Commit @b9a2449ebda0fa38e6d0f6cd227e740799e5119b

[Notice] Announcing the End of Demo Server [Read me]

Hwi Ahn 2012-08-30

Access control refactoring

@b9a2449ebda0fa38e6d0f6cd227e740799e5119b

402bff1

b9a2449

app/controllers/ProjectApp.java

--- app/controllers/ProjectApp.java

+++ app/controllers/ProjectApp.java


 import java.io.File;
 
 import models.*;
+import models.enumeration.RoleType;
 import play.data.Form;
 import play.db.ebean.Transactional;
 import play.mvc.*;

         } else {
             Project project = filledNewProjectForm.get();
             project.owner = UserApp.currentUser().loginId;
-            ProjectUser.assignRole(UserApp.currentUser().id, Project.create(project), Role.MANAGER);
+            ProjectUser.assignRole(UserApp.currentUser().id,
+                    Project.create(project), RoleType.MANAGER);
 
             RepositoryService.createRepository(project.owner, project.name, project.vcs);
 

             return redirect(routes.ProjectApp.members(userName, projectName));
         }
         Project project = getProject(userName, projectName);
-        if (!ProjectUser.isMember(user.id, project.id))
-            ProjectUser.assignRole(user.id, project.id, Role.MEMBER);
-        else
+        if(!ProjectUser.isMember(user.id, project.id))
+            ProjectUser.assignRole(user.id, project.id, RoleType.MEMBER);
+        else    
             flash(Constants.WARNING, "project.member.alreadyMember");
         return redirect(routes.ProjectApp.members(userName, projectName));
     }

     }
 
     public static boolean isManager(Long userId, Long projectId) {
-        if (Role.findRoleByIds(userId, projectId).id.equals(Role.MANAGER))
+        if (Role.findRoleByIds(userId, projectId).id.equals(RoleType.MANAGER))
             return ProjectUser.checkOneMangerPerOneProject(projectId);
         else
             return true;

402bff1

b9a2449

app/models/Permission.java

--- app/models/Permission.java

+++ app/models/Permission.java


      * @param operation
      * @return
      */
-    public static boolean permissionCheck(Long userId, Long projectId,
+    public static boolean hasPermission(Long userId, Long projectId,
             Resource resource, Operation operation) {
         int findRowCount = find.where()
                                     .eq("roles.projectUsers.user.id", userId)

         return (findRowCount != 0) ? true : false;
     }
     
-    public static boolean permissionCheckByRole(Long roleId, Resource resource, Operation operation) {
+    public static boolean hasPermission(RoleType roleType, Resource resource, Operation operation) {
         int findRowCount = find.where()
-                                .eq("roles.id", roleId)
+                                .eq("roles.id", roleType.roleType())
                                 .eq("resource", resource.resource())
                                 .eq("operation", operation.operation())
                             .findRowCount();

402bff1

b9a2449

app/models/Project.java

--- app/models/Project.java

+++ app/models/Project.java


 import javax.persistence.Id;
 import javax.persistence.OneToMany;
 
+import models.enumeration.RoleType;
+
 
 import play.data.validation.Constraints;
 import play.db.ebean.Model;

     public static Long create(Project newProject) {
         newProject.url = "http://localhost:9000/" + newProject.name;
         newProject.save();
-        ProjectUser.assignRole(User.SITE_MANAGER_ID, newProject.id, Role.SITEMANAGER);
+        ProjectUser.assignRole(User.SITE_MANAGER_ID, newProject.id, RoleType.SITEMANAGER);
         return newProject.id;
     }
 

                                     .select("name")
                                     .where()
                                         .eq("projectUser.user.id", userId)
-                                        .eq("projectUser.role.id", Role.MANAGER)
+                                        .eq("projectUser.role.id", RoleType.MANAGER.roleType())
                                     .findList();
         
         Iterator<Project> iterator = projects.iterator();

402bff1

b9a2449

app/models/ProjectUser.java

--- app/models/ProjectUser.java

+++ app/models/ProjectUser.java


 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.ManyToOne;
+
+import models.enumeration.RoleType;
+
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
 /**
  * @author "Hwi Ahn"
- * 
+ *
  */
 @Entity
 public class ProjectUser extends Model {
     private static final long serialVersionUID = 1L;
-    private static Finder<Long, ProjectUser> find = new Finder<Long, ProjectUser>(
-            Long.class, ProjectUser.class);
-    
+    private static Finder<Long, ProjectUser> find = new Finder<Long, ProjectUser>(Long.class,
+            ProjectUser.class);
+
     @Id
     public Long id;
-    
+
     @ManyToOne
     public User user;
-    
+
     @ManyToOne
     public Project project;
-    
+
     @ManyToOne
     public Role role;
 

         this.project = Project.findById(projectId);
         this.role = Role.findById(roleId);
     }
-    
+
     public static void create(Long userId, Long projectId, Long roleId) {
         ProjectUser projectUser = new ProjectUser(userId, projectId, roleId);
         projectUser.save();

 
     /**
      * 해당 프로젝트에 가입된 해당 유저를 프로젝트에서 탈퇴시킵니다.
-     * 
+     *
      * @param userId
      * @param projectId
      */

 
     /**
      * 유저에게 새로운 롤을 부여합니다.
-     * 
+     *
      * @param userId
      * @param projectId
      * @param roleId

         }
     }
 
+    public static void assignRole(Long userId, Long projectId, RoleType roleType) {
+        assignRole(userId, projectId, roleType.roleType());
+    }
+
     /**
      * 해당 유저, 프로젝트 값을 갖는 ProjectUser 오브젝트를 제공합니다.
      * (Site manager는 hidden role로서 반환되지 않습니다.)
-     * 
+     *
      * @param userId
      * @param projectId
      * @return
      */
     public static ProjectUser findByIds(Long userId, Long projectId) {
-        return find.where().eq("user.id", userId).eq("project.id", projectId).ne("role.id", Role.SITEMANAGER).findUnique();
+        return find.where().eq("user.id", userId).eq("project.id", projectId)
+                .ne("role.id", RoleType.SITEMANAGER.roleType()).findUnique();
     }
 
     /**
-     * 해당 프로젝트에 가입한 맴버들의 Login ID와 그 맴버들의 Role의 이름을 제공합니다. 
+     * 해당 프로젝트에 가입한 맴버들의 Login ID와 그 맴버들의 Role의 이름을 제공합니다.
      * (Site manager는 hidden role로서 반환되지 않습니다.)
-     * 
+     *
      * @param projectId
      * @return
      */
     public static List<ProjectUser> findMemberListByProject(Long projectId) {
         return find.fetch("user", "loginId").fetch("role", "name").where()
-                .eq("project.id", projectId).ne("role.id", Role.SITEMANAGER)
+                .eq("project.id", projectId).ne("role.id", RoleType.SITEMANAGER.roleType())
                 .findList();
     }
 
     /**
      * 해당 프로젝트에 최소 1명 이상의 관리자가 남아있는지 확인합니다.
-     * 
+     *
      * @param projectId
      * @return
      */
     public static boolean checkOneMangerPerOneProject(Long projectId) {
-        int findRowCount = find.where().eq("role.id", Role.MANAGER)
+        int findRowCount = find.where().eq("role.id", RoleType.MANAGER.roleType())
                 .eq("project.id", projectId).findRowCount();
         return (findRowCount > 1) ? true : false;
     }
-    
+
     /**
      * 해당 유저가 해당 프로젝트의 매니저 역할인지 확인합니다.
-     * 
+     *
      * @param userId
      * @param projectId
      * @return
      */
     public static boolean isManager(Long userId, Long projectId) {
-        int findRowCount = find.where().eq("user.id", Role.MANAGER)
-                .eq("project.id", projectId).findRowCount();
+        int findRowCount = find.where().eq("user.id", userId)
+                .eq("role.id", RoleType.MANAGER.roleType()).eq("project.id", projectId)
+                .findRowCount();
         return (findRowCount != 0) ? true : false;
     }
-    
 
     /**
      * 해당 유저가 해당 프로젝트에 가입되어 있는지 확인합니다.
-     * 
+     *
      * @param userId
      * @param projectId
      * @return
      */
     public static boolean isMember(Long userId, Long projectId) {
-        if(userId == null) return false;
-        int findRowCount = find.where().eq("user.id", userId)
-                .eq("project.id", projectId).findRowCount();
+        if (userId == null)
+            return false;
+        int findRowCount = find.where().eq("user.id", userId).eq("project.id", projectId)
+                .findRowCount();
         return (findRowCount != 0) ? true : false;
     }
 
     /**
      * 해당 프로젝트에 참가하고 있는 유저의 목록을 제공합니다.
-     * 
+     *
      * @return
      */
     public static Map<String, String> options(Long projectId) {

402bff1

b9a2449

app/models/Role.java

--- app/models/Role.java

+++ app/models/Role.java


 import javax.persistence.Id;
 import javax.persistence.ManyToMany;
 import javax.persistence.OneToMany;
+
+import models.enumeration.RoleType;
+
 import java.util.List;
 
 /**

     private static final long serialVersionUID = 1L;
     private static Finder<Long, Role> find = new Finder<Long, Role>(Long.class,
             Role.class);
-    
-    public static final Long MANAGER = 1l;
-    public static final Long MEMBER = 2l;
-    public static final Long SITEMANAGER = 3l;
-    public static final Long ANONYMOUS = 4l;
-    
+
+
+
     @Id
     public Long id;
-    
+
     public String name;
     public boolean active;
-    
+
     @ManyToMany
     public List<Permission> permissions;
-    
+
     @OneToMany(mappedBy = "role", cascade = CascadeType.ALL)
     public List<ProjectUser> projectUsers;
 
-    
     public static Role findById(Long id) {
         return find.byId(id);
+    }
+
+    public static Role findByRoleType(RoleType roleType) {
+        return find.byId(roleType.roleType());
     }
 
     public static Role findByName(String name) {

 
     /**
      * 프로젝트와 관련된 롤들의 목록을 반환합니다.
-     * 
+     *
      * @return
      */
     public static List<Role> getActiveRoles() {

                 .findList();
         return projectRoles;
     }
-    
+
     /**
      * 해당 유저가 해당 프로젝트에서 가지고 있는 롤을 제공합니다.
-     * 
+     *
      * @param userId
      * @param projectId
      * @return

402bff1

b9a2449

app/models/User.java

--- app/models/User.java

+++ app/models/User.java


     public static List<User> findUsersByProject(Long projectId) {
         return find.where()
                 .eq("projectUser.project.id", projectId)
-                .ne("projectUser.role.id", Role.SITEMANAGER).findList();
+                .ne("projectUser.role.id", RoleType.SITEMANAGER.roleType()).findList();
     }
 }

402bff1

app/utils/RoleCheck.java (deleted)

--- app/utils/RoleCheck.java

...	...	@@ -1,89 +0,0 @@
	1	-package utils;
	2	-
	3	-import models.Comment;
	4	-import models.Issue;
	5	-import models.IssueComment;
	6	-import models.Permission;
	7	-import models.Post;
	8	-import models.Project;
	9	-import models.ProjectUser;
	10	-import models.Role;
	11	-import models.enumeration.Operation;
	12	-import models.enumeration.Resource;
	13	-import play.db.ebean.Model;
	14	-import play.db.ebean.Model.Finder;
	15	-
	16	-/**
	17	- * @author "Hwi Ahn"
	18	- */
	19	-public class RoleCheck {
	20	-
	21	-
	22	- /**
	23	- *
	24	- * @param userId
	25	- * @param projectId
	26	- * @param resource
	27	- * @param operation
	28	- * @param resourceId
	29	- * @return
	30	- */
	31	- public static boolean permissionCheck(Object userSessionId, Long projectId, Resource resource,
	32	- Operation operation, Long resourceId) {
	33	- Long userId;
	34	- if(userSessionId instanceof String) {
	35	- userId = Long.parseLong((String) userSessionId);
	36	- } else {
	37	- userId = (Long) userSessionId;
	38	- }
	39	-
	40	- boolean isAuthorEditible;
	41	-
	42	- switch (resource)
	43	- {
	44	- case ISSUE_POST:
	45	- isAuthorEditible = authorCheck(userId, resourceId, new Finder<Long, Issue>(
	46	- Long.class, Issue.class))
	47	- && Project.findById(projectId).isAuthorEditable;
	48	- break;
	49	- case ISSUE_COMMENT:
	50	- isAuthorEditible = authorCheck(userId, resourceId, new Finder<Long, IssueComment>(
	51	- Long.class, IssueComment.class));
	52	- break;
	53	- case BOARD_POST:
	54	- isAuthorEditible = authorCheck(userId, resourceId, new Finder<Long, Post>(
	55	- Long.class, Post.class));
	56	- break;
	57	- case BOARD_COMMENT:
	58	- isAuthorEditible = authorCheck(userId, resourceId, new Finder<Long, Comment>(
	59	- Long.class, Comment.class));
	60	- break;
	61	- default:
	62	- isAuthorEditible = false;
	63	- break;
	64	- }
	65	- if (ProjectUser.isMember(userId, projectId)) {
	66	- return isAuthorEditible
	67	- \|\| Permission.permissionCheck(userId, projectId, resource, operation);
	68	- } else { // Anonymous
	69	- if (Project.findById(projectId) != null && !Project.findById(projectId).share_option) {
	70	- return false;
	71	- }
	72	- return isAuthorEditible
	73	- \|\| Permission.permissionCheckByRole(Role.ANONYMOUS, resource, operation);
	74	- }
	75	- }
	76	-
	77	- /**
	78	- *
	79	- * @param userId
	80	- * @param resourceId
	81	- * @param finder
	82	- * @return
	83	- */
	84	- public static <T, K> boolean authorCheck(Long userId, Long resourceId, Model.Finder<K, T> finder) {
	85	- int findRowCount = finder.where().eq("authorId", userId).eq("id", resourceId)
	86	- .findRowCount();
	87	- return (findRowCount != 0) ? true : false;
	88	- }
	89	-}

402bff1

b9a2449

app/views/roleCheck.scala.html

--- app/views/roleCheck.scala.html

+++ app/views/roleCheck.scala.html


 @(userId: String, projectId: Long, resource: models.enumeration.Resource, operation: models.enumeration.Operation, resourceId: Long = null)(content: => Html)
 
-@if(utils.RoleCheck.permissionCheck(userId, projectId, resource, operation, resourceId)){
+@if(utils.AccessControl.isAllowed(userId, projectId, resource, operation, resourceId)){
   @content
 }

402bff1

b9a2449

test/models/PermissionTest.java

--- test/models/PermissionTest.java

+++ test/models/PermissionTest.java


 
 import models.enumeration.Operation;
 import models.enumeration.Resource;
+import models.enumeration.RoleType;
 
 import org.junit.Test;
-
-import com.avaje.ebean.Ebean;
 
 import static org.fest.assertions.Assertions.assertThat;
 
 public class PermissionTest extends ModelTest<Permission> {    
     @Test
-    public void permissionCheck() throws Exception {
+    public void hasPermission() throws Exception {
         // Given
         Long hobi = 2l;
         Long nForge4java = 1l;
         Long jindo = 2l;
+        RoleType anonymous = RoleType.ANONYMOUS;
         // When
         // Then
-        assertThat(Permission.permissionCheck(hobi, nForge4java, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(true);
-        assertThat(Permission.permissionCheck(hobi, jindo, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(false);
+        assertThat(Permission.hasPermission(hobi, nForge4java, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(true);
+        assertThat(Permission.hasPermission(hobi, jindo, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(false);
+        assertThat(Permission.hasPermission(anonymous, Resource.BOARD_POST, Operation.READ)).isEqualTo(true);
+        assertThat(Permission.hasPermission(anonymous, Resource.BOARD_POST, Operation.DELETE)).isEqualTo(false);
     }
     
     @Test

         // When
         // Then
         assertThat(Permission.findPermissionsByRole(1l).size()).isEqualTo(63);
-    }
-    
-    @Test
-    public void permissionCheckByRole() throws Exception {
-        // Given
-        // When
-        boolean result1 = Permission.permissionCheckByRole(Role.ANONYMOUS, Resource.BOARD_POST, Operation.READ);
-        boolean result2 = Permission.permissionCheckByRole(Role.ANONYMOUS, Resource.BOARD_POST, Operation.DELETE);
-        // Then
-        assertThat(result1).isEqualTo(true);
-        assertThat(result2).isEqualTo(false);
     }
 }

402bff1

b9a2449

test/models/RoleTest.java

--- test/models/RoleTest.java

+++ test/models/RoleTest.java


 
 import java.util.List;
 
+import models.enumeration.RoleType;
+
 import org.junit.Test;
 
 import static org.fest.assertions.Assertions.assertThat;

     public void findById() throws Exception {
         // Given
         // When
-        Role role = Role.findById(1l);
+        Role role = Role.findByRoleType(RoleType.MANAGER);
         // Then
         assertThat(role.name).isEqualTo("manager");
     }

402bff1

b9a2449

test/utils/AccessControlTest.java (Renamed from test/utils/RoleCheckTest.java)

--- test/utils/RoleCheckTest.java

+++ test/utils/AccessControlTest.java


 import play.db.ebean.Model;
 import play.db.ebean.Model.Finder;
 
-public class RoleCheckTest extends ModelTest<Role>{
+public class AccessControlTest extends ModelTest<Role>{
     @Test
-    public void permissionCheck() throws Exception {
+    public void isAllowed() throws Exception {
         // Given
         Long userSessionId1 = 1l;
         Long userSessionId2 = 2l;
         Long projectId1 = 1l;
         Long projectId2 = 3l;
         // When
-        boolean result1 = RoleCheck.permissionCheck(userSessionId1, projectId1, Resource.PROJECT_SETTING, Operation.WRITE, null);
-        boolean result2 = RoleCheck.permissionCheck(userSessionId2, projectId2, Resource.BOARD_POST, Operation.READ, null);
+        boolean result1 = AccessControl.isAllowed(userSessionId1, projectId1, Resource.PROJECT_SETTING, Operation.WRITE, null);
+        boolean result2 = AccessControl.isAllowed(userSessionId2, projectId2, Resource.BOARD_POST, Operation.READ, null);
         // Then
         assertThat(result1).isEqualTo(true);
         assertThat(result2).isEqualTo(false);
     }
     
     @Test
-    public void authorCheck() throws Exception {
+    public void isAuthor() throws Exception {
         // Given
         Long userId1 = 2l;
         Long resourceId1 = 1l;

         Long resourceId2 = 1l;
         Finder<Long, Issue> issueFinder = new Finder<Long, Issue>(Long.class, Issue.class);
         // When
-        boolean result1 = RoleCheck.authorCheck(userId1, resourceId1, postFinder);
-        boolean result2 = RoleCheck.authorCheck(userId2, resourceId2, issueFinder);
+        boolean result1 = AccessControl.isAuthor(userId1, resourceId1, postFinder);
+        boolean result2 = AccessControl.isAuthor(userId2, resourceId2, issueFinder);
         // Then
         assertThat(result1).isEqualTo(true);
         assertThat(result2).isEqualTo(false);

Add a comment

Open 0
Closed 0

List

...	...	@@ -123,6 +123,6 @@
123	123	public static List<User> findUsersByProject(Long projectId) {
124	124	return find.where()
125	125	.eq("projectUser.project.id", projectId)
126		- .ne("projectUser.role.id", Role.SITEMANAGER).findList();
	126	+ .ne("projectUser.role.id", RoleType.SITEMANAGER.roleType()).findList();
127	127	}
128	128	}

...	...	@@ -3,6 +3,7 @@
3	3	import java.io.File;
4	4
5	5	import models.*;
	6	+import models.enumeration.RoleType;
6	7	import play.data.Form;
7	8	import play.db.ebean.Transactional;
8	9	import play.mvc.*;
...	...	@@ -54,7 +55,8 @@
54	55	} else {
55	56	Project project = filledNewProjectForm.get();
56	57	project.owner = UserApp.currentUser().loginId;
57		- ProjectUser.assignRole(UserApp.currentUser().id, Project.create(project), Role.MANAGER);
	58	+ ProjectUser.assignRole(UserApp.currentUser().id,
	59	+ Project.create(project), RoleType.MANAGER);
58	60
59	61	RepositoryService.createRepository(project.owner, project.name, project.vcs);
60	62
...	...	@@ -120,9 +122,9 @@
120	122	return redirect(routes.ProjectApp.members(userName, projectName));
121	123	}
122	124	Project project = getProject(userName, projectName);
123		- if (!ProjectUser.isMember(user.id, project.id))
124		- ProjectUser.assignRole(user.id, project.id, Role.MEMBER);
125		- else
	125	+ if(!ProjectUser.isMember(user.id, project.id))
	126	+ ProjectUser.assignRole(user.id, project.id, RoleType.MEMBER);
	127	+ else
126	128	flash(Constants.WARNING, "project.member.alreadyMember");
127	129	return redirect(routes.ProjectApp.members(userName, projectName));
128	130	}
...	...	@@ -150,7 +152,7 @@
150	152	}
151	153
152	154	public static boolean isManager(Long userId, Long projectId) {
153		- if (Role.findRoleByIds(userId, projectId).id.equals(Role.MANAGER))
	155	+ if (Role.findRoleByIds(userId, projectId).id.equals(RoleType.MANAGER))
154	156	return ProjectUser.checkOneMangerPerOneProject(projectId);
155	157	else
156	158	return true;

...	...	@@ -34,7 +34,7 @@
34	34	* @param operation
35	35	* @return
36	36	*/
37		- public static boolean permissionCheck(Long userId, Long projectId,
	37	+ public static boolean hasPermission(Long userId, Long projectId,
38	38	Resource resource, Operation operation) {
39	39	int findRowCount = find.where()
40	40	.eq("roles.projectUsers.user.id", userId)
...	...	@@ -45,9 +45,9 @@
45	45	return (findRowCount != 0) ? true : false;
46	46	}
47	47
48		- public static boolean permissionCheckByRole(Long roleId, Resource resource, Operation operation) {
	48	+ public static boolean hasPermission(RoleType roleType, Resource resource, Operation operation) {
49	49	int findRowCount = find.where()
50		- .eq("roles.id", roleId)
	50	+ .eq("roles.id", roleType.roleType())
51	51	.eq("resource", resource.resource())
52	52	.eq("operation", operation.operation())
53	53	.findRowCount();

...	...	@@ -8,6 +8,8 @@
8	8	import javax.persistence.Id;
9	9	import javax.persistence.OneToMany;
10	10
	11	+import models.enumeration.RoleType;
	12	+
11	13
12	14	import play.data.validation.Constraints;
13	15	import play.db.ebean.Model;
...	...	@@ -54,7 +56,7 @@
54	56	public static Long create(Project newProject) {
55	57	newProject.url = "http://localhost:9000/" + newProject.name;
56	58	newProject.save();
57		- ProjectUser.assignRole(User.SITE_MANAGER_ID, newProject.id, Role.SITEMANAGER);
	59	+ ProjectUser.assignRole(User.SITE_MANAGER_ID, newProject.id, RoleType.SITEMANAGER);
58	60	return newProject.id;
59	61	}
60	62
...	...	@@ -113,7 +115,7 @@
113	115	.select("name")
114	116	.where()
115	117	.eq("projectUser.user.id", userId)
116		- .eq("projectUser.role.id", Role.MANAGER)
	118	+ .eq("projectUser.role.id", RoleType.MANAGER.roleType())
117	119	.findList();
118	120
119	121	Iterator<Project> iterator = projects.iterator();

...	...	@@ -5,29 +5,32 @@
5	5	import javax.persistence.Entity;
6	6	import javax.persistence.Id;
7	7	import javax.persistence.ManyToOne;
	8	+
	9	+import models.enumeration.RoleType;
	10	+
8	11	import java.util.LinkedHashMap;
9	12	import java.util.List;
10	13	import java.util.Map;
11	14
12	15	/**
13	16	* @author "Hwi Ahn"
14		- *
	17	+ *
15	18	*/
16	19	@Entity
17	20	public class ProjectUser extends Model {
18	21	private static final long serialVersionUID = 1L;
19		- private static Finder<Long, ProjectUser> find = new Finder<Long, ProjectUser>(
20		- Long.class, ProjectUser.class);
21		-
	22	+ private static Finder<Long, ProjectUser> find = new Finder<Long, ProjectUser>(Long.class,
	23	+ ProjectUser.class);
	24	+
22	25	@Id
23	26	public Long id;
24		-
	27	+
25	28	@ManyToOne
26	29	public User user;
27		-
	30	+
28	31	@ManyToOne
29	32	public Project project;
30		-
	33	+
31	34	@ManyToOne
32	35	public Role role;
33	36
...	...	@@ -36,7 +39,7 @@
36	39	this.project = Project.findById(projectId);
37	40	this.role = Role.findById(roleId);
38	41	}
39		-
	42	+
40	43	public static void create(Long userId, Long projectId, Long roleId) {
41	44	ProjectUser projectUser = new ProjectUser(userId, projectId, roleId);
42	45	projectUser.save();
...	...	@@ -44,7 +47,7 @@
44	47
45	48	/**
46	49	* 해당 프로젝트에 가입된 해당 유저를 프로젝트에서 탈퇴시킵니다.
47		- *
	50	+ *
48	51	* @param userId
49	52	* @param projectId
50	53	*/
...	...	@@ -54,7 +57,7 @@
54	57
55	58	/**
56	59	* 유저에게 새로운 롤을 부여합니다.
57		- *
	60	+ *
58	61	* @param userId
59	62	* @param projectId
60	63	* @param roleId
...	...	@@ -69,74 +72,80 @@
69	72	}
70	73	}
71	74
	75	+ public static void assignRole(Long userId, Long projectId, RoleType roleType) {
	76	+ assignRole(userId, projectId, roleType.roleType());
	77	+ }
	78	+
72	79	/**
73	80	* 해당 유저, 프로젝트 값을 갖는 ProjectUser 오브젝트를 제공합니다.
74	81	* (Site manager는 hidden role로서 반환되지 않습니다.)
75		- *
	82	+ *
76	83	* @param userId
77	84	* @param projectId
78	85	* @return
79	86	*/
80	87	public static ProjectUser findByIds(Long userId, Long projectId) {
81		- return find.where().eq("user.id", userId).eq("project.id", projectId).ne("role.id", Role.SITEMANAGER).findUnique();
	88	+ return find.where().eq("user.id", userId).eq("project.id", projectId)
	89	+ .ne("role.id", RoleType.SITEMANAGER.roleType()).findUnique();
82	90	}
83	91
84	92	/**
85		- * 해당 프로젝트에 가입한 맴버들의 Login ID와 그 맴버들의 Role의 이름을 제공합니다.
	93	+ * 해당 프로젝트에 가입한 맴버들의 Login ID와 그 맴버들의 Role의 이름을 제공합니다.
86	94	* (Site manager는 hidden role로서 반환되지 않습니다.)
87		- *
	95	+ *
88	96	* @param projectId
89	97	* @return
90	98	*/
91	99	public static List<ProjectUser> findMemberListByProject(Long projectId) {
92	100	return find.fetch("user", "loginId").fetch("role", "name").where()
93		- .eq("project.id", projectId).ne("role.id", Role.SITEMANAGER)
	101	+ .eq("project.id", projectId).ne("role.id", RoleType.SITEMANAGER.roleType())
94	102	.findList();
95	103	}
96	104
97	105	/**
98	106	* 해당 프로젝트에 최소 1명 이상의 관리자가 남아있는지 확인합니다.
99		- *
	107	+ *
100	108	* @param projectId
101	109	* @return
102	110	*/
103	111	public static boolean checkOneMangerPerOneProject(Long projectId) {
104		- int findRowCount = find.where().eq("role.id", Role.MANAGER)
	112	+ int findRowCount = find.where().eq("role.id", RoleType.MANAGER.roleType())
105	113	.eq("project.id", projectId).findRowCount();
106	114	return (findRowCount > 1) ? true : false;
107	115	}
108		-
	116	+
109	117	/**
110	118	* 해당 유저가 해당 프로젝트의 매니저 역할인지 확인합니다.
111		- *
	119	+ *
112	120	* @param userId
113	121	* @param projectId
114	122	* @return
115	123	*/
116	124	public static boolean isManager(Long userId, Long projectId) {
117		- int findRowCount = find.where().eq("user.id", Role.MANAGER)
118		- .eq("project.id", projectId).findRowCount();
	125	+ int findRowCount = find.where().eq("user.id", userId)
	126	+ .eq("role.id", RoleType.MANAGER.roleType()).eq("project.id", projectId)
	127	+ .findRowCount();
119	128	return (findRowCount != 0) ? true : false;
120	129	}
121		-
122	130
123	131	/**
124	132	* 해당 유저가 해당 프로젝트에 가입되어 있는지 확인합니다.
125		- *
	133	+ *
126	134	* @param userId
127	135	* @param projectId
128	136	* @return
129	137	*/
130	138	public static boolean isMember(Long userId, Long projectId) {
131		- if(userId == null) return false;
132		- int findRowCount = find.where().eq("user.id", userId)
133		- .eq("project.id", projectId).findRowCount();
	139	+ if (userId == null)
	140	+ return false;
	141	+ int findRowCount = find.where().eq("user.id", userId).eq("project.id", projectId)
	142	+ .findRowCount();
134	143	return (findRowCount != 0) ? true : false;
135	144	}
136	145
137	146	/**
138	147	* 해당 프로젝트에 참가하고 있는 유저의 목록을 제공합니다.
139		- *
	148	+ *
140	149	* @return
141	150	*/
142	151	public static Map<String, String> options(Long projectId) {

...	...	@@ -7,6 +7,9 @@
7	7	import javax.persistence.Id;
8	8	import javax.persistence.ManyToMany;
9	9	import javax.persistence.OneToMany;
	10	+
	11	+import models.enumeration.RoleType;
	12	+
10	13	import java.util.List;
11	14
12	15	/**
...	...	@@ -17,27 +20,27 @@
17	20	private static final long serialVersionUID = 1L;
18	21	private static Finder<Long, Role> find = new Finder<Long, Role>(Long.class,
19	22	Role.class);
20		-
21		- public static final Long MANAGER = 1l;
22		- public static final Long MEMBER = 2l;
23		- public static final Long SITEMANAGER = 3l;
24		- public static final Long ANONYMOUS = 4l;
25		-
	23	+
	24	+
	25	+
26	26	@Id
27	27	public Long id;
28		-
	28	+
29	29	public String name;
30	30	public boolean active;
31		-
	31	+
32	32	@ManyToMany
33	33	public List<Permission> permissions;
34		-
	34	+
35	35	@OneToMany(mappedBy = "role", cascade = CascadeType.ALL)
36	36	public List<ProjectUser> projectUsers;
37	37
38		-
39	38	public static Role findById(Long id) {
40	39	return find.byId(id);
	40	+ }
	41	+
	42	+ public static Role findByRoleType(RoleType roleType) {
	43	+ return find.byId(roleType.roleType());
41	44	}
42	45
43	46	public static Role findByName(String name) {
...	...	@@ -46,7 +49,7 @@
46	49
47	50	/**
48	51	* 프로젝트와 관련된 롤들의 목록을 반환합니다.
49		- *
	52	+ *
50	53	* @return
51	54	*/
52	55	public static List<Role> getActiveRoles() {
...	...	@@ -54,10 +57,10 @@
54	57	.findList();
55	58	return projectRoles;
56	59	}
57		-
	60	+
58	61	/**
59	62	* 해당 유저가 해당 프로젝트에서 가지고 있는 롤을 제공합니다.
60		- *
	63	+ *
61	64	* @param userId
62	65	* @param projectId
63	66	* @return

...	...	@@ -1,5 +1,5 @@
1	1	@(userId: String, projectId: Long, resource: models.enumeration.Resource, operation: models.enumeration.Operation, resourceId: Long = null)(content: => Html)
2	2
3		-@if(utils.RoleCheck.permissionCheck(userId, projectId, resource, operation, resourceId)){
	3	+@if(utils.AccessControl.isAllowed(userId, projectId, resource, operation, resourceId)){
4	4	@content
5	5	}

...	...	@@ -2,24 +2,26 @@
2	2
3	3	import models.enumeration.Operation;
4	4	import models.enumeration.Resource;
	5	+import models.enumeration.RoleType;
5	6
6	7	import org.junit.Test;
7		-
8		-import com.avaje.ebean.Ebean;
9	8
10	9	import static org.fest.assertions.Assertions.assertThat;
11	10
12	11	public class PermissionTest extends ModelTest<Permission> {
13	12	@Test
14		- public void permissionCheck() throws Exception {
	13	+ public void hasPermission() throws Exception {
15	14	// Given
16	15	Long hobi = 2l;
17	16	Long nForge4java = 1l;
18	17	Long jindo = 2l;
	18	+ RoleType anonymous = RoleType.ANONYMOUS;
19	19	// When
20	20	// Then
21		- assertThat(Permission.permissionCheck(hobi, nForge4java, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(true);
22		- assertThat(Permission.permissionCheck(hobi, jindo, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(false);
	21	+ assertThat(Permission.hasPermission(hobi, nForge4java, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(true);
	22	+ assertThat(Permission.hasPermission(hobi, jindo, Resource.PROJECT_SETTING, Operation.WRITE)).isEqualTo(false);
	23	+ assertThat(Permission.hasPermission(anonymous, Resource.BOARD_POST, Operation.READ)).isEqualTo(true);
	24	+ assertThat(Permission.hasPermission(anonymous, Resource.BOARD_POST, Operation.DELETE)).isEqualTo(false);
23	25	}
24	26
25	27	@Test
...	...	@@ -28,16 +30,5 @@
28	30	// When
29	31	// Then
30	32	assertThat(Permission.findPermissionsByRole(1l).size()).isEqualTo(63);
31		- }
32		-
33		- @Test
34		- public void permissionCheckByRole() throws Exception {
35		- // Given
36		- // When
37		- boolean result1 = Permission.permissionCheckByRole(Role.ANONYMOUS, Resource.BOARD_POST, Operation.READ);
38		- boolean result2 = Permission.permissionCheckByRole(Role.ANONYMOUS, Resource.BOARD_POST, Operation.DELETE);
39		- // Then
40		- assertThat(result1).isEqualTo(true);
41		- assertThat(result2).isEqualTo(false);
42	33	}
43	34	}

...	...	@@ -2,6 +2,8 @@
2	2
3	3	import java.util.List;
4	4
	5	+import models.enumeration.RoleType;
	6	+
5	7	import org.junit.Test;
6	8
7	9	import static org.fest.assertions.Assertions.assertThat;
...	...	@@ -15,7 +17,7 @@
15	17	public void findById() throws Exception {
16	18	// Given
17	19	// When
18		- Role role = Role.findById(1l);
	20	+ Role role = Role.findByRoleType(RoleType.MANAGER);
19	21	// Then
20	22	assertThat(role.name).isEqualTo("manager");
21	23	}

...	...	@@ -11,24 +11,24 @@
11	11	import play.db.ebean.Model;
12	12	import play.db.ebean.Model.Finder;
13	13
14		-public class RoleCheckTest extends ModelTest<Role>{
	14	+public class AccessControlTest extends ModelTest<Role>{
15	15	@Test
16		- public void permissionCheck() throws Exception {
	16	+ public void isAllowed() throws Exception {
17	17	// Given
18	18	Long userSessionId1 = 1l;
19	19	Long userSessionId2 = 2l;
20	20	Long projectId1 = 1l;
21	21	Long projectId2 = 3l;
22	22	// When
23		- boolean result1 = RoleCheck.permissionCheck(userSessionId1, projectId1, Resource.PROJECT_SETTING, Operation.WRITE, null);
24		- boolean result2 = RoleCheck.permissionCheck(userSessionId2, projectId2, Resource.BOARD_POST, Operation.READ, null);
	23	+ boolean result1 = AccessControl.isAllowed(userSessionId1, projectId1, Resource.PROJECT_SETTING, Operation.WRITE, null);
	24	+ boolean result2 = AccessControl.isAllowed(userSessionId2, projectId2, Resource.BOARD_POST, Operation.READ, null);
25	25	// Then
26	26	assertThat(result1).isEqualTo(true);
27	27	assertThat(result2).isEqualTo(false);
28	28	}
29	29
30	30	@Test
31		- public void authorCheck() throws Exception {
	31	+ public void isAuthor() throws Exception {
32	32	// Given
33	33	Long userId1 = 2l;
34	34	Long resourceId1 = 1l;
...	...	@@ -37,8 +37,8 @@
37	37	Long resourceId2 = 1l;
38	38	Finder<Long, Issue> issueFinder = new Finder<Long, Issue>(Long.class, Issue.class);
39	39	// When
40		- boolean result1 = RoleCheck.authorCheck(userId1, resourceId1, postFinder);
41		- boolean result2 = RoleCheck.authorCheck(userId2, resourceId2, issueFinder);
	40	+ boolean result1 = AccessControl.isAuthor(userId1, resourceId1, postFinder);
	41	+ boolean result2 = AccessControl.isAuthor(userId2, resourceId2, issueFinder);
42	42	// Then
43	43	assertThat(result1).isEqualTo(true);
44	44	assertThat(result2).isEqualTo(false);

Delete comment