rbac-policy-tester
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseRBAC/Policy Tester
RBAC/策略测试器
Comprehensive testing for role-based access control.
基于角色的访问控制(RBAC)全面测试方案
Permission Test Matrix
权限测试矩阵
typescript
type Role = 'ADMIN' | 'MANAGER' | 'USER' | 'GUEST';
type Action = 'create' | 'read' | 'update' | 'delete';
type Resource = 'users' | 'orders' | 'reports';
const permissionMatrix: Record<Role, Record<Resource, Action[]>> = {
ADMIN: {
users: ['create', 'read', 'update', 'delete'],
orders: ['create', 'read', 'update', 'delete'],
reports: ['create', 'read', 'update', 'delete'],
},
MANAGER: {
users: ['read', 'update'],
orders: ['create', 'read', 'update'],
reports: ['read', 'update'],
},
USER: {
users: ['read'], // Only own profile
orders: ['create', 'read'], // Only own orders
reports: ['read'],
},
GUEST: {
users: [],
orders: [],
reports: ['read'],
},
};
describe('RBAC Tests', () => {
Object.entries(permissionMatrix).forEach(([role, resources]) => {
describe(\`Role: \${role}\`, () => {
Object.entries(resources).forEach(([resource, actions]) => {
actions.forEach(action => {
it(\`should allow \${action} on \${resource}\`, async () => {
const token = generateToken({ role });
await request(app)
.post(\`/api/\${resource}/\${action}\`)
.set('Authorization', \`Bearer \${token}\`)
.expect(200);
});
});
// Test forbidden actions
const allActions: Action[] = ['create', 'read', 'update', 'delete'];
const forbidden = allActions.filter(a => !actions.includes(a));
forbidden.forEach(action => {
it(\`should deny \${action} on \${resource}\`, async () => {
const token = generateToken({ role });
await request(app)
.post(\`/api/\${resource}/\${action}\`)
.set('Authorization', \`Bearer \${token}\`)
.expect(403);
});
});
});
});
});
});typescript
type Role = 'ADMIN' | 'MANAGER' | 'USER' | 'GUEST';
type Action = 'create' | 'read' | 'update' | 'delete';
type Resource = 'users' | 'orders' | 'reports';
const permissionMatrix: Record<Role, Record<Resource, Action[]>> = {
ADMIN: {
users: ['create', 'read', 'update', 'delete'],
orders: ['create', 'read', 'update', 'delete'],
reports: ['create', 'read', 'update', 'delete'],
},
MANAGER: {
users: ['read', 'update'],
orders: ['create', 'read', 'update'],
reports: ['read', 'update'],
},
USER: {
users: ['read'], // 仅可访问自身资料
orders: ['create', 'read'], // 仅可访问自身订单
reports: ['read'],
},
GUEST: {
users: [],
orders: [],
reports: ['read'],
},
};
describe('RBAC Tests', () => {
Object.entries(permissionMatrix).forEach(([role, resources]) => {
describe(\`Role: \${role}\`, () => {
Object.entries(resources).forEach(([resource, actions]) => {
actions.forEach(action => {
it(\`should allow \${action} on \${resource}\`, async () => {
const token = generateToken({ role });
await request(app)
.post(\`/api/\${resource}/\${action}\`)
.set('Authorization', \`Bearer \${token}\`)
.expect(200);
});
});
// 测试禁止执行的操作
const allActions: Action[] = ['create', 'read', 'update', 'delete'];
const forbidden = allActions.filter(a => !actions.includes(a));
forbidden.forEach(action => {
it(\`should deny \${action} on \${resource}\`, async () => {
const token = generateToken({ role });
await request(app)
.post(\`/api/\${resource}/\${action}\`)
.set('Authorization', \`Bearer \${token}\`)
.expect(403);
});
});
});
});
});
});Output Checklist
输出检查清单
- Permission matrix defined
- Test suite for all roles
- Positive and negative tests
- CI gating enabled
- Coverage monitoring ENDFILE
- 已定义权限矩阵
- 覆盖所有角色的测试套件
- 包含正向与反向测试
- 已启用CI门禁
- 已配置覆盖度监控