2025-11-03 11:43:40 +08:00
|
|
|
|
---
|
|
|
|
|
|
--- Generated by EmmyLua(https://github.com/EmmyLua)
|
|
|
|
|
|
--- Created by admin.
|
|
|
|
|
|
--- DateTime: 2025/11/3 11:38
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
local rbac = require("util.rbac")
|
|
|
|
|
|
|
|
|
|
|
|
-- 创建RBAC实例
|
|
|
|
|
|
local permission_system = rbac.new()
|
|
|
|
|
|
|
|
|
|
|
|
-- 定义权限
|
|
|
|
|
|
permission_system:add_permission("read_users", "/users", "GET")
|
|
|
|
|
|
permission_system:add_permission("create_users", "/users", "POST")
|
|
|
|
|
|
permission_system:add_permission("delete_users", "/users", "DELETE")
|
|
|
|
|
|
permission_system:add_permission("admin_panel", "/admin", "GET")
|
|
|
|
|
|
|
|
|
|
|
|
-- 定义角色
|
|
|
|
|
|
permission_system:add_role("guest", {"read_users"})
|
|
|
|
|
|
permission_system:add_role("user_manager", {"read_users", "create_users"})
|
|
|
|
|
|
permission_system:add_role("super_admin", {"read_users", "create_users", "delete_users", "admin_panel"})
|
|
|
|
|
|
|
|
|
|
|
|
-- 分配角色给用户
|
|
|
|
|
|
permission_system:assign_role("user001", "guest")
|
|
|
|
|
|
permission_system:assign_role("user002", "user_manager")
|
|
|
|
|
|
permission_system:assign_role("admin001", "super_admin")
|
|
|
|
|
|
|
|
|
|
|
|
-- 测试权限验证
|
2025-11-04 09:33:40 +08:00
|
|
|
|
ngx.say("=== RBAC权限验证测试 ===")
|
2025-11-03 11:43:40 +08:00
|
|
|
|
|
|
|
|
|
|
-- 测试用户001(guest角色)
|
|
|
|
|
|
local test_cases = {
|
|
|
|
|
|
{user_id = "user001", resource = "/users", action = "GET", expected = true},
|
|
|
|
|
|
{user_id = "user001", resource = "/users", action = "POST", expected = false},
|
|
|
|
|
|
{user_id = "user001", resource = "/admin", action = "GET", expected = false},
|
|
|
|
|
|
|
|
|
|
|
|
{user_id = "user002", resource = "/users", action = "GET", expected = true},
|
|
|
|
|
|
{user_id = "user002", resource = "/users", action = "POST", expected = true},
|
|
|
|
|
|
{user_id = "user002", resource = "/admin", action = "GET", expected = false},
|
|
|
|
|
|
|
|
|
|
|
|
{user_id = "admin001", resource = "/users", action = "GET", expected = true},
|
|
|
|
|
|
{user_id = "admin001", resource = "/users", action = "DELETE", expected = true},
|
|
|
|
|
|
{user_id = "admin001", resource = "/admin", action = "GET", expected = true}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for _, test in ipairs(test_cases) do
|
|
|
|
|
|
local result = permission_system:check_permission(test.user_id, test.resource, test.action)
|
|
|
|
|
|
local status = result == test.expected and "✓ 通过" or "✗ 失败"
|
2025-11-04 09:33:40 +08:00
|
|
|
|
ngx.say(string.format("%s 用户:%s 资源:%s 方法:%s 结果:%s",
|
2025-11-03 11:43:40 +08:00
|
|
|
|
status, test.user_id, test.resource, test.action, tostring(result)))
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
-- 显示用户权限列表
|
2025-11-04 09:33:40 +08:00
|
|
|
|
ngx.say("\n=== 用户权限列表 ===")
|
2025-11-03 11:43:40 +08:00
|
|
|
|
local users = {"user001", "user002", "admin001"}
|
|
|
|
|
|
for _, user_id in ipairs(users) do
|
|
|
|
|
|
local permissions = permission_system:get_user_permissions(user_id)
|
2025-11-04 09:33:40 +08:00
|
|
|
|
ngx.say(string.format("用户 %s 的权限:", user_id))
|
2025-11-03 11:43:40 +08:00
|
|
|
|
for _, perm in ipairs(permissions) do
|
2025-11-04 09:33:40 +08:00
|
|
|
|
ngx.say(string.format(" - %s %s", perm.action, perm.resource))
|
2025-11-03 11:43:40 +08:00
|
|
|
|
end
|
|
|
|
|
|
end
|
