From a8e82ee558463f6dd30459e999e5db16231ac1d6 Mon Sep 17 00:00:00 2001 From: liyitian <2717355959@qq.com> Date: Sun, 14 Dec 2025 16:43:11 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=E4=BD=9C=E4=B8=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/PlaylistServiceImpl.java | 4 +- .../service/PermissionCheckTest.java | 80 +++++++++++++++++++ 2 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 src/test/java/com/vibevault/service/PermissionCheckTest.java diff --git a/src/main/java/com/vibevault/service/PlaylistServiceImpl.java b/src/main/java/com/vibevault/service/PlaylistServiceImpl.java index 18df83c..5c0f43d 100644 --- a/src/main/java/com/vibevault/service/PlaylistServiceImpl.java +++ b/src/main/java/com/vibevault/service/PlaylistServiceImpl.java @@ -186,12 +186,12 @@ public class PlaylistServiceImpl implements PlaylistService { * [Challenge] 检查用户是否有权限操作指定歌单 * 规则:歌单所有者或管理员可以操作 */ - private void checkPermission(Playlist playlist, String username) { + protected void checkPermission(Playlist playlist, String username) { User currentUser = userRepository.findByUsername(username) .orElseThrow(() -> new ResourceNotFoundException("User not found: " + username)); // 检查是否是歌单所有者或管理员 - if (!playlist.getOwner().getUsername().equals(username) && !currentUser.getRole().equals("ROLE_ADMIN")) { + if (!playlist.getOwner().getUsername().equals(currentUser.getUsername()) && !currentUser.getRole().equals("ROLE_ADMIN")) { throw new UnauthorizedException("You don't have permission to modify this playlist"); } } diff --git a/src/test/java/com/vibevault/service/PermissionCheckTest.java b/src/test/java/com/vibevault/service/PermissionCheckTest.java new file mode 100644 index 0000000..ae896c0 --- /dev/null +++ b/src/test/java/com/vibevault/service/PermissionCheckTest.java @@ -0,0 +1,80 @@ +package com.vibevault.service; + +import com.vibevault.exception.UnauthorizedException; +import com.vibevault.model.Playlist; +import com.vibevault.model.User; +import com.vibevault.repository.UserRepository; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +import java.util.Optional; + +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.Mockito.*; + +class PermissionCheckTest { + + @Mock + private UserRepository userRepository; + + private PlaylistServiceImpl playlistService; + + @BeforeEach + void setUp() { + MockitoAnnotations.openMocks(this); + // 创建一个没有其他依赖的 PlaylistServiceImpl 实例 + playlistService = new PlaylistServiceImpl(null, userRepository); + } + + @Test + void testOwnerCanModifyPlaylist() { + // 创建用户和歌单 + User owner = new User("testuser", "password"); + owner.setRole("ROLE_USER"); + Playlist playlist = new Playlist("Test Playlist", owner); + + // 模拟用户存储库 + when(userRepository.findByUsername("testuser")).thenReturn(Optional.of(owner)); + + // 所有者应该能够修改自己的歌单,不应该抛出异常 + assertDoesNotThrow(() -> playlistService.checkPermission(playlist, "testuser")); + } + + @Test + void testNonOwnerCannotModifyPlaylist() { + // 创建所有者用户和歌单 + User owner = new User("owner", "password"); + owner.setRole("ROLE_USER"); + Playlist playlist = new Playlist("Test Playlist", owner); + + // 创建另一个用户 + User otherUser = new User("otheruser", "password"); + otherUser.setRole("ROLE_USER"); + + // 模拟用户存储库 + when(userRepository.findByUsername("otheruser")).thenReturn(Optional.of(otherUser)); + + // 非所有者不应该能够修改歌单,应该抛出 UnauthorizedException + assertThrows(UnauthorizedException.class, () -> playlistService.checkPermission(playlist, "otheruser")); + } + + @Test + void testAdminCanModifyAnyPlaylist() { + // 创建所有者用户和歌单 + User owner = new User("owner", "password"); + owner.setRole("ROLE_USER"); + Playlist playlist = new Playlist("Test Playlist", owner); + + // 创建管理员用户 + User adminUser = new User("admin", "password"); + adminUser.setRole("ROLE_ADMIN"); + + // 模拟用户存储库 + when(userRepository.findByUsername("admin")).thenReturn(Optional.of(adminUser)); + + // 管理员应该能够修改任何歌单,不应该抛出异常 + assertDoesNotThrow(() -> playlistService.checkPermission(playlist, "admin")); + } +}