mini-starter/packages/user-module-mt/tests/integration/role.integration.test.ts

import { describe, it, expect, beforeAll, beforeEach, afterEach } from 'vitest';
import { DataSource } from 'typeorm';
import { RoleServiceMt } from '../../src/services/role.service.mt';
import { RoleMt } from '../../src/entities/role.entity';
import { AppDataSource, initializeDataSource } from '@d8d/shared-utils';

// 确保测试环境变量被设置
process.env.NODE_ENV = 'test';

describe('角色集成测试', () => {
  let dataSource: DataSource;
  let roleService: RoleServiceMt;

  beforeAll(() => {
    // 使用预先配置的数据源
    initializeDataSource([RoleMt])
    dataSource = AppDataSource;
  })

  beforeEach(async () => {
    if (!dataSource.isInitialized) {
      await dataSource.initialize();
    }
    roleService = new RoleServiceMt(dataSource);
  });

  afterEach(async () => {
    if (dataSource.isInitialized) {
      await dataSource.destroy();
    }
  });

  describe('角色CRUD操作', () => {
    it('应该创建并检索角色', async () => {
      // Create role
      const roleData = {
        name: 'admin',
        description: 'Administrator role',
        permissions: ['user:create', 'user:delete', 'role:manage'],
        tenantId: 1
      };

      const createdRole = await roleService.create(roleData);

      expect(createdRole.id).toBeDefined();
      expect(createdRole.name).toBe(roleData.name);
      expect(createdRole.description).toBe(roleData.description);
      expect(createdRole.permissions).toEqual(roleData.permissions);

      // Retrieve role
      const retrievedRole = await roleService.getById(createdRole.id);
      expect(retrievedRole).toBeDefined();
      expect(retrievedRole?.name).toBe(roleData.name);
    });

    it('应该更新角色信息', async () => {
      // Create role first
      const roleData = {
        name: 'updaterole',
        description: 'Role to be updated',
        permissions: ['user:read'],
        tenantId: 1
      };

      const createdRole = await roleService.create(roleData);

      // Update role
      const updateData = {
        description: 'Updated role description',
        permissions: ['user:read', 'user:update']
      };

      const updatedRole = await roleService.update(createdRole.id, updateData);

      expect(updatedRole).toBeDefined();
      expect(updatedRole?.description).toBe(updateData.description);
      expect(updatedRole?.permissions).toEqual(updateData.permissions);
    });

    it('应该删除角色', async () => {
      // Create role first
      const roleData = {
        name: 'deleterole',
        description: 'Role to be deleted',
        permissions: ['user:read'],
        tenantId: 1
      };

      const createdRole = await roleService.create(roleData);

      // Delete role
      const deleteResult = await roleService.delete(createdRole.id);
      expect(deleteResult).toBe(true);

      // Verify role is deleted
      const retrievedRole = await roleService.getById(createdRole.id);
      expect(retrievedRole).toBeNull();
    });

    it('应该根据角色名获取角色', async () => {
      const roleData = {
        name: 'specificrole',
        description: 'Specific role for testing',
        permissions: ['user:read'],
        tenantId: 1
      };

      await roleService.create(roleData);

      const foundRole = await roleService.getRoleByName('specificrole');
      expect(foundRole).toBeDefined();
      expect(foundRole?.name).toBe('specificrole');
    });
  });

  describe('角色列表操作', () => {
    it('应该获取分页角色列表', async () => {
      // Create multiple roles
      const rolesData = [
        { name: 'role1', description: 'Role 1', permissions: ['user:read'], tenantId: 1 },
        { name: 'role2', description: 'Role 2', permissions: ['user:read'], tenantId: 1 },
        { name: 'role3', description: 'Role 3', permissions: ['user:read'], tenantId: 1 }
      ];

      for (const roleData of rolesData) {
        await roleService.create(roleData);
      }

      const [roles, total] = await roleService.getList(1, 10);

      expect(total).toBe(3);
      expect(roles).toHaveLength(3);
      expect(roles.map(r => r.name)).toEqual(
        expect.arrayContaining(['role1', 'role2', 'role3'])
      );
    });

    it('应该根据角色名搜索角色', async () => {
      // Create roles with different names
      await roleService.create({ name: 'admin', description: 'Admin role', permissions: ['user:create'], tenantId: 1 });
      await roleService.create({ name: 'user', description: 'User role', permissions: ['user:read'], tenantId: 1 });
      await roleService.create({ name: 'moderator', description: 'Moderator role', permissions: ['user:update'], tenantId: 1 });

      const [adminRoles] = await roleService.getList(1, 10, 'admin', ['name']);
      expect(adminRoles).toHaveLength(1);
      expect(adminRoles[0].name).toBe('admin');

      const [userRoles] = await roleService.getList(1, 10, 'user', ['name']);
      expect(userRoles).toHaveLength(1);
      expect(userRoles[0].name).toBe('user');
    });
  });

  describe('权限检查', () => {
    it('应该检查角色是否拥有权限', async () => {
      const roleData = {
        name: 'permissionrole',
        description: 'Role with specific permissions',
        permissions: ['user:create', 'user:read', 'user:update'],
        tenantId: 1
      };

      const role = await roleService.create(roleData);

      // Check existing permissions
      expect(await roleService.hasPermission(role.id, 'user:create')).toBe(true);
      expect(await roleService.hasPermission(role.id, 'user:read')).toBe(true);
      expect(await roleService.hasPermission(role.id, 'user:update')).toBe(true);

      // Check non-existing permission
      expect(await roleService.hasPermission(role.id, 'user:delete')).toBe(false);
    });

    it('应该对不存在的角色返回false', async () => {
      const hasPermission = await roleService.hasPermission(999, 'user:create');
      expect(hasPermission).toBe(false);
    });
  });

  describe('角色验证', () => {
    it('应该允许不同租户使用相同的角色名', async () => {
      const roleData1 = {
        name: 'same_name',
        description: 'Role in tenant 1',
        permissions: ['user:read'],
        tenantId: 1
      };

      const roleData2 = {
        name: 'same_name',
        description: 'Role in tenant 2',
        permissions: ['user:read'],
        tenantId: 2
      };

      // Create role in tenant 1
      const role1 = await roleService.create(roleData1);
      expect(role1).toBeDefined();
      expect(role1.tenantId).toBe(1);

      // Create role with same name in tenant 2 (should work in multi-tenant)
      const role2 = await roleService.create(roleData2);
      expect(role2).toBeDefined();
      expect(role2.tenantId).toBe(2);
    });

    it('应该要求至少一个权限', async () => {
      const roleData = {
        name: 'nopermission',
        description: 'Role without permissions',
        permissions: [],
        tenantId: 1
      };

      // This should work as TypeORM handles empty arrays
      const role = await roleService.create(roleData);
      expect(role.permissions).toEqual([]);
    });
  });

  describe('租户隔离测试', () => {
    let tenant1Role: RoleMt;
    let tenant2Role: RoleMt;

    beforeEach(async () => {
      // 创建租户1的角色
      tenant1Role = await roleService.create({
        name: 'tenant1_role',
        description: 'Role for tenant 1',
        permissions: ['user:read', 'user:create'],
        tenantId: 1
      });

      // 创建租户2的角色
      tenant2Role = await roleService.create({
        name: 'tenant2_role',
        description: 'Role for tenant 2',
        permissions: ['user:read', 'user:update'],
        tenantId: 2
      });

      // 手动设置租户上下文，因为autoExtractFromContext功能尚未实现
      (roleService as any)._tenantId = undefined;
    });

    it('应该只返回当前租户的角色列表', async () => {
      // 测试租户1的角色列表
      const [roles1, total1] = await roleService.getList(1, 10, undefined, undefined, { tenantId: 1 });
      expect(total1).toBe(1);
      expect(roles1).toHaveLength(1);
      expect(roles1[0].tenantId).toBe(1);
      expect(roles1[0].name).toBe('tenant1_role');

      // 测试租户2的角色列表
      const [roles2, total2] = await roleService.getList(1, 10, undefined, undefined, { tenantId: 2 });
      expect(total2).toBe(1);
      expect(roles2).toHaveLength(1);
      expect(roles2[0].tenantId).toBe(2);
      expect(roles2[0].name).toBe('tenant2_role');
    });

    it('应该正确过滤跨租户的角色详情访问', async () => {
      // 租户1应该能访问自己的角色
      const role1 = await roleService.getById(tenant1Role.id, [], { tenantId: 1 });
      expect(role1).toBeDefined();
      expect(role1?.tenantId).toBe(1);

      // 租户1不应该能访问租户2的角色
      const role2FromTenant1 = await roleService.getById(tenant2Role.id, [], { tenantId: 1 });
      expect(role2FromTenant1).toBeNull();

      // 租户2应该能访问自己的角色
      const role2 = await roleService.getById(tenant2Role.id, [], { tenantId: 2 });
      expect(role2).toBeDefined();
      expect(role2?.tenantId).toBe(2);

      // 租户2不应该能访问租户1的角色
      const role1FromTenant2 = await roleService.getById(tenant1Role.id, [], { tenantId: 2 });
      expect(role1FromTenant2).toBeNull();
    });

    it('应该拒绝跨租户的角色更新', async () => {
      const updateData = {
        description: '尝试跨租户更新',
        permissions: ['user:delete']
      };

      // 租户1尝试更新租户2的角色 - 应该返回null
      const updatedRole = await roleService.update(tenant2Role.id, updateData, { tenantId: 1 });
      expect(updatedRole).toBeNull();

      // 验证租户2的角色没有被修改
      const originalRole = await roleService.getById(tenant2Role.id, [], { tenantId: 2 });
      expect(originalRole?.description).toBe('Role for tenant 2');
      expect(originalRole?.permissions).toEqual(['user:read', 'user:update']);
    });

    it('应该拒绝跨租户的角色删除', async () => {
      // 租户1尝试删除租户2的角色 - 应该返回false
      const deleteResult = await roleService.delete(tenant2Role.id, { tenantId: 1 });
      expect(deleteResult).toBe(false);

      // 验证租户2的角色仍然存在
      const roleStillExists = await roleService.getById(tenant2Role.id, [], { tenantId: 2 });
      expect(roleStillExists).toBeDefined();
    });

    it('应该只在当前租户内搜索角色', async () => {
      // 在租户1中搜索
      const [roles1] = await roleService.getList(1, 10, 'role', ['name'], { tenantId: 1 });
      expect(roles1).toHaveLength(1);
      expect(roles1[0].name).toBe('tenant1_role');

      // 在租户2中搜索
      const [roles2] = await roleService.getList(1, 10, 'role', ['name'], { tenantId: 2 });
      expect(roles2).toHaveLength(1);
      expect(roles2[0].name).toBe('tenant2_role');
    });

    it('应该根据租户ID正确获取角色名', async () => {
      // 租户1应该能找到自己的角色
      const role1 = await roleService.getRoleByName('tenant1_role', 1);
      expect(role1).toBeDefined();
      expect(role1?.tenantId).toBe(1);

      // 租户1不应该找到租户2的角色
      const role2FromTenant1 = await roleService.getRoleByName('tenant2_role', 1);
      expect(role2FromTenant1).toBeNull();

      // 租户2应该能找到自己的角色
      const role2 = await roleService.getRoleByName('tenant2_role', 2);
      expect(role2).toBeDefined();
      expect(role2?.tenantId).toBe(2);

      // 租户2不应该找到租户1的角色
      const role1FromTenant2 = await roleService.getRoleByName('tenant1_role', 2);
      expect(role1FromTenant2).toBeNull();
    });

    it('应该正确检查跨租户的权限', async () => {
      // 租户1应该能检查自己角色的权限
      const hasPermission1 = await roleService.hasPermission(tenant1Role.id, 'user:read', 1);
      expect(hasPermission1).toBe(true);

      // 租户1不应该能检查租户2角色的权限
      const hasPermission2 = await roleService.hasPermission(tenant2Role.id, 'user:read', 1);
      expect(hasPermission2).toBe(false);

      // 租户2应该能检查自己角色的权限
      const hasPermission3 = await roleService.hasPermission(tenant2Role.id, 'user:read', 2);
      expect(hasPermission3).toBe(true);

      // 租户2不应该能检查租户1角色的权限
      const hasPermission4 = await roleService.hasPermission(tenant1Role.id, 'user:read', 2);
      expect(hasPermission4).toBe(false);
    });
  });
});