feat: permissions CRUD browser integration + E2E enhancements

Backend: - permission_handler: 完善权限 CRUD 接口（列表/创建/更新/删除） - auth_handler: 修复认证处理逻辑 - router: 新增权限管理路由 - handler_test: 新增权限 handler 测试覆盖 Frontend: - permissions.ts/test.ts: 权限服务层完整实现 - profile/settings/service_tests: 服务适配器修正 - client.ts: HTTP 客户端健壮性增强 - vite.config.js: 构建配置优化 - E2E 脚本: run-playwright-cdp-e2e 大幅增强（权限流程覆盖） Docs: - REAL_PROJECT_STATUS: 状态更新 - PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善 - plans/2026-04-23: 权限浏览器 CRUD 设计方案验证: go build 0错误
2026-04-24 07:30:18 +08:00
parent 3f3bb82f1d
commit 9b1cea246e
25 changed files with 1868 additions and 133 deletions
--- a/internal/api/handler/handler_test.go
+++ b/internal/api/handler/handler_test.go
@@ -549,6 +549,14 @@ func TestAuthHandler_GetAuthCapabilities(t *testing.T) {
 	if result["code"] != float64(0) {
 		t.Errorf("expected code 0, got %v", result["code"])
 	}
+
+	data, ok := result["data"].(map[string]interface{})
+	if !ok {
+		t.Fatalf("expected capabilities data, got %s", body)
+	}
+	if data["password_reset"] != true {
+		t.Fatalf("expected password_reset=true, got %v in %s", data["password_reset"], body)
+	}
 }

 func TestAuthHandler_Login_WithTOTPEnabled_ReturnsChallengeToken(t *testing.T) {
@@ -1005,6 +1013,119 @@ func TestRoleHandler_GetRole_RequiresAdmin(t *testing.T) {
 	}
 }

+// =============================================================================
+// Permission Handler Tests
+// =============================================================================
+
+func TestPermissionHandler_CreatePermission_AcceptsMenuTypeZero(t *testing.T) {
+	server, cleanup := setupHandlerTestServer(t)
+	defer cleanup()
+
+	t.Setenv("BOOTSTRAP_SECRET", "handler-bootstrap-secret")
+	token := bootstrapAdmin(server.URL, "handler-bootstrap-secret", "permcreate", "permcreate@test.com", "AdminPass123!")
+	if token == "" {
+		t.Fatal("expected bootstrap admin token")
+	}
+
+	createResp, createBody := doPost(server.URL+"/api/v1/permissions", token, map[string]interface{}{
+		"name": "Permission Create Menu Test",
+		"code": "permission:create:menu:test",
+		"type": 0,
+		"path": "/permissions/create-menu-test",
+		"sort": 0,
+	})
+	defer createResp.Body.Close()
+
+	if createResp.StatusCode != http.StatusCreated {
+		t.Fatalf("expected create status %d, got %d, body: %s", http.StatusCreated, createResp.StatusCode, createBody)
+	}
+
+	var createResult map[string]interface{}
+	if err := json.Unmarshal([]byte(createBody), &createResult); err != nil {
+		t.Fatalf("failed to parse create response: %v", err)
+	}
+
+	data, ok := createResult["data"].(map[string]interface{})
+	if !ok {
+		t.Fatalf("expected permission data in create response, got %s", createBody)
+	}
+
+	if data["type"] != float64(0) {
+		t.Fatalf("expected menu permission type 0, got %v in %s", data["type"], createBody)
+	}
+}
+
+func TestPermissionHandler_UpdatePermissionStatus_AcceptsNumericStatusPayload(t *testing.T) {
+	server, cleanup := setupHandlerTestServer(t)
+	defer cleanup()
+
+	t.Setenv("BOOTSTRAP_SECRET", "handler-bootstrap-secret")
+	token := bootstrapAdmin(server.URL, "handler-bootstrap-secret", "permadmin", "permadmin@test.com", "AdminPass123!")
+	if token == "" {
+		t.Fatal("expected bootstrap admin token")
+	}
+
+	createResp, createBody := doPost(server.URL+"/api/v1/permissions", token, map[string]interface{}{
+		"name": "Permission Status Test",
+		"code": "permission:status:test",
+		"type": 2,
+		"path": "/permissions/status-test",
+		"sort": 0,
+	})
+	defer createResp.Body.Close()
+
+	if createResp.StatusCode != http.StatusCreated {
+		t.Fatalf("expected create status %d, got %d, body: %s", http.StatusCreated, createResp.StatusCode, createBody)
+	}
+
+	var createResult map[string]interface{}
+	if err := json.Unmarshal([]byte(createBody), &createResult); err != nil {
+		t.Fatalf("failed to parse create response: %v", err)
+	}
+
+	data, ok := createResult["data"].(map[string]interface{})
+	if !ok {
+		t.Fatalf("expected permission data in create response, got %s", createBody)
+	}
+
+	permissionID, ok := data["id"].(float64)
+	if !ok {
+		t.Fatalf("expected numeric permission id in create response, got %s", createBody)
+	}
+
+	updateResp, updateBody := doPut(
+		fmt.Sprintf("%s/api/v1/permissions/%d/status", server.URL, int(permissionID)),
+		token,
+		map[string]interface{}{"status": 0},
+	)
+	defer updateResp.Body.Close()
+
+	if updateResp.StatusCode != http.StatusOK {
+		t.Fatalf("expected update status %d, got %d, body: %s", http.StatusOK, updateResp.StatusCode, updateBody)
+	}
+
+	getResp, getBody := doGet(fmt.Sprintf("%s/api/v1/permissions/%d", server.URL, int(permissionID)), token)
+	defer getResp.Body.Close()
+
+	if getResp.StatusCode != http.StatusOK {
+		t.Fatalf("expected get status %d, got %d, body: %s", http.StatusOK, getResp.StatusCode, getBody)
+	}
+
+	var getResult map[string]interface{}
+	if err := json.Unmarshal([]byte(getBody), &getResult); err != nil {
+		t.Fatalf("failed to parse get response: %v", err)
+	}
+
+	getData, ok := getResult["data"].(map[string]interface{})
+	if !ok {
+		t.Fatalf("expected permission data in get response, got %s", getBody)
+	}
+
+	if getData["status"] != float64(0) {
+		t.Fatalf("expected permission status 0 after update, got %v in %s", getData["status"], getBody)
+	}
+}
+
 // =============================================================================
 // Theme Handler Tests
 // =============================================================================