admin/Mdeical_Sur_Report
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
Files
cff55251f44c6de2233601085d58461110edc839
Mdeical_Sur_Report/e2e/report-permissions.spec.ts
admin 750cf4129d Add audit log UI and backend API seeded E2E 
- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs.

- Add Audit Logs page, sidebar entry, frontend audit API client, and API client test.

- Add backend audit log query endpoint with super/admin visibility rules and query filtering.

- Extend PostgreSQL integration tests to cover audit log query permissions.

- Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers.

- Add E2E coverage for route guards and audit log visibility.

- Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts.

- Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues.

- Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.
2026-05-02 02:04:56 +08:00

61 lines
2.2 KiB
TypeScript
Raw Blame History

import { expect, test } from '@playwright/test';
import {
createDepartmentByApi,
createReportByApi,
createUserByApi,
loginByApi,
uniqueId,
} from './helpers';
test('admin only sees department reports, doctor only sees own reports, super sees all', async ({ page }) => {
const suffix = uniqueId('perm');
const ownTitle = `外科本人报告 ${suffix}`;
const otherSurgeryTitle = `外科他人报告 ${suffix}`;
const internalTitle = `内科报告 ${suffix}`;
await loginByApi(page, 'admin');
const internalDepartment = await createDepartmentByApi(page.request, `内科E2E ${suffix}`, `internal_${suffix}`);
const internalAdmin = await createUserByApi(page.request, {
username: `internal_admin_${suffix}`,
name: '内科E2E管理员',
role: 'admin',
departmentId: internalDepartment.id,
});
const otherSurgeryDoctor = await createUserByApi(page.request, {
username: `surgery_doctor_${suffix}`,
name: '外科E2E医生',
role: 'user',
department: '外科',
});
await loginByApi(page, '0001');
await createReportByApi(page.request, { title: ownTitle, content: `<p>${ownTitle}</p>` });
await loginByApi(page, otherSurgeryDoctor.username);
await createReportByApi(page.request, { title: otherSurgeryTitle, content: `<p>${otherSurgeryTitle}</p>` });
await loginByApi(page, internalAdmin.username);
await createReportByApi(page.request, { title: internalTitle, content: `<p>${internalTitle}</p>` });
await loginByApi(page, 'manager');
await page.goto('/report-manage');
await expect(page.getByText(ownTitle)).toBeVisible();
await expect(page.getByText(otherSurgeryTitle)).toBeVisible();
await expect(page.getByText(internalTitle)).not.toBeVisible();
await loginByApi(page, '0001');
await page.goto('/report-manage');
await expect(page.getByText(ownTitle)).toBeVisible();
await expect(page.getByText(otherSurgeryTitle)).not.toBeVisible();
await expect(page.getByText(internalTitle)).not.toBeVisible();
await loginByApi(page, 'admin');
await page.goto('/report-manage');
await expect(page.getByText(ownTitle)).toBeVisible();
await expect(page.getByText(otherSurgeryTitle)).toBeVisible();
await expect(page.getByText(internalTitle)).toBeVisible();
});
Reference in New Issue View Git Blame Copy Permalink