liyitian/2311061111-lyt
1
0
Fork 0
generated from Java-2025Fall/final-vibevault-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

完成作业
Some checks failed
autograde-final-vibevault / check-trigger (push) Successful in 13s
Details
autograde-final-vibevault / grade (push) Failing after 51s
Details

Browse Source
This commit is contained in:
liyitian 2025-12-14 16:43:11 +08:00
parent 9a9f5d4eb2
commit a8e82ee558
2 changed files with 82 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/com/vibevault/service/PlaylistServiceImpl.java
View File

@ -186,12 +186,12 @@ public class PlaylistServiceImpl implements PlaylistService {
* [Challenge] 检查用户是否有权限操作指定歌单 * [Challenge] 检查用户是否有权限操作指定歌单
* 规则歌单所有者或管理员可以操作 * 规则歌单所有者或管理员可以操作
*/ */
private void checkPermission(Playlist playlist, String username) { protected void checkPermission(Playlist playlist, String username) {
User currentUser = userRepository.findByUsername(username) User currentUser = userRepository.findByUsername(username)
.orElseThrow(() -> new ResourceNotFoundException("User not found: " + username)); .orElseThrow(() -> new ResourceNotFoundException("User not found: " + username));
// 检查是否是歌单所有者或管理员 // 检查是否是歌单所有者或管理员
if (!playlist.getOwner().getUsername().equals(username) && !currentUser.getRole().equals("ROLE_ADMIN")) { if (!playlist.getOwner().getUsername().equals(currentUser.getUsername()) && !currentUser.getRole().equals("ROLE_ADMIN")) {
throw new UnauthorizedException("You don't have permission to modify this playlist"); throw new UnauthorizedException("You don't have permission to modify this playlist");
} }
} }

80
src/test/java/com/vibevault/service/PermissionCheckTest.java Normal file
View File

@ -0,0 +1,80 @@
package com.vibevault.service;
import com.vibevault.exception.UnauthorizedException;
import com.vibevault.model.Playlist;
import com.vibevault.model.User;
import com.vibevault.repository.UserRepository;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
class PermissionCheckTest {
@Mock
private UserRepository userRepository;
private PlaylistServiceImpl playlistService;
@BeforeEach
void setUp() {
MockitoAnnotations.openMocks(this);
// 创建一个没有其他依赖的 PlaylistServiceImpl 实例
playlistService = new PlaylistServiceImpl(null, userRepository);
}
@Test
void testOwnerCanModifyPlaylist() {
// 创建用户和歌单
User owner = new User("testuser", "password");
owner.setRole("ROLE_USER");
Playlist playlist = new Playlist("Test Playlist", owner);
// 模拟用户存储库
when(userRepository.findByUsername("testuser")).thenReturn(Optional.of(owner));
// 所有者应该能够修改自己的歌单不应该抛出异常
assertDoesNotThrow(() -> playlistService.checkPermission(playlist, "testuser"));
}
@Test
void testNonOwnerCannotModifyPlaylist() {
// 创建所有者用户和歌单
User owner = new User("owner", "password");
owner.setRole("ROLE_USER");
Playlist playlist = new Playlist("Test Playlist", owner);
// 创建另一个用户
User otherUser = new User("otheruser", "password");
otherUser.setRole("ROLE_USER");
// 模拟用户存储库
when(userRepository.findByUsername("otheruser")).thenReturn(Optional.of(otherUser));
// 非所有者不应该能够修改歌单应该抛出 UnauthorizedException
assertThrows(UnauthorizedException.class, () -> playlistService.checkPermission(playlist, "otheruser"));
}
@Test
void testAdminCanModifyAnyPlaylist() {
// 创建所有者用户和歌单
User owner = new User("owner", "password");
owner.setRole("ROLE_USER");
Playlist playlist = new Playlist("Test Playlist", owner);
// 创建管理员用户
User adminUser = new User("admin", "password");
adminUser.setRole("ROLE_ADMIN");
// 模拟用户存储库
when(userRepository.findByUsername("admin")).thenReturn(Optional.of(adminUser));
// 管理员应该能够修改任何歌单不应该抛出异常
assertDoesNotThrow(() -> playlistService.checkPermission(playlist, "admin"));
}
}