feat(P1/P2): 完成TDD开发及P1/P2设计文档

## 设计文档 - multi_role_permission_design: 多角色权限设计 (CONDITIONAL GO) - audit_log_enhancement_design: 审计日志增强 (CONDITIONAL GO) - routing_strategy_template_design: 路由策略模板 (CONDITIONAL GO) - sso_saml_technical_research: SSO/SAML调研 (CONDITIONAL GO) - compliance_capability_package_design: 合规能力包设计 (CONDITIONAL GO) ## TDD开发成果 - IAM模块: supply-api/internal/iam/ (111个测试) - 审计日志模块: supply-api/internal/audit/ (40+测试) - 路由策略模块: gateway/internal/router/ (33+测试) - 合规能力包: gateway/internal/compliance/ + scripts/ci/compliance/ ## 规范文档 - parallel_agent_output_quality_standards: 并行Agent产出质量规范 - project_experience_summary: 项目经验总结 (v2) - 2026-04-02-p1-p2-tdd-execution-plan: TDD执行计划 ## 评审报告 - 5个CONDITIONAL GO设计文档评审报告 - fix_verification_report: 修复验证报告 - full_verification_report: 全面质量验证报告 - tdd_module_quality_verification: TDD模块质量验证 - tdd_execution_summary: TDD执行总结依据: Superpowers执行框架 + TDD规范
2026-04-02 23:35:53 +08:00
parent ed0961d486
commit 89104bd0db
94 changed files with 24738 additions and 5 deletions
--- a/supply-api/internal/iam/model/user_role_test.go
+++ b/supply-api/internal/iam/model/user_role_test.go
@@ -0,0 +1,254 @@
+package model
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TestUserRoleMapping_AssignRole 测试分配角色
+func TestUserRoleMapping_AssignRole(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+	tenantID := int64(1)
+
+	// act
+	userRole := NewUserRoleMapping(userID, roleID, tenantID)
+
+	// assert
+	assert.Equal(t, userID, userRole.UserID)
+	assert.Equal(t, roleID, userRole.RoleID)
+	assert.Equal(t, tenantID, userRole.TenantID)
+	assert.True(t, userRole.IsActive)
+	assert.NotEmpty(t, userRole.RequestID)
+	assert.Equal(t, 1, userRole.Version)
+}
+
+// TestUserRoleMapping_HasRole 测试用户是否拥有角色
+func TestUserRoleMapping_HasRole(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	role := NewRole("org_admin", "组织管理员", RoleTypePlatform, 50)
+	role.ID = 1
+
+	// act
+	userRole := NewUserRoleMapping(userID, role.ID, 0) // 0 表示全局角色
+
+	// assert
+	assert.True(t, userRole.HasRole(role.ID))
+	assert.False(t, userRole.HasRole(999)) // 不存在的角色ID
+}
+
+// TestUserRoleMapping_GlobalRole 测试全局角色（tenantID为0）
+func TestUserRoleMapping_GlobalRole(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+
+	// act - 全局角色
+	userRole := NewUserRoleMapping(userID, roleID, 0)
+
+	// assert
+	assert.Equal(t, int64(0), userRole.TenantID)
+	assert.True(t, userRole.IsGlobalRole())
+}
+
+// TestUserRoleMapping_TenantRole 测试租户角色
+func TestUserRoleMapping_TenantRole(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+	tenantID := int64(123)
+
+	// act
+	userRole := NewUserRoleMapping(userID, roleID, tenantID)
+
+	// assert
+	assert.Equal(t, tenantID, userRole.TenantID)
+	assert.False(t, userRole.IsGlobalRole())
+}
+
+// TestUserRoleMapping_WithGrantInfo 测试带授权信息的分配
+func TestUserRoleMapping_WithGrantInfo(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+	tenantID := int64(1)
+	grantedBy := int64(1)
+	expiresAt := time.Now().Add(24 * time.Hour)
+
+	// act
+	userRole := NewUserRoleMappingWithGrant(userID, roleID, tenantID, grantedBy, &expiresAt)
+
+	// assert
+	assert.Equal(t, userID, userRole.UserID)
+	assert.Equal(t, roleID, userRole.RoleID)
+	assert.Equal(t, grantedBy, userRole.GrantedBy)
+	assert.NotNil(t, userRole.ExpiresAt)
+	assert.NotNil(t, userRole.GrantedAt)
+}
+
+// TestUserRoleMapping_Expired 测试过期角色
+func TestUserRoleMapping_Expired(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+	expiresAt := time.Now().Add(-1 * time.Hour) // 已过期
+
+	// act
+	userRole := NewUserRoleMappingWithGrant(userID, roleID, 0, 1, &expiresAt)
+
+	// assert
+	assert.True(t, userRole.IsExpired())
+}
+
+// TestUserRoleMapping_NotExpired 测试未过期角色
+func TestUserRoleMapping_NotExpired(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+	expiresAt := time.Now().Add(24 * time.Hour) // 未过期
+
+	// act
+	userRole := NewUserRoleMappingWithGrant(userID, roleID, 0, 1, &expiresAt)
+
+	// assert
+	assert.False(t, userRole.IsExpired())
+}
+
+// TestUserRoleMapping_NoExpiration 测试永不过期角色
+func TestUserRoleMapping_NoExpiration(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+
+	// act
+	userRole := NewUserRoleMapping(userID, roleID, 0)
+
+	// assert
+	assert.Nil(t, userRole.ExpiresAt)
+	assert.False(t, userRole.IsExpired())
+}
+
+// TestUserRoleMapping_Revoke 测试撤销角色
+func TestUserRoleMapping_Revoke(t *testing.T) {
+	// arrange
+	userRole := NewUserRoleMapping(100, 1, 0)
+
+	// act
+	userRole.Revoke()
+
+	// assert
+	assert.False(t, userRole.IsActive)
+}
+
+// TestUserRoleMapping_Grant 测试重新授予角色
+func TestUserRoleMapping_Grant(t *testing.T) {
+	// arrange
+	userRole := NewUserRoleMapping(100, 1, 0)
+	userRole.Revoke()
+
+	// act
+	userRole.Grant()
+
+	// assert
+	assert.True(t, userRole.IsActive)
+}
+
+// TestUserRoleMapping_IncrementVersion 测试版本号递增
+func TestUserRoleMapping_IncrementVersion(t *testing.T) {
+	// arrange
+	userRole := NewUserRoleMapping(100, 1, 0)
+	originalVersion := userRole.Version
+
+	// act
+	userRole.IncrementVersion()
+
+	// assert
+	assert.Equal(t, originalVersion+1, userRole.Version)
+}
+
+// TestUserRoleMapping_Valid 测试有效角色
+func TestUserRoleMapping_Valid(t *testing.T) {
+	// arrange - 活跃且未过期的角色
+	userRole := NewUserRoleMapping(100, 1, 0)
+	expiresAt := time.Now().Add(24 * time.Hour)
+	userRole.ExpiresAt = &expiresAt
+
+	// act & assert
+	assert.True(t, userRole.IsValid())
+}
+
+// TestUserRoleMapping_InvalidInactive 测试无效角色 - 未激活
+func TestUserRoleMapping_InvalidInactive(t *testing.T) {
+	// arrange
+	userRole := NewUserRoleMapping(100, 1, 0)
+	userRole.Revoke()
+
+	// assert
+	assert.False(t, userRole.IsValid())
+}
+
+// TestUserRoleMapping_Valid_ExpiredButActive 测试过期但激活的角色
+func TestUserRoleMapping_Valid_ExpiredButActive(t *testing.T) {
+	// arrange - 已过期但仍然激活的角色（应该无效）
+	userRole := NewUserRoleMapping(100, 1, 0)
+	expiresAt := time.Now().Add(-1 * time.Hour)
+	userRole.ExpiresAt = &expiresAt
+
+	// assert - 即使IsActive为true，过期角色也应该无效
+	assert.False(t, userRole.IsValid())
+}
+
+// TestUserRoleMapping_UniqueConstraint 测试唯一性约束
+func TestUserRoleMapping_UniqueConstraint(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+	tenantID := int64(0) // 全局角色
+
+	// act
+	userRole1 := NewUserRoleMapping(userID, roleID, tenantID)
+	userRole2 := NewUserRoleMapping(userID, roleID, tenantID)
+
+	// assert - 同一个用户、角色、租户组合应该唯一
+	assert.Equal(t, userRole1.UserID, userRole2.UserID)
+	assert.Equal(t, userRole1.RoleID, userRole2.RoleID)
+	assert.Equal(t, userRole1.TenantID, userRole2.TenantID)
+}
+
+// TestUserRoleMapping_DifferentTenants 测试不同租户可以有相同角色
+func TestUserRoleMapping_DifferentTenants(t *testing.T) {
+	// arrange
+	userID := int64(100)
+	roleID := int64(1)
+	tenantID1 := int64(1)
+	tenantID2 := int64(2)
+
+	// act
+	userRole1 := NewUserRoleMapping(userID, roleID, tenantID1)
+	userRole2 := NewUserRoleMapping(userID, roleID, tenantID2)
+
+	// assert - 不同租户的角色分配互不影响
+	assert.Equal(t, tenantID1, userRole1.TenantID)
+	assert.Equal(t, tenantID2, userRole2.TenantID)
+	assert.NotEqual(t, userRole1.TenantID, userRole2.TenantID)
+}
+
+// TestUserRoleMappingInfo_ToInfo 测试转换为UserRoleMappingInfo
+func TestUserRoleMappingInfo_ToInfo(t *testing.T) {
+	// arrange
+	userRole := NewUserRoleMapping(100, 1, 0)
+	userRole.ID = 1
+
+	// act
+	info := userRole.ToInfo()
+
+	// assert
+	assert.Equal(t, int64(100), info.UserID)
+	assert.Equal(t, int64(1), info.RoleID)
+	assert.Equal(t, int64(0), info.TenantID)
+	assert.True(t, info.IsActive)
+}