package user import ( "context" "database/sql" "errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "perms-system-server/internal/consts" "perms-system-server/internal/loaders" "perms-system-server/internal/middleware" memberModel "perms-system-server/internal/model/productmember" userModel "perms-system-server/internal/model/user" "perms-system-server/internal/model/userrole" "perms-system-server/internal/response" "perms-system-server/internal/svc" "perms-system-server/internal/testutil" "perms-system-server/internal/testutil/ctxhelper" "perms-system-server/internal/types" "testing" "time" ) func TestUserDetail_Success(t *testing.T) { ctx := ctxhelper.SuperAdminCtx() svcCtx := svc.NewServiceContext(testutil.GetTestConfig()) conn := testutil.GetTestSqlConn() username := testutil.UniqueId() userId := insertTestUser(t, ctx, username, testutil.HashPassword("pass")) // 插入两条"当前产品"下的真实 sys_role 以及一条属于其它产品的 sys_role, // 用户同时绑定这三个角色。超管在 test_product 上下文下应当只看到前两个。 roleInCurrent1 := insertTestRole(t, svcCtx, "test_product", 1) roleInCurrent2 := insertTestRole(t, svcCtx, "test_product", 1) roleInOther := insertTestRole(t, svcCtx, "other_product", 1) now := time.Now().Unix() var roleRecordIds []int64 for _, roleId := range []int64{roleInCurrent1, roleInCurrent2, roleInOther} { res, err := svcCtx.SysUserRoleModel.Insert(ctx, &userrole.SysUserRole{ UserId: userId, RoleId: roleId, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() roleRecordIds = append(roleRecordIds, id) } t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user_role`", roleRecordIds...) testutil.CleanTable(ctx, conn, "`sys_role`", roleInCurrent1, roleInCurrent2, roleInOther) testutil.CleanTable(ctx, conn, "`sys_user`", userId) }) logic := NewUserDetailLogic(ctx, svcCtx) resp, err := logic.UserDetail(&types.UserDetailReq{Id: userId}) require.NoError(t, err) require.NotNil(t, resp) assert.Equal(t, userId, resp.Id) assert.Equal(t, username, resp.Username) // 修复后:超管在产品上下文里只看到 test_product 的角色;other_product 的角色不应返回 assert.ElementsMatch(t, []int64{roleInCurrent1, roleInCurrent2}, resp.RoleIds) assert.NotContains(t, resp.RoleIds, roleInOther, "超管在具体产品上下文不应返回其它产品的 roleIds") } // TC-0182: 正常查询-含Avatar func TestUserDetail_WithAvatar(t *testing.T) { ctx := ctxhelper.SuperAdminCtx() svcCtx := svc.NewServiceContext(testutil.GetTestConfig()) conn := testutil.GetTestSqlConn() userId := insertTestUserFull(t, ctx, &userModel.SysUser{ Username: testutil.UniqueId(), Password: testutil.HashPassword("pass"), Nickname: "avatar_user", Avatar: sql.NullString{String: "https://example.com/avatar.png", Valid: true}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, }) t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", userId) }) logic := NewUserDetailLogic(ctx, svcCtx) resp, err := logic.UserDetail(&types.UserDetailReq{Id: userId}) require.NoError(t, err) require.NotNil(t, resp) assert.Equal(t, "https://example.com/avatar.png", resp.Avatar) } // TC-0183: 不存在 func TestUserDetail_NotFound(t *testing.T) { ctx := ctxhelper.SuperAdminCtx() svcCtx := svc.NewServiceContext(testutil.GetTestConfig()) logic := NewUserDetailLogic(ctx, svcCtx) _, err := logic.UserDetail(&types.UserDetailReq{Id: 999999999}) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 404, codeErr.Code()) assert.Equal(t, "用户不存在", codeErr.Error()) } func insertH1Member(t *testing.T, ctx context.Context, svcCtx *svc.ServiceContext, productCode string, u *userModel.SysUser) (int64, int64) { t.Helper() id := insertTestUserFull(t, ctx, u) now := time.Now().Unix() res, err := svcCtx.SysProductMemberModel.Insert(ctx, &memberModel.SysProductMember{ ProductCode: productCode, UserId: id, MemberType: consts.MemberTypeMember, Status: 1, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) mId, _ := res.LastInsertId() return id, mId } // TC-0991: 业务契约——看自己时 Email/Phone/Remark 原样返回。 // 背景:PII 契约已由业务侧固定为"所有调用者(含同产品 MEMBER)原样返回联系信息", // 故不存在脱敏短路;本用例作为回归守卫,防止未来有人误加"同级脱敏"把 self-view 一起打了。 func TestUserDetail_H1_ViewSelf_KeepsPII(t *testing.T) { ctx := context.Background() svcCtx := svc.NewServiceContext(testutil.GetTestConfig()) conn := testutil.GetTestSqlConn() productCode := "h1_self_" + testutil.UniqueId() selfId, mSelf := insertH1Member(t, ctx, svcCtx, productCode, &userModel.SysUser{ Username: "self_" + testutil.UniqueId(), Password: testutil.HashPassword("pw"), Nickname: "self", Email: "self@example.com", Phone: "13900002222", Remark: "self-only note", IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, DeptId: 1, }) t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_product_member`", mSelf) testutil.CleanTable(ctx, conn, "`sys_user`", selfId) }) selfCtx := middleware.WithUserDetails(context.Background(), &loaders.UserDetails{ UserId: selfId, Username: "self", MemberType: consts.MemberTypeMember, Status: 1, ProductCode: productCode, DeptId: 1, DeptPath: "/1/", MinPermsLevel: 100, }) resp, err := NewUserDetailLogic(selfCtx, svcCtx).UserDetail(&types.UserDetailReq{Id: selfId}) require.NoError(t, err) assert.Equal(t, "self@example.com", resp.Email, "看自己必须返回 Email 原值") assert.Equal(t, "13900002222", resp.Phone, "看自己必须返回 Phone 原值") assert.Equal(t, "self-only note", resp.Remark, "看自己必须返回 Remark 原值") } // TC-0992: 超管分支 —— SuperAdmin 看任何用户必须拿到 Email/Phone/Remark 原值。 // 若未来有人加脱敏逻辑却漏写 IsSuperAdmin 豁免,本用例立刻炸。 func TestUserDetail_H1_SuperAdmin_KeepsPII(t *testing.T) { ctx := ctxhelper.SuperAdminCtx() svcCtx := svc.NewServiceContext(testutil.GetTestConfig()) conn := testutil.GetTestSqlConn() userId := insertTestUserFull(t, ctx, &userModel.SysUser{ Username: "sa_view_" + testutil.UniqueId(), Password: testutil.HashPassword("pw"), Nickname: "n", Email: "x@y.com", Phone: "13700000000", Remark: "nb", IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, }) t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", userId) }) resp, err := NewUserDetailLogic(ctx, svcCtx).UserDetail(&types.UserDetailReq{Id: userId}) require.NoError(t, err) assert.Equal(t, "x@y.com", resp.Email) assert.Equal(t, "13700000000", resp.Phone) assert.Equal(t, "nb", resp.Remark) }