---
--- Generated by EmmyLua(https://github.com/EmmyLua)
--- Created by admin.
--- DateTime: 2025/11/3 11:38
---

local rbac = require("util.rbac")

-- 创建RBAC实例
local permission_system = rbac.new()

-- 定义权限
permission_system:add_permission("read_users", "/users", "GET")
permission_system:add_permission("create_users", "/users", "POST")
permission_system:add_permission("delete_users", "/users", "DELETE")
permission_system:add_permission("admin_panel", "/admin", "GET")

-- 定义角色
permission_system:add_role("guest", {"read_users"})
permission_system:add_role("user_manager", {"read_users", "create_users"})
permission_system:add_role("super_admin", {"read_users", "create_users", "delete_users", "admin_panel"})

-- 分配角色给用户
permission_system:assign_role("user001", "guest")
permission_system:assign_role("user002", "user_manager")
permission_system:assign_role("admin001", "super_admin")

-- 测试权限验证
print("=== RBAC权限验证测试 ===")

-- 测试用户001（guest角色）
local test_cases = {
    {user_id = "user001", resource = "/users", action = "GET", expected = true},
    {user_id = "user001", resource = "/users", action = "POST", expected = false},
    {user_id = "user001", resource = "/admin", action = "GET", expected = false},

    {user_id = "user002", resource = "/users", action = "GET", expected = true},
    {user_id = "user002", resource = "/users", action = "POST", expected = true},
    {user_id = "user002", resource = "/admin", action = "GET", expected = false},

    {user_id = "admin001", resource = "/users", action = "GET", expected = true},
    {user_id = "admin001", resource = "/users", action = "DELETE", expected = true},
    {user_id = "admin001", resource = "/admin", action = "GET", expected = true}
}

for _, test in ipairs(test_cases) do
    local result = permission_system:check_permission(test.user_id, test.resource, test.action)
    local status = result == test.expected and "✓ 通过" or "✗ 失败"
    print(string.format("%s 用户:%s 资源:%s 方法:%s 结果:%s",
            status, test.user_id, test.resource, test.action, tostring(result)))
end

-- 显示用户权限列表
print("\n=== 用户权限列表 ===")
local users = {"user001", "user002", "admin001"}
for _, user_id in ipairs(users) do
    local permissions = permission_system:get_user_permissions(user_id)
    print(string.format("用户 %s 的权限:", user_id))
    for _, perm in ipairs(permissions) do
        print(string.format("  - %s %s", perm.action, perm.resource))
    end
end