增加rbac文件类,用于用户权限认证测试使用
This commit is contained in:
parent
1cf799c51b
commit
42b62500e4
62
src/test/testRBAC.lua
Normal file
62
src/test/testRBAC.lua
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
--- Generated by EmmyLua(https://github.com/EmmyLua)
|
||||||
|
--- Created by admin.
|
||||||
|
--- DateTime: 2025/11/3 11:38
|
||||||
|
---
|
||||||
|
|
||||||
|
local rbac = require("util.rbac")
|
||||||
|
|
||||||
|
-- 创建RBAC实例
|
||||||
|
local permission_system = rbac.new()
|
||||||
|
|
||||||
|
-- 定义权限
|
||||||
|
permission_system:add_permission("read_users", "/users", "GET")
|
||||||
|
permission_system:add_permission("create_users", "/users", "POST")
|
||||||
|
permission_system:add_permission("delete_users", "/users", "DELETE")
|
||||||
|
permission_system:add_permission("admin_panel", "/admin", "GET")
|
||||||
|
|
||||||
|
-- 定义角色
|
||||||
|
permission_system:add_role("guest", {"read_users"})
|
||||||
|
permission_system:add_role("user_manager", {"read_users", "create_users"})
|
||||||
|
permission_system:add_role("super_admin", {"read_users", "create_users", "delete_users", "admin_panel"})
|
||||||
|
|
||||||
|
-- 分配角色给用户
|
||||||
|
permission_system:assign_role("user001", "guest")
|
||||||
|
permission_system:assign_role("user002", "user_manager")
|
||||||
|
permission_system:assign_role("admin001", "super_admin")
|
||||||
|
|
||||||
|
-- 测试权限验证
|
||||||
|
print("=== RBAC权限验证测试 ===")
|
||||||
|
|
||||||
|
-- 测试用户001(guest角色)
|
||||||
|
local test_cases = {
|
||||||
|
{user_id = "user001", resource = "/users", action = "GET", expected = true},
|
||||||
|
{user_id = "user001", resource = "/users", action = "POST", expected = false},
|
||||||
|
{user_id = "user001", resource = "/admin", action = "GET", expected = false},
|
||||||
|
|
||||||
|
{user_id = "user002", resource = "/users", action = "GET", expected = true},
|
||||||
|
{user_id = "user002", resource = "/users", action = "POST", expected = true},
|
||||||
|
{user_id = "user002", resource = "/admin", action = "GET", expected = false},
|
||||||
|
|
||||||
|
{user_id = "admin001", resource = "/users", action = "GET", expected = true},
|
||||||
|
{user_id = "admin001", resource = "/users", action = "DELETE", expected = true},
|
||||||
|
{user_id = "admin001", resource = "/admin", action = "GET", expected = true}
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test in ipairs(test_cases) do
|
||||||
|
local result = permission_system:check_permission(test.user_id, test.resource, test.action)
|
||||||
|
local status = result == test.expected and "✓ 通过" or "✗ 失败"
|
||||||
|
print(string.format("%s 用户:%s 资源:%s 方法:%s 结果:%s",
|
||||||
|
status, test.user_id, test.resource, test.action, tostring(result)))
|
||||||
|
end
|
||||||
|
|
||||||
|
-- 显示用户权限列表
|
||||||
|
print("\n=== 用户权限列表 ===")
|
||||||
|
local users = {"user001", "user002", "admin001"}
|
||||||
|
for _, user_id in ipairs(users) do
|
||||||
|
local permissions = permission_system:get_user_permissions(user_id)
|
||||||
|
print(string.format("用户 %s 的权限:", user_id))
|
||||||
|
for _, perm in ipairs(permissions) do
|
||||||
|
print(string.format(" - %s %s", perm.action, perm.resource))
|
||||||
|
end
|
||||||
|
end
|
||||||
78
src/util/rbac.lua
Normal file
78
src/util/rbac.lua
Normal file
|
|
@ -0,0 +1,78 @@
|
||||||
|
---
|
||||||
|
--- Generated by EmmyLua(https://github.com/EmmyLua)
|
||||||
|
--- Created by admin.
|
||||||
|
--- DateTime: 2025/11/3 11:31
|
||||||
|
---
|
||||||
|
|
||||||
|
local RBAC = {}
|
||||||
|
RBAC.__index = RBAC
|
||||||
|
|
||||||
|
-- RBAC模型初始化
|
||||||
|
function RBAC.new()
|
||||||
|
local self = setmetatable({}, RBAC)
|
||||||
|
self.users = {} -- 用户表: {user_id = {roles = {role1, role2}}}
|
||||||
|
self.roles = {} -- 角色表: {role_name = {permissions = {perm1, perm2}}}
|
||||||
|
self.permissions = {} -- 权限表: {perm_name = {resource = "", action = ""}}
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
|
-- 添加权限
|
||||||
|
function RBAC:add_permission(perm_name, resource, action)
|
||||||
|
self.permissions[perm_name] = {
|
||||||
|
resource = resource,
|
||||||
|
action = action
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
-- 添加角色并分配权限
|
||||||
|
function RBAC:add_role(role_name, permissions)
|
||||||
|
self.roles[role_name] = {
|
||||||
|
permissions = permissions or {}
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
-- 分配角色给用户
|
||||||
|
function RBAC:assign_role(user_id, role_name)
|
||||||
|
if not self.users[user_id] then
|
||||||
|
self.users[user_id] = {roles = {}}
|
||||||
|
end
|
||||||
|
table.insert(self.users[user_id].roles, role_name)
|
||||||
|
end
|
||||||
|
|
||||||
|
-- 检查用户权限
|
||||||
|
function RBAC:check_permission(user_id, resource, action)
|
||||||
|
local user = self.users[user_id]
|
||||||
|
if not user then return false end
|
||||||
|
|
||||||
|
for _, role_name in ipairs(user.roles) do
|
||||||
|
local role = self.roles[role_name]
|
||||||
|
if role then
|
||||||
|
for _, perm_name in ipairs(role.permissions) do
|
||||||
|
local permission = self.permissions[perm_name]
|
||||||
|
if permission and permission.resource == resource and permission.action == action then
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
-- 获取用户所有权限
|
||||||
|
function RBAC:get_user_permissions(user_id)
|
||||||
|
local user_permissions = {}
|
||||||
|
local user = self.users[user_id]
|
||||||
|
if not user then return user_permissions end
|
||||||
|
|
||||||
|
for _, role_name in ipairs(user.roles) do
|
||||||
|
local role = self.roles[role_name]
|
||||||
|
if role then
|
||||||
|
for _, perm_name in ipairs(role.permissions) do
|
||||||
|
table.insert(user_permissions, self.permissions[perm_name])
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return user_permissions
|
||||||
|
end
|
||||||
|
|
||||||
|
return RBAC
|
||||||
Loading…
Reference in New Issue
Block a user