Commit 11028c812d4d162cbb3e8854b4d173e550ae4a67
1 parent
318287d8
feat(usr): 新增用户 Controller 与管理员权限前置 REQ-USR-001
Showing
2 changed files
with
147 additions
and
0 deletions
backend/src/main/java/com/xly/erp/modules/usr/controller/UsrUserController.java
0 → 100644
| 1 | +package com.xly.erp.modules.usr.controller; | |
| 2 | + | |
| 3 | +import com.xly.erp.common.exception.BusinessException; | |
| 4 | +import com.xly.erp.common.response.Result; | |
| 5 | +import com.xly.erp.common.response.ResultCode; | |
| 6 | +import com.xly.erp.common.security.SecurityUtil; | |
| 7 | +import com.xly.erp.modules.usr.dto.CreateUserDTO; | |
| 8 | +import com.xly.erp.modules.usr.service.UsrUserService; | |
| 9 | +import jakarta.validation.Valid; | |
| 10 | +import java.util.Map; | |
| 11 | +import org.springframework.web.bind.annotation.PostMapping; | |
| 12 | +import org.springframework.web.bind.annotation.RequestBody; | |
| 13 | +import org.springframework.web.bind.annotation.RequestMapping; | |
| 14 | +import org.springframework.web.bind.annotation.RestController; | |
| 15 | + | |
| 16 | +/** | |
| 17 | + * 用户管理 Controller(docs/04 § 1.2 / docs/05 REQ-USR-001)。 | |
| 18 | + * | |
| 19 | + * <p>仅做参数校验 + 管理员权限前置 + 委派 Service,不写业务逻辑、不直接调 Mapper。</p> | |
| 20 | + */ | |
| 21 | +@RestController | |
| 22 | +@RequestMapping("/api/usr") | |
| 23 | +public class UsrUserController { | |
| 24 | + | |
| 25 | + /** 管理员判定口径(spec § 8 D2)。 */ | |
| 26 | + private static final String ADMIN_USER_TYPE = "超级管理员"; | |
| 27 | + | |
| 28 | + private final UsrUserService usrUserService; | |
| 29 | + | |
| 30 | + public UsrUserController(UsrUserService usrUserService) { | |
| 31 | + this.usrUserService = usrUserService; | |
| 32 | + } | |
| 33 | + | |
| 34 | + /** | |
| 35 | + * 新增用户:仅超级管理员可调用(spec § 3.9,先于业务校验)。 | |
| 36 | + */ | |
| 37 | + @PostMapping("/users") | |
| 38 | + public Result<Map<String, Object>> createUser(@Valid @RequestBody CreateUserDTO dto) { | |
| 39 | + if (!ADMIN_USER_TYPE.equals(SecurityUtil.currentUserType())) { | |
| 40 | + throw new BusinessException(ResultCode.FORBIDDEN); | |
| 41 | + } | |
| 42 | + Integer newId = usrUserService.createUser(dto); | |
| 43 | + return Result.success(Map.of("id", newId)); | |
| 44 | + } | |
| 45 | +} | ... | ... |
backend/src/test/java/com/xly/erp/modules/usr/controller/UsrUserControllerTest.java
0 → 100644
| 1 | +package com.xly.erp.modules.usr.controller; | |
| 2 | + | |
| 3 | +import static org.mockito.ArgumentMatchers.any; | |
| 4 | +import static org.mockito.Mockito.never; | |
| 5 | +import static org.mockito.Mockito.verify; | |
| 6 | +import static org.mockito.Mockito.when; | |
| 7 | +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; | |
| 8 | +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | |
| 9 | +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | |
| 10 | + | |
| 11 | +import com.fasterxml.jackson.databind.ObjectMapper; | |
| 12 | +import com.xly.erp.common.exception.GlobalExceptionHandler; | |
| 13 | +import com.xly.erp.common.security.SecurityUtil; | |
| 14 | +import com.xly.erp.modules.usr.dto.CreateUserDTO; | |
| 15 | +import com.xly.erp.modules.usr.service.UsrUserService; | |
| 16 | +import org.junit.jupiter.api.AfterEach; | |
| 17 | +import org.junit.jupiter.api.BeforeEach; | |
| 18 | +import org.junit.jupiter.api.Test; | |
| 19 | +import org.mockito.MockedStatic; | |
| 20 | +import org.mockito.Mockito; | |
| 21 | +import org.springframework.test.web.servlet.MockMvc; | |
| 22 | +import org.springframework.test.web.servlet.setup.MockMvcBuilders; | |
| 23 | + | |
| 24 | +/** | |
| 25 | + * REQ-USR-001 T7:UsrUserController 与管理员权限前置。 | |
| 26 | + * | |
| 27 | + * <p>采用 MockMvc standaloneSetup 做 Controller 层单元测试(不加载 Spring 上下文, | |
| 28 | + * 避免 @MapperScan / Security 全量装配的切片摩擦),挂上真实 {@link GlobalExceptionHandler} | |
| 29 | + * 以验证 @Valid 失败转 40001、BusinessException 转 40301;UsrUserService 用 Mockito mock, | |
| 30 | + * 管理员判定通过 mock SecurityUtil 静态方法注入。</p> | |
| 31 | + */ | |
| 32 | +class UsrUserControllerTest { | |
| 33 | + | |
| 34 | + private final ObjectMapper objectMapper = new ObjectMapper(); | |
| 35 | + private final UsrUserService usrUserService = Mockito.mock(UsrUserService.class); | |
| 36 | + private MockMvc mockMvc; | |
| 37 | + private MockedStatic<SecurityUtil> securityUtilMock; | |
| 38 | + | |
| 39 | + @BeforeEach | |
| 40 | + void setUp() { | |
| 41 | + UsrUserController controller = new UsrUserController(usrUserService); | |
| 42 | + mockMvc = MockMvcBuilders.standaloneSetup(controller) | |
| 43 | + .setControllerAdvice(new GlobalExceptionHandler()) | |
| 44 | + .build(); | |
| 45 | + securityUtilMock = Mockito.mockStatic(SecurityUtil.class); | |
| 46 | + } | |
| 47 | + | |
| 48 | + @AfterEach | |
| 49 | + void tearDown() { | |
| 50 | + securityUtilMock.close(); | |
| 51 | + } | |
| 52 | + | |
| 53 | + private String validBody() throws Exception { | |
| 54 | + CreateUserDTO dto = new CreateUserDTO(); | |
| 55 | + dto.setSUserName("good_user"); | |
| 56 | + dto.setSLanguage("中文"); | |
| 57 | + return objectMapper.writeValueAsString(dto); | |
| 58 | + } | |
| 59 | + | |
| 60 | + @Test | |
| 61 | + void adminCreateReturnsCodeZeroWithId() throws Exception { | |
| 62 | + securityUtilMock.when(SecurityUtil::currentUserType).thenReturn("超级管理员"); | |
| 63 | + when(usrUserService.createUser(any(CreateUserDTO.class))).thenReturn(101); | |
| 64 | + | |
| 65 | + mockMvc.perform(post("/api/usr/users") | |
| 66 | + .contentType("application/json") | |
| 67 | + .content(validBody())) | |
| 68 | + .andExpect(status().isOk()) | |
| 69 | + .andExpect(jsonPath("$.code").value(0)) | |
| 70 | + .andExpect(jsonPath("$.data.id").value(101)) | |
| 71 | + .andExpect(jsonPath("$.data.sPassword").doesNotExist()) | |
| 72 | + .andExpect(jsonPath("$.data.password").doesNotExist()); | |
| 73 | + } | |
| 74 | + | |
| 75 | + @Test | |
| 76 | + void nonAdminReturns40301() throws Exception { | |
| 77 | + securityUtilMock.when(SecurityUtil::currentUserType).thenReturn("普通用户"); | |
| 78 | + | |
| 79 | + mockMvc.perform(post("/api/usr/users") | |
| 80 | + .contentType("application/json") | |
| 81 | + .content(validBody())) | |
| 82 | + .andExpect(status().isOk()) | |
| 83 | + .andExpect(jsonPath("$.code").value(40301)); | |
| 84 | + verify(usrUserService, never()).createUser(any(CreateUserDTO.class)); | |
| 85 | + } | |
| 86 | + | |
| 87 | + @Test | |
| 88 | + void invalidBodyReturns40001() throws Exception { | |
| 89 | + securityUtilMock.when(SecurityUtil::currentUserType).thenReturn("超级管理员"); | |
| 90 | + CreateUserDTO dto = new CreateUserDTO(); | |
| 91 | + dto.setSUserName("ab"); | |
| 92 | + dto.setSLanguage("中文"); | |
| 93 | + String body = objectMapper.writeValueAsString(dto); | |
| 94 | + | |
| 95 | + mockMvc.perform(post("/api/usr/users") | |
| 96 | + .contentType("application/json") | |
| 97 | + .content(body)) | |
| 98 | + .andExpect(status().isOk()) | |
| 99 | + .andExpect(jsonPath("$.code").value(40001)); | |
| 100 | + verify(usrUserService, never()).createUser(any(CreateUserDTO.class)); | |
| 101 | + } | |
| 102 | +} | ... | ... |