admin
750cf4129d
- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs. - Add Audit Logs page, sidebar entry, frontend audit API client, and API client test. - Add backend audit log query endpoint with super/admin visibility rules and query filtering. - Extend PostgreSQL integration tests to cover audit log query permissions. - Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers. - Add E2E coverage for route guards and audit log visibility. - Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts. - Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues. - Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.
22 lines
845 B
TypeScript
22 lines
845 B
TypeScript
import { expect, test } from '@playwright/test';
|
|
import { createReportByApi, loginByApi, uniqueId } from './helpers';
|
|
|
|
test('route guards block doctors from admin pages and super users can view audit logs', async ({ page }) => {
|
|
await loginByApi(page, '0001');
|
|
await page.goto('/user-manage');
|
|
await page.waitForURL('**/dashboard');
|
|
await expect(page.getByRole('heading', { name: '工作台概览' })).toBeVisible();
|
|
|
|
const title = `审计验证报告 ${uniqueId('audit')}`;
|
|
await createReportByApi(page.request, {
|
|
title,
|
|
content: `<p>${title}</p>`,
|
|
status: 'completed',
|
|
});
|
|
|
|
await loginByApi(page, 'admin');
|
|
await page.goto('/audit-logs');
|
|
await expect(page.getByRole('heading', { name: '审计日志' })).toBeVisible();
|
|
await expect(page.locator('tbody').getByText('完成报告').first()).toBeVisible();
|
|
});
|