@@ -106,6 +106,13 @@ describe("permission tools", () => {
106106 RequestId : "req-create-user" ,
107107 } ) ;
108108 mockGetCloudBaseManager . mockResolvedValue ( {
109+ env : {
110+ getEnvInfo : vi . fn ( ) . mockResolvedValue ( {
111+ EnvInfo : {
112+ Storages : [ { Bucket : "bucket-1" } ] ,
113+ } ,
114+ } ) ,
115+ } ,
109116 permission : {
110117 describeResourcePermission : mockDescribeResourcePermission ,
111118 describeRoleList : mockDescribeRoleList ,
@@ -194,6 +201,56 @@ describe("permission tools", () => {
194201 ] ) ;
195202 } ) ;
196203
204+ it ( "queryPermissions(action=getResourcePermission) should fail when storage bucket does not exist" , async ( ) => {
205+ const result = await tools . queryPermissions . handler ( {
206+ action : "getResourcePermission" ,
207+ resourceType : "storage" ,
208+ resourceId : "missing-bucket" ,
209+ } ) ;
210+ const payload = JSON . parse ( result . content [ 0 ] . text ) ;
211+
212+ expect ( mockDescribeResourcePermission ) . not . toHaveBeenCalled ( ) ;
213+ expect ( payload ) . toMatchObject ( {
214+ success : false ,
215+ message : "存储 Bucket missing-bucket 不存在" ,
216+ } ) ;
217+ } ) ;
218+
219+ it ( "queryPermissions(action=getResourcePermission) should allow existing storage bucket" , async ( ) => {
220+ mockDescribeResourcePermission . mockResolvedValueOnce ( {
221+ Data : {
222+ TotalCount : 1 ,
223+ PermissionList : [
224+ {
225+ ResourceType : "storage" ,
226+ Resource : "bucket-1" ,
227+ Permission : "ADMINWRITE" ,
228+ } ,
229+ ] ,
230+ } ,
231+ RequestId : "req-storage-perm" ,
232+ } ) ;
233+
234+ const result = await tools . queryPermissions . handler ( {
235+ action : "getResourcePermission" ,
236+ resourceType : "storage" ,
237+ resourceId : "bucket-1" ,
238+ } ) ;
239+ const payload = JSON . parse ( result . content [ 0 ] . text ) ;
240+
241+ expect ( mockDescribeResourcePermission ) . toHaveBeenCalledWith ( {
242+ resourceType : "storage" ,
243+ resources : [ "bucket-1" ] ,
244+ } ) ;
245+ expect ( payload ) . toMatchObject ( {
246+ success : true ,
247+ data : {
248+ resourceType : "storage" ,
249+ resourceId : "bucket-1" ,
250+ } ,
251+ } ) ;
252+ } ) ;
253+
197254 it ( "queryPermissions(action=listResourcePermissions) should include resource-level hints for risky custom rules" , async ( ) => {
198255 mockDescribeResourcePermission . mockResolvedValueOnce ( {
199256 Data : {
0 commit comments