新增职务权限管理与聊天室管理权限控制

tests/Feature/RedPacketControllerTest.php

@@ -3,9 +3,13 @@
 namespace Tests\Feature;
 
 use App\Events\RedPacketClaimed;
+use App\Models\Department;
+use App\Models\Position;
 use App\Models\RedPacketEnvelope;
 use App\Models\Sysparam;
 use App\Models\User;
+use App\Models\UserPosition;
+use App\Support\PositionPermissionRegistry;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Redis;
@@ -44,12 +48,27 @@ class RedPacketControllerTest extends TestCase
         $response->assertJson(['status' => 'error']);
     }
 
+    /**
+     * 方法功能：验证高等级但无职务权限的用户仍不能发送礼包。
+     */
+    public function test_high_level_user_without_red_packet_permission_cannot_send_red_packet(): void
+    {
+        $user = User::factory()->create(['user_level' => 100]);
+
+        $response = $this->actingAs($user)->postJson(route('command.red_packet.send'), [
+            'room_id' => 1,
+            'type' => 'gold',
+        ]);
+
+        $response->assertStatus(403);
+    }
+
     /**
      * 方法功能：验证站长可以成功发出礼包并写入 Redis 拆包结果。
      */
     public function test_superadmin_can_send_red_packet(): void
     {
-        $admin = User::factory()->create(['user_level' => 100]);
+        $admin = $this->createSiteOwner();
 
         $response = $this->actingAs($admin)->postJson(route('command.red_packet.send'), [
             'room_id' => 1,
@@ -71,12 +90,31 @@ class RedPacketControllerTest extends TestCase
         $this->assertEquals(10, Redis::llen("red_packet:{$envelope->id}:amounts"));
     }
 
+    /**
+     * 方法功能：验证拥有礼包权限的职务用户可以发礼包。
+     */
+    public function test_position_user_with_red_packet_permission_can_send_red_packet(): void
+    {
+        $user = $this->createUserWithPermissions([
+            PositionPermissionRegistry::ROOM_RED_PACKET,
+        ]);
+
+        $response = $this->actingAs($user)->postJson(route('command.red_packet.send'), [
+            'room_id' => 1,
+            'type' => 'exp',
+        ]);
+
+        $response->assertOk()->assertJson([
+            'status' => 'success',
+        ]);
+    }
+
     /**
      * 方法功能：验证同一房间内不可重复发送未结束的礼包。
      */
     public function test_cannot_send_multiple_active_packets_in_same_room(): void
     {
-        $admin = User::factory()->create(['user_level' => 100]);
+        $admin = $this->createSiteOwner();
 
         $this->actingAs($admin)->postJson(route('command.red_packet.send'), [
             'room_id' => 1,
@@ -96,7 +134,7 @@ class RedPacketControllerTest extends TestCase
      */
     public function test_user_can_claim_red_packet(): void
     {
-        $admin = User::factory()->create(['user_level' => 100]);
+        $admin = $this->createSiteOwner();
         $user = User::factory()->create(['jjb' => 100]);
 
         // Send packet
@@ -131,7 +169,7 @@ class RedPacketControllerTest extends TestCase
     {
         Event::fake([RedPacketClaimed::class]);
 
-        $admin = User::factory()->create(['user_level' => 100]);
+        $admin = $this->createSiteOwner();
         $user = User::factory()->create(['jjb' => 100]);
 
         $this->actingAs($admin)->postJson(route('command.red_packet.send'), [
@@ -165,7 +203,7 @@ class RedPacketControllerTest extends TestCase
      */
     public function test_user_cannot_claim_same_packet_twice(): void
     {
-        $admin = User::factory()->create(['user_level' => 100]);
+        $admin = $this->createSiteOwner();
         $user = User::factory()->create();
 
         $this->actingAs($admin)->postJson(route('command.red_packet.send'), [
@@ -194,7 +232,7 @@ class RedPacketControllerTest extends TestCase
      */
     public function test_can_check_packet_status(): void
     {
-        $admin = User::factory()->create(['user_level' => 100]);
+        $admin = $this->createSiteOwner();
         $user = User::factory()->create();
 
         $this->actingAs($admin)->postJson(route('command.red_packet.send'), [
@@ -224,4 +262,56 @@ class RedPacketControllerTest extends TestCase
             'has_claimed' => true,
         ]);
     }
+
+    /**
+     * 创建站长账号。
+     */
+    private function createSiteOwner(): User
+    {
+        return User::factory()->create([
+            'id' => 1,
+            'user_level' => 100,
+        ]);
+    }
+
+    /**
+     * 创建带指定聊天室权限的在职职务用户。
+     *
+     * @param  list<string>  $permissions
+     */
+    private function createUserWithPermissions(array $permissions): User
+    {
+        $user = User::factory()->create([
+            'user_level' => 80,
+        ]);
+
+        $department = Department::create([
+            'name' => '红包权限部'.$user->id,
+            'rank' => 80,
+            'color' => '#dc2626',
+            'sort_order' => 1,
+            'description' => '红包权限测试',
+        ]);
+
+        $position = Position::create([
+            'department_id' => $department->id,
+            'name' => '红包权限职务'.$user->id,
+            'icon' => '🧧',
+            'rank' => 80,
+            'level' => 80,
+            'sort_order' => 1,
+            'permissions' => $permissions,
+        ]);
+
+        UserPosition::create([
+            'user_id' => $user->id,
+            'position_id' => $position->id,
+            'appointed_by_user_id' => null,
+            'appointed_at' => now(),
+            'remark' => '红包权限测试',
+            'is_active' => true,
+        ]);
+
+        return $user->fresh();
+    }
 }