feat(P1/P2): 完成TDD开发及P1/P2设计文档

## 设计文档 - multi_role_permission_design: 多角色权限设计 (CONDITIONAL GO) - audit_log_enhancement_design: 审计日志增强 (CONDITIONAL GO) - routing_strategy_template_design: 路由策略模板 (CONDITIONAL GO) - sso_saml_technical_research: SSO/SAML调研 (CONDITIONAL GO) - compliance_capability_package_design: 合规能力包设计 (CONDITIONAL GO) ## TDD开发成果 - IAM模块: supply-api/internal/iam/ (111个测试) - 审计日志模块: supply-api/internal/audit/ (40+测试) - 路由策略模块: gateway/internal/router/ (33+测试) - 合规能力包: gateway/internal/compliance/ + scripts/ci/compliance/ ## 规范文档 - parallel_agent_output_quality_standards: 并行Agent产出质量规范 - project_experience_summary: 项目经验总结 (v2) - 2026-04-02-p1-p2-tdd-execution-plan: TDD执行计划 ## 评审报告 - 5个CONDITIONAL GO设计文档评审报告 - fix_verification_report: 修复验证报告 - full_verification_report: 全面质量验证报告 - tdd_module_quality_verification: TDD模块质量验证 - tdd_execution_summary: TDD执行总结依据: Superpowers执行框架 + TDD规范
2026-04-02 23:35:53 +08:00
parent ed0961d486
commit 89104bd0db
94 changed files with 24738 additions and 5 deletions
--- a/supply-api/internal/iam/model/role_scope_test.go
+++ b/supply-api/internal/iam/model/role_scope_test.go
@@ -0,0 +1,157 @@
+package model
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TestRoleScopeMapping_GrantScope 测试授予Scope
+func TestRoleScopeMapping_GrantScope(t *testing.T) {
+	// arrange
+	role := NewRole("operator", "运维人员", RoleTypePlatform, 30)
+	role.ID = 1
+	scope1 := NewScope("platform:read", "读取平台配置", ScopeTypePlatform)
+	scope1.ID = 1
+	scope2 := NewScope("platform:write", "修改平台配置", ScopeTypePlatform)
+	scope2.ID = 2
+
+	// act
+	roleScopeMapping := NewRoleScopeMapping(role.ID, scope1.ID)
+	roleScopeMapping2 := NewRoleScopeMapping(role.ID, scope2.ID)
+
+	// assert
+	assert.Equal(t, role.ID, roleScopeMapping.RoleID)
+	assert.Equal(t, scope1.ID, roleScopeMapping.ScopeID)
+	assert.NotEmpty(t, roleScopeMapping.RequestID)
+	assert.Equal(t, 1, roleScopeMapping.Version)
+
+	assert.Equal(t, role.ID, roleScopeMapping2.RoleID)
+	assert.Equal(t, scope2.ID, roleScopeMapping2.ScopeID)
+}
+
+// TestRoleScopeMapping_RevokeScope 测试撤销Scope
+func TestRoleScopeMapping_RevokeScope(t *testing.T) {
+	// arrange
+	role := NewRole("viewer", "查看者", RoleTypePlatform, 10)
+	role.ID = 1
+	scope := NewScope("platform:read", "读取平台配置", ScopeTypePlatform)
+	scope.ID = 1
+
+	// act
+	roleScopeMapping := NewRoleScopeMapping(role.ID, scope.ID)
+	roleScopeMapping.Revoke()
+
+	// assert
+	assert.False(t, roleScopeMapping.IsActive, "revoked mapping should be inactive")
+}
+
+// TestRoleScopeMapping_WithAudit 测试带审计字段的映射
+func TestRoleScopeMapping_WithAudit(t *testing.T) {
+	// arrange
+	roleID := int64(1)
+	scopeID := int64(2)
+	requestID := "req-role-scope-123"
+	createdIP := "192.168.1.100"
+
+	// act
+	mapping := NewRoleScopeMappingWithAudit(roleID, scopeID, requestID, createdIP)
+
+	// assert
+	assert.Equal(t, roleID, mapping.RoleID)
+	assert.Equal(t, scopeID, mapping.ScopeID)
+	assert.Equal(t, requestID, mapping.RequestID)
+	assert.Equal(t, createdIP, mapping.CreatedIP)
+	assert.True(t, mapping.IsActive)
+}
+
+// TestRoleScopeMapping_IncrementVersion 测试版本号递增
+func TestRoleScopeMapping_IncrementVersion(t *testing.T) {
+	// arrange
+	mapping := NewRoleScopeMapping(1, 1)
+	originalVersion := mapping.Version
+
+	// act
+	mapping.IncrementVersion()
+
+	// assert
+	assert.Equal(t, originalVersion+1, mapping.Version)
+}
+
+// TestRoleScopeMapping_IsActive 测试活跃状态
+func TestRoleScopeMapping_IsActive(t *testing.T) {
+	// arrange
+	mapping := NewRoleScopeMapping(1, 1)
+
+	// assert - 默认应该激活
+	assert.True(t, mapping.IsActive)
+}
+
+// TestRoleScopeMapping_UniqueConstraint 测试唯一性（同一个角色和Scope组合）
+func TestRoleScopeMapping_UniqueConstraint(t *testing.T) {
+	// arrange
+	roleID := int64(1)
+	scopeID := int64(1)
+
+	// act
+	mapping1 := NewRoleScopeMapping(roleID, scopeID)
+	mapping2 := NewRoleScopeMapping(roleID, scopeID)
+
+	// assert - 两个映射应该有相同的 RoleID 和 ScopeID（代表唯一约束）
+	assert.Equal(t, mapping1.RoleID, mapping2.RoleID)
+	assert.Equal(t, mapping1.ScopeID, mapping2.ScopeID)
+}
+
+// TestRoleScopeMapping_GrantScopeList 测试批量授予Scope
+func TestRoleScopeMapping_GrantScopeList(t *testing.T) {
+	// arrange
+	roleID := int64(1)
+	scopeIDs := []int64{1, 2, 3, 4, 5}
+
+	// act
+	mappings := GrantScopeList(roleID, scopeIDs)
+
+	// assert
+	assert.Len(t, mappings, len(scopeIDs))
+	for i, scopeID := range scopeIDs {
+		assert.Equal(t, roleID, mappings[i].RoleID)
+		assert.Equal(t, scopeID, mappings[i].ScopeID)
+		assert.True(t, mappings[i].IsActive)
+	}
+}
+
+// TestRoleScopeMapping_RevokeAll 测试撤销所有Scope（针对某个角色）
+func TestRoleScopeMapping_RevokeAll(t *testing.T) {
+	// arrange
+	roleID := int64(1)
+	scopeIDs := []int64{1, 2, 3}
+	mappings := GrantScopeList(roleID, scopeIDs)
+
+	// act
+	RevokeAll(mappings)
+
+	// assert
+	for _, mapping := range mappings {
+		assert.False(t, mapping.IsActive, "all mappings should be revoked")
+	}
+}
+
+// TestRoleScopeMapping_GetActiveScopes 测试获取活跃的Scope列表
+func TestRoleScopeMapping_GetActiveScopes(t *testing.T) {
+	// arrange
+	roleID := int64(1)
+	scopeIDs := []int64{1, 2, 3}
+	mappings := GrantScopeList(roleID, scopeIDs)
+
+	// 撤销中间的Scope
+	mappings[1].Revoke()
+
+	// act
+	activeScopes := GetActiveScopeIDs(mappings)
+
+	// assert
+	assert.Len(t, activeScopes, 2)
+	assert.Contains(t, activeScopes, int64(1))
+	assert.Contains(t, activeScopes, int64(3))
+	assert.NotContains(t, activeScopes, int64(2))
+}