|
|
+ console.debug('测试数据ID(无权限配置):', testData.id);
|
|
|
+
|
|
|
+ const response = await noPermissionClient[':id'].$get({
|
|
|
+ param: { id: testData.id }
|
|
|
+ }, {
|
|
|
+ headers: {
|
|
|
+ 'Authorization': `Bearer ${testToken1}`
|
|
|
+ }
|
|
|
+ });
|
|
|
+
|
|
|
+ console.debug('无权限配置时的响应状态:', response.status);
|
|
|
+
|
|
|
+ expect(response.status).toBe(200);
|
|
|
+
|
|
|
+ if (response.status === 200) {
|
|
|
+ const data = await response.json();
|
|
|
+ expect(data.id).toBe(testData.id);
|
|
|
+ expect(data.userId).toBe(testUser2.id);
|
|
|
+ }
|
|
|
+ });
|
|
|
});
|
|
|
});
|
yourname