Merge branches 'DEV' and 'hot-fix-grouplist' of http://git.mooctest.net/summer/main-site into hot-fix-grouplist

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/configure/ShiroConfiguration.java

@@ -1,6 +1,7 @@
 package cn.iselab.mooctest.site.configure;
 
 import cn.iselab.mooctest.site.configure.realm.ShiroRealm;
+import org.apache.shiro.cache.ehcache.EhCacheManager;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.spring.LifecycleBeanPostProcessor;
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
@@ -13,7 +14,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.DependsOn;
 
 import javax.servlet.Filter;
-import javax.sql.DataSource;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -39,21 +39,8 @@ public class ShiroConfiguration {
      */
     @Bean(name = "shiroRealm")
     @DependsOn("lifecycleBeanPostProcessor")
-    public ShiroRealm shiroRealm(DataSource dataSource) {
+    public ShiroRealm shiroRealm() {
         ShiroRealm realm = new ShiroRealm();
-        realm.setDataSource(dataSource);
-        realm.setPermissionsLookupEnabled(true);
-        realm.setAuthenticationQuery("SELECT password FROM user WHERE email = ? or mobile = ?");
-        realm.setPermissionsQuery("SELECT CONCAT_WS(':',p.resource, p.operation) " +
-                "FROM permission p, role r, role_2_permission r2p " +
-                "WHERE p.id = r2p.permission_id " +
-                "AND r.id = r2p.role_id " +
-                "AND r.name = ?");
-        realm.setUserRolesQuery("SELECT r.name " +
-                "FROM role r, user u, user_2_role u2r " +
-                "WHERE (u.email = ? OR u.mobile = ?) " +
-                "AND u.id = u2r.user_id " +
-                "AND u2r.role_id = r.id");
         return realm;
     }
 
@@ -61,11 +48,11 @@ public class ShiroConfiguration {
      * EhCacheManager，缓存管理，用户登陆成功后，把用户信息和权限信息缓存起来，
      * 然后每次用户请求时，放入用户的session中，如果不设置这个bean，每个请求都会查询一次数据库。
      */
-//    @Bean(name = "ehCacheManager")
-//    @DependsOn("lifecycleBeanPostProcessor")
-//    public EhCacheManager ehCacheManager() {
-//        return new EhCacheManager();
-//    }
+    @Bean(name = "ehCacheManager")
+    @DependsOn("lifecycleBeanPostProcessor")
+    public EhCacheManager ehCacheManager() {
+        return new EhCacheManager();
+    }
 
     /**
      * SecurityManager，权限管理，这个类组合了登陆，登出，权限，session的处理，是个比较重要的类。
@@ -74,7 +61,7 @@ public class ShiroConfiguration {
     public DefaultWebSecurityManager securityManager(ShiroRealm shiroRealm) {
         DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
         securityManager.setRealm(shiroRealm);
-//        securityManager.setCacheManager(ehCacheManager());
+        securityManager.setCacheManager(ehCacheManager());
         return securityManager;
     }
 
@@ -107,7 +94,6 @@ public class ShiroConfiguration {
         filterChainDefinitionManager.put("/api/common/password/**","anon");
         shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager);
 
-
         shiroFilterFactoryBean.setSuccessUrl("/");
         shiroFilterFactoryBean.setUnauthorizedUrl("/403");
         return shiroFilterFactoryBean;

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/configure/realm/ShiroRealm.java

@@ -1,507 +1,132 @@
 package cn.iselab.mooctest.site.configure.realm;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
 
-import cn.iselab.mooctest.site.models.CasePermission;
-import cn.iselab.mooctest.site.models.GroupPermission;
-import cn.iselab.mooctest.site.models.TaskPermission;
+import cn.iselab.mooctest.site.models.Permission;
+import cn.iselab.mooctest.site.models.Role;
 import cn.iselab.mooctest.site.models.User;
-import cn.iselab.mooctest.site.service.CasePermissionService;
-import cn.iselab.mooctest.site.service.GroupPermissionService;
-import cn.iselab.mooctest.site.service.TaskPermissionService;
+import cn.iselab.mooctest.site.models.instancePermission.CasePermission;
+import cn.iselab.mooctest.site.models.instancePermission.GroupPermission;
+import cn.iselab.mooctest.site.models.instancePermission.ReportPermission;
+import cn.iselab.mooctest.site.models.instancePermission.TaskPermission;
+import cn.iselab.mooctest.site.service.PermissionService;
+import cn.iselab.mooctest.site.service.RoleService;
 import cn.iselab.mooctest.site.service.UserService;
-import org.apache.shiro.SecurityUtils;
+import cn.iselab.mooctest.site.service.instancePermission.CasePermissionService;
+import cn.iselab.mooctest.site.service.instancePermission.GroupPermissionService;
+import cn.iselab.mooctest.site.service.instancePermission.ReportPermissionService;
+import cn.iselab.mooctest.site.service.instancePermission.TaskPermissionService;
 import org.apache.shiro.authc.*;
-import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.Permission;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.config.ConfigurationException;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
-import org.apache.shiro.util.ByteSource;
-import org.apache.shiro.util.JdbcUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import javax.sql.DataSource;
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.util.Collection;
-import java.util.LinkedHashSet;
+import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-
+import java.util.stream.Collectors;
 
 /**
- * Realm that allows authentication and authorization via JDBC calls.  The default queries suggest a potential schema
- * for retrieving the user's password for authentication, and querying for a user's roles and permissions.  The
- * default queries can be overridden by setting the query properties of the realm.
- * <p/>
- * If the default implementation
- * of authentication and authorization cannot handle your schema, this class can be subclassed and the
- * appropriate methods overridden. (usually {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)},
- * {@link #getRoleNamesForUser(java.sql.Connection, String)}, and/or {@link #getPermissions(java.sql.Connection, String, java.util.Collection)}
- * <p/>
- * This realm supports caching by extending from {@link org.apache.shiro.realm.AuthorizingRealm}.
- *
- * @since 0.2
+ * @author sean
+ * @date 2017-07-08.
  */
 public class ShiroRealm extends AuthorizingRealm {
 
-    //TODO - complete JavaDoc
-
-    /*--------------------------------------------
-    |             C O N S T A N T S             |
-    ============================================*/
-    /**
-     * The default query used to retrieve account data for the user.
-     */
-    protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?";
-
-    /**
-     * The default query used to retrieve account data for the user when {@link #saltStyle} is COLUMN.
-     */
-    protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from users where username = ?";
-
-    /**
-     * The default query used to retrieve the roles that apply to a user.
-     */
-    protected static final String DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where username = ?";
-
-    /**
-     * The default query used to retrieve permissions that apply to a particular role.
-     */
-    protected static final String DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions where role_name = ?";
-
-    private static final Logger LOG = LoggerFactory.getLogger(ShiroRealm.class);
-
-    /**
-     * Password hash salt configuration. <ul>
-     * <li>NO_SALT - password hashes are not salted.</li>
-     * <li>CRYPT - password hashes are stored in unix crypt format.</li>
-     * <li>COLUMN - salt is in a separate column in the database.</li>
-     * <li>EXTERNAL - salt is not stored in the database. {@link #getSaltForUser(String)} will be called
-     * to get the salt</li></ul>
-     */
-    public enum SaltStyle {
-        NO_SALT, CRYPT, COLUMN, EXTERNAL
-    }
-
-    ;
-
-    /*--------------------------------------------
-    |    I N S T A N C E   V A R I A B L E S    |
-    ============================================*/
-    protected DataSource dataSource;
-
-    protected String authenticationQuery = DEFAULT_AUTHENTICATION_QUERY;
-
-    protected String userRolesQuery = DEFAULT_USER_ROLES_QUERY;
-
-    protected String permissionsQuery = DEFAULT_PERMISSIONS_QUERY;
-
-    protected boolean permissionsLookupEnabled = false;
-
-    protected SaltStyle saltStyle = SaltStyle.NO_SALT;
-
-    /*--------------------------------------------
-    |         C O N S T R U C T O R S           |
-    ============================================*/
-
-    /*--------------------------------------------
-    |  A C C E S S O R S / M O D I F I E R S    |
-    ============================================*/
-
-    /**
-     * Sets the datasource that should be used to retrieve connections used by this realm.
-     *
-     * @param dataSource the SQL data source.
-     */
-    public void setDataSource(DataSource dataSource) {
-        this.dataSource = dataSource;
-    }
-
-    /**
-     * Overrides the default query used to retrieve a user's password during authentication.  When using the default
-     * implementation, this query must take the user's username as a single parameter and return a single result
-     * with the user's password as the first column.  If you require a solution that does not match this query
-     * structure, you can override {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)} or
-     * just {@link #getPasswordForUser(java.sql.Connection, String)}
-     *
-     * @param authenticationQuery the query to use for authentication.
-     * @see #DEFAULT_AUTHENTICATION_QUERY
-     */
-    public void setAuthenticationQuery(String authenticationQuery) {
-        this.authenticationQuery = authenticationQuery;
-    }
-
-    /**
-     * Overrides the default query used to retrieve a user's roles during authorization.  When using the default
-     * implementation, this query must take the user's username as a single parameter and return a row
-     * per role with a single column containing the role name.  If you require a solution that does not match this query
-     * structure, you can override {@link #doGetAuthorizationInfo(PrincipalCollection)} or just
-     * {@link #getRoleNamesForUser(java.sql.Connection, String)}
-     *
-     * @param userRolesQuery the query to use for retrieving a user's roles.
-     * @see #DEFAULT_USER_ROLES_QUERY
-     */
-    public void setUserRolesQuery(String userRolesQuery) {
-        this.userRolesQuery = userRolesQuery;
-    }
-
-    /**
-     * Overrides the default query used to retrieve a user's permissions during authorization.  When using the default
-     * implementation, this query must take a role name as the single parameter and return a row
-     * per permission with three columns containing the fully qualified name of the permission class, the permission
-     * name, and the permission actions (in that order).  If you require a solution that does not match this query
-     * structure, you can override {@link #doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)} or just
-     * {@link #getPermissions(java.sql.Connection, String, java.util.Collection)}</p>
-     * <p/>
-     * <b>Permissions are only retrieved if you set {@link #permissionsLookupEnabled} to true.  Otherwise,
-     * this query is ignored.</b>
-     *
-     * @param permissionsQuery the query to use for retrieving permissions for a role.
-     * @see #DEFAULT_PERMISSIONS_QUERY
-     * @see #setPermissionsLookupEnabled(boolean)
-     */
-    public void setPermissionsQuery(String permissionsQuery) {
-        this.permissionsQuery = permissionsQuery;
-    }
-
-    /**
-     * Enables lookup of permissions during authorization.  The default is "false" - meaning that only roles
-     * are associated with a user.  Set this to true in order to lookup roles <b>and</b> permissions.
-     *
-     * @param permissionsLookupEnabled true if permissions should be looked up during authorization, or false if only
-     *                                 roles should be looked up.
-     */
-    public void setPermissionsLookupEnabled(boolean permissionsLookupEnabled) {
-        this.permissionsLookupEnabled = permissionsLookupEnabled;
-    }
-
-    /**
-     * Sets the salt style.  See {@link #saltStyle}.
-     *
-     * @param saltStyle new SaltStyle to set.
-     */
-    public void setSaltStyle(SaltStyle saltStyle) {
-        this.saltStyle = saltStyle;
-        if (saltStyle == SaltStyle.COLUMN && authenticationQuery.equals(DEFAULT_AUTHENTICATION_QUERY)) {
-            authenticationQuery = DEFAULT_SALTED_AUTHENTICATION_QUERY;
-        }
-    }
-
-    /*--------------------------------------------
-    |               M E T H O D S               |
-    ============================================*/
-
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
-
-        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
-        String username = upToken.getUsername();
-
-        // Null username is invalid
-        if (username == null) {
-            throw new AccountException("Null usernames are not allowed by this realm.");
-        }
+    @Autowired
+    private UserService userService;
 
-        Connection conn = null;
-        SimpleAuthenticationInfo info = null;
-        try {
-            conn = dataSource.getConnection();
-
-            String password = null;
-            String salt = null;
-            switch (saltStyle) {
-                case NO_SALT:
-                    password = getPasswordForUser(conn, username)[0];
-                    break;
-                case CRYPT:
-                    // TODO: separate password and hash from getPasswordForUser[0]
-                    throw new ConfigurationException("Not implemented yet");
-                    //break;
-                case COLUMN:
-                    String[] queryResults = getPasswordForUser(conn, username);
-                    password = queryResults[0];
-                    salt = queryResults[1];
-                    break;
-                case EXTERNAL:
-                    password = getPasswordForUser(conn, username)[0];
-                    salt = getSaltForUser(username);
-            }
-
-            if (password == null) {
-                throw new UnknownAccountException("No account found for user [" + username + "]");
-            }
-
-            info = new SimpleAuthenticationInfo(username, password.toCharArray(), getName());
-
-            if (salt != null) {
-                info.setCredentialsSalt(ByteSource.Util.bytes(salt));
-            }
-
-        } catch (SQLException e) {
-            final String message = "There was a SQL error while authenticating user [" + username + "]";
-            if (LOG.isErrorEnabled()) {
-                LOG.error(message, e);
-            }
-
-            // Rethrow any SQL errors as an authentication exception
-            throw new AuthenticationException(message, e);
-        } finally {
-            JdbcUtils.closeConnection(conn);
-        }
+    @Autowired
+    private GroupPermissionService groupPermissionService;
 
-        return info;
-    }
+    @Autowired
+    private TaskPermissionService taskPermissionService;
 
-    private String[] getPasswordForUser(Connection conn, String username) throws SQLException {
-
-        String[] result;
-        boolean returningSeparatedSalt = false;
-        switch (saltStyle) {
-            case NO_SALT:
-            case CRYPT:
-            case EXTERNAL:
-                result = new String[1];
-                break;
-            default:
-                result = new String[2];
-                returningSeparatedSalt = true;
-        }
+    @Autowired
+    private CasePermissionService casePermissionService;
 
-        PreparedStatement ps = null;
-        ResultSet rs = null;
-        try {
-            ps = conn.prepareStatement(authenticationQuery);
-            ps.setString(1, username);
-            ps.setString(2, username);
-
-            // Execute query
-            rs = ps.executeQuery();
-
-            // Loop over results - although we are only expecting one result, since usernames should be unique
-            boolean foundResult = false;
-            while (rs.next()) {
-
-                // Check to ensure only one row is processed
-                if (foundResult) {
-                    throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique.");
-                }
-
-                result[0] = rs.getString(1);
-                if (returningSeparatedSalt) {
-                    result[1] = rs.getString(2);
-                }
-
-                foundResult = true;
-            }
-        } finally {
-            JdbcUtils.closeResultSet(rs);
-            JdbcUtils.closeStatement(ps);
-        }
+    @Autowired
+    private ReportPermissionService reportPermissionService;
 
-        return result;
-    }
+    @Autowired
+    private RoleService roleService;
 
-    /**
-     * This implementation of the interface expects the principals collection to return a String username keyed off of
-     * this realm's {@link #getName() name}
-     *
-     * @see #getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
-     */
+    @Autowired
+    private PermissionService permissionService;
 
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+        String username = (String) principals.getPrimaryPrincipal();
+        Long userId = userService.findByUsername(username).getId();
 
-        //null usernames are invalid
-        if (principals == null) {
-            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
-        }
+        List<Role> roles = roleService.getRolesOfUser(username);
 
-        String username = (String) getAvailablePrincipal(principals);
-
-        Connection conn = null;
-        Set<String> roleNames = null;
-        Set<String> permissions = null;
-        try {
-            conn = dataSource.getConnection();
-
-            // Retrieve roles and permissions from database
-            roleNames = getRoleNamesForUser(conn, username);
-            if (permissionsLookupEnabled) {
-                permissions = getPermissions(conn, username, roleNames);
-            }
-
-        } catch (SQLException e) {
-            final String message = "There was a SQL error while authorizing user [" + username + "]";
-            if (LOG.isErrorEnabled()) {
-                LOG.error(message, e);
-            }
-
-            // Rethrow any SQL errors as an authorization exception
-            throw new AuthorizationException(message, e);
-        } finally {
-            JdbcUtils.closeConnection(conn);
-        }
+        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
+        info.setRoles(roles.stream().map(Role::getName).collect(Collectors.toSet()));
 
-        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
+        Set<String> permissions = new HashSet<>();
+        permissions.addAll(getRolePermissions(roles));
+        permissions.addAll(getTaskPermissions(userId));
+        permissions.addAll(getGroupPermissions(userId));
+        permissions.addAll(getCasePermissions(userId));
+        permissions.addAll(getReportPermissions(userId));
         info.setStringPermissions(permissions);
-        return info;
 
+        return info;
     }
 
+    private Set<String> getRolePermissions(List<Role> roles) {
 
-    protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException {
-        PreparedStatement ps = null;
-        ResultSet rs = null;
-        Set<String> roleNames = new LinkedHashSet<String>();
-        try {
-            ps = conn.prepareStatement(userRolesQuery);
-            ps.setString(1, username);
-            ps.setString(2, username);
-
-            // Execute query
-            rs = ps.executeQuery();
-
-            // Loop over results and add each returned role to a set
-            while (rs.next()) {
-
-                String roleName = rs.getString(1);
-
-                // Add the role to the list of names if it isn't null
-                if (roleName != null) {
-                    roleNames.add(roleName);
-                } else {
-                    if (LOG.isWarnEnabled()) {
-                        LOG.warn("Null role name found while retrieving role names for user [" + username + "]");
-                    }
-                }
-            }
-        } finally {
-            JdbcUtils.closeResultSet(rs);
-            JdbcUtils.closeStatement(ps);
+        List<Permission> permissions = new ArrayList<>();
+        for (Role role : roles) {
+            List<Permission> permissionList = permissionService.findByRoleId(role.getId());
+            permissions.addAll(permissionService.findByRoleId(role.getId()));
         }
-        return roleNames;
-    }
-
-    protected Set<String> getPermissions(Connection conn, String username, Collection<String> roleNames) throws SQLException {
-
-        PreparedStatement ps = null;
-        Set<String> permissions = new LinkedHashSet<String>();
-        try {
-            ps = conn.prepareStatement(permissionsQuery);
-            for (String roleName : roleNames) {
+        return permissions.stream().map(Permission::toString).collect(Collectors.toSet());
 
-                ps.setString(1, roleName);
-
-                ResultSet rs = null;
+    }
 
-                try {
-                    // Execute query
-                    rs = ps.executeQuery();
+    private Set<String> getTaskPermissions(Long userId) {
 
-                    // Loop over results and add each returned role to a set
-                    while (rs.next()) {
+        List<TaskPermission> taskPermissions = taskPermissionService.getTaskPermissionsByuserId(userId);
+        return taskPermissions.stream().map(TaskPermission::toString).collect(Collectors.toSet());
 
-                        String permissionString = rs.getString(1);
+    }
 
-                        // Add the permission to the set of permissions
-                        permissions.add(permissionString);
-                    }
-                } finally {
-                    JdbcUtils.closeResultSet(rs);
-                }
+    private Set<String> getReportPermissions(Long userId) {
 
-            }
-        } finally {
-            JdbcUtils.closeStatement(ps);
-        }
+        List<ReportPermission> reportPermissions = reportPermissionService.getReportPermissionsByuserId(userId);
+        return reportPermissions.stream().map(ReportPermission::toString).collect(Collectors.toSet());
 
-        return permissions;
     }
 
-    protected String getSaltForUser(String username) {
-        return username;
+    private Set<String> getGroupPermissions(Long userId) {
+        List<GroupPermission> groupPermissions = groupPermissionService.getGroupPermissionByUserId(userId);
+        return groupPermissions.stream().map(GroupPermission::toString).collect(Collectors.toSet());
     }
 
-    @Autowired
-    private TaskPermissionService taskPermissionService;
-
-    @Autowired
-    private GroupPermissionService groupPermissionService;
-
-    @Autowired
-    private CasePermissionService casePermissionService;
+    private Set<String> getCasePermissions(Long userId) {
+        List<CasePermission> casePermissions = casePermissionService.getCasePermissionsByuserId(userId);
+        return casePermissions.stream().map(CasePermission::toString).collect(Collectors.toSet());
+    }
 
-    @Autowired
-    private UserService userService;
     @Override
-    protected boolean isPermitted(Permission permission, AuthorizationInfo info) {
-        User user = userService.findByUsername((String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal());
-        if (permission instanceof TaskPermission) {
-            TaskPermission taskPermission = (TaskPermission) permission;
-            return checkTaskPermission(taskPermission, user.getId());
-        } else if (permission instanceof GroupPermission) {
-            GroupPermission groupPermission = (GroupPermission) permission;
-            return checkGroupPermission(groupPermission, user.getId());
-        } else if (permission instanceof CasePermission) {
-            CasePermission casePermission = (CasePermission) permission;
-            return checkCasePermission(casePermission, user.getId());
-        }
-        return super.isPermitted(permission, info);
-    }
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
 
-    private boolean checkTaskPermission(TaskPermission taskPermission, Long userId) {
-        List<TaskPermission> taskPermissions = taskPermissionService.getTaskPermissionsByuserId(userId);
-        for (TaskPermission tp: taskPermissions){
-           if (tp.implies(taskPermission)){
-               return true;
-           }
-        }
-        return false;
-    }
+        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
+        String username = upToken.getUsername();
+        User user = userService.findByUsername(username);
 
-    private boolean checkGroupPermission(GroupPermission groupPermission, Long userId) {
-        List<GroupPermission> groupPermissions = groupPermissionService.getGroupPermissionByUserId(userId);
-        for (GroupPermission gp: groupPermissions){
-            if (gp.implies(groupPermission)){
-                return true;
-            }
+        // Null username is invalid
+        if (user == null) {
+            throw new AccountException("Null usernames are not allowed by this realm.");
         }
-        return false;
-    }
 
-    private boolean checkCasePermission(CasePermission casePermission, Long userId) {
-        List<CasePermission> casePermissions = casePermissionService.getCasePermissionsByuserId(userId);
-        for (CasePermission cp: casePermissions){
-            if (cp.implies(casePermission)){
-                return true;
-            }
+        if (!user.getPassword().equals(new String(upToken.getPassword()))) {
+            throw new IncorrectCredentialsException();
         }
-        return false;
+        return new SimpleAuthenticationInfo(username, user.getPassword(), getName());
 
     }
-}
-
 
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/PermissionDao.java

@@ -17,6 +17,6 @@ public interface PermissionDao extends CrudRepository<Permission, Long> {
     @Query("SELECT p FROM Permission p " +
             "WHERE p.id in " +
             "(SELECT r2p.permissionId FROM Role2Permission r2p, User2Role u2r, User u " +
-            "WHERE u.id = :userId AND u2r.roleId = r2p.roleId AND u.id =u2r.userId)")
+            "WHERE u.id = :userId AND u2r.roleId = r2p.roleId AND u.id = u2r.userId)")
     List<Permission> findByUserId(@Param("userId") Long userId);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/Role2MenuDao.java

@@ -0,0 +1,17 @@
+package cn.iselab.mooctest.site.dao;
+
+import cn.iselab.mooctest.site.models.Role2Menu;
+import org.springframework.data.repository.CrudRepository;
+
+import javax.transaction.Transactional;
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@Transactional
+public interface Role2MenuDao extends CrudRepository<Role2Menu, Long> {
+
+    List<Role2Menu> findByRoleId(Long roleId);
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/Role2PermissionDao.java

@@ -4,6 +4,7 @@ import cn.iselab.mooctest.site.models.Role2Permission;
 import org.springframework.data.repository.CrudRepository;
 
 import javax.transaction.Transactional;
+import java.util.List;
 
 /**
  * @author sean
@@ -12,5 +13,5 @@ import javax.transaction.Transactional;
 @Transactional
 public interface Role2PermissionDao extends CrudRepository<Role2Permission, Long>{
 
-    Role2Permission findByRoleId(Long roleId);
+    List<Role2Permission> findByRoleId(Long roleId);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/RoleDao.java

@@ -11,4 +11,5 @@ import javax.transaction.Transactional;
 @Transactional
 public interface RoleDao extends CrudRepository<Role, Long> {
 
+    Role findByName(String name);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/UserDao.java

@@ -1,7 +1,9 @@
 package cn.iselab.mooctest.site.dao;
 
 import cn.iselab.mooctest.site.models.User;
+import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.CrudRepository;
+import org.springframework.data.repository.query.Param;
 
 import javax.transaction.Transactional;
 
@@ -15,6 +17,9 @@ public interface UserDao extends CrudRepository<User, Long> {
 
     User findByMobile(String mobile);
 
+    @Query("SELECT u FROM User u WHERE u.email = :username or u.mobile = :username")
+    User findByUsername(@Param("username") String username);
+
     User findById(Long id);
 
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/CasePermissionDao.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/instancePermission/CasePermissionDao.java

@@ -1,6 +1,6 @@
-package cn.iselab.mooctest.site.dao;
+package cn.iselab.mooctest.site.dao.instancePermission;
 
-import cn.iselab.mooctest.site.models.CasePermission;
+import cn.iselab.mooctest.site.models.instancePermission.CasePermission;
 import org.springframework.data.repository.CrudRepository;
 
 import javax.transaction.Transactional;
@@ -8,11 +8,12 @@ import java.util.List;
 
 /**
  * @author sean
- * @date 2017-07-04.
+ * @date 2017-07-07.
  */
 @Transactional
-public interface CasePermissionDao extends CrudRepository<CasePermission, Long>{
+public interface CasePermissionDao extends CrudRepository<CasePermission, Long> {
 
-    List<CasePermission> findByUserId(Long userId);
+    List<CasePermission> findByInstanceId(Long instanceId);
 
+    List<CasePermission> findByUserId(Long userId);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/GroupPermissionDao.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/instancePermission/GroupPermissionDao.java

@@ -1,6 +1,6 @@
-package cn.iselab.mooctest.site.dao;
+package cn.iselab.mooctest.site.dao.instancePermission;
 
-import cn.iselab.mooctest.site.models.GroupPermission;
+import cn.iselab.mooctest.site.models.instancePermission.GroupPermission;
 import org.springframework.data.repository.CrudRepository;
 
 import javax.transaction.Transactional;
@@ -8,10 +8,13 @@ import java.util.List;
 
 /**
  * @author sean
- * @date 2017-07-04.
+ * @date 2017-07-07.
  */
 @Transactional
-public interface GroupPermissionDao extends CrudRepository<GroupPermission, Long>{
+public interface GroupPermissionDao extends CrudRepository<GroupPermission, Long> {
 
     List<GroupPermission> findByUserId(Long userId);
+
+    List<GroupPermission> findByInstanceId(Long instanceId);
+
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/instancePermission/ReportPermissionDao.java

@@ -0,0 +1,17 @@
+package cn.iselab.mooctest.site.dao.instancePermission;
+
+import cn.iselab.mooctest.site.models.instancePermission.ReportPermission;
+import org.springframework.data.repository.CrudRepository;
+
+import javax.transaction.Transactional;
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@Transactional
+public interface ReportPermissionDao extends CrudRepository<ReportPermission, Long>{
+
+    List<ReportPermission> findByUserId(Long userId);
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/TaskPermissionDao.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/instancePermission/TaskPermissionDao.java

@@ -1,6 +1,6 @@
-package cn.iselab.mooctest.site.dao;
+package cn.iselab.mooctest.site.dao.instancePermission;
 
-import cn.iselab.mooctest.site.models.TaskPermission;
+import cn.iselab.mooctest.site.models.instancePermission.TaskPermission;
 import org.springframework.data.repository.CrudRepository;
 
 import javax.transaction.Transactional;
@@ -8,10 +8,12 @@ import java.util.List;
 
 /**
  * @author sean
- * @date 2017-07-04.
+ * @date 2017-07-07.
  */
 @Transactional
-public interface TaskPermissionDao extends CrudRepository<TaskPermission, Long> {
+public interface TaskPermissionDao extends CrudRepository<TaskPermission, Long>{
 
     List<TaskPermission> findByUserId(Long userId);
+
+    List<TaskPermission> findByInstanceId(Long instanceId);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/Menu.java

@@ -17,9 +17,6 @@ public class Menu {
     @Column(name = "menu")
     public String menu;
 
-    @Column(name = "url")
-    public String url;
-
     public Long getId() {
         return id;
     }
@@ -36,11 +33,4 @@ public class Menu {
         this.menu = menu;
     }
 
-    public String getUrl() {
-        return url;
-    }
-
-    public void setUrl(String url) {
-        this.url = url;
-    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/Permission.java

@@ -10,13 +10,12 @@ import java.sql.Timestamp;
 @Table(name = "permission")
 public class Permission {
 
+//    private String SEPERATOR = ":";
+
     @Id
     @GeneratedValue
     private Long id;
 
-    @Column(name = "name")
-    private String name;
-
     @Column(name = "resource")
     private String resource;
 
@@ -34,14 +33,6 @@ public class Permission {
         this.id = id;
     }
 
-    public String getName() {
-        return name;
-    }
-
-    public void setName(String name) {
-        this.name = name;
-    }
-
     public String getResource() {
         return resource;
     }
@@ -65,4 +56,9 @@ public class Permission {
     public void setCreateTime(Timestamp createTime) {
         this.createTime = createTime;
     }
+
+    @Override
+    public String toString() {
+        return String.join(":", resource, operation);
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/Role2Menu.java

@@ -0,0 +1,68 @@
+package cn.iselab.mooctest.site.models;
+
+import javax.persistence.*;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@Entity
+@Table(name = "role_2_menu")
+public class Role2Menu {
+
+    @Id
+    @GeneratedValue
+    private Long id;
+
+    @Column(name = "role_id")
+    private Long roleId;
+
+    @Column(name = "menu_id")
+    private Long menuId;
+
+    @Column(name = "operation")
+    private String operation;
+
+    @Column(name = "url")
+    private String url;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public Long getRoleId() {
+        return roleId;
+    }
+
+    public void setRoleId(Long roleId) {
+        this.roleId = roleId;
+    }
+
+    public Long getMenuId() {
+        return menuId;
+    }
+
+    public void setMenuId(Long menuId) {
+        this.menuId = menuId;
+    }
+
+    public String getOperation() {
+        return operation;
+    }
+
+    public void setOperation(String operation) {
+        this.operation = operation;
+    }
+
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/Task.java

@@ -42,6 +42,9 @@ public class Task {
     @Column(name = "owner_id")
     private Long ownerId;
 
+    @Column(name = "type")
+    private Byte type;// exam: 0, exercise: 1, activity: 2
+
     public Long getOwnerId() {
         return ownerId;
     }
@@ -49,8 +52,6 @@ public class Task {
     public void setOwnerId(Long ownerId) {
         this.ownerId = ownerId;
     }
-    @Column(name = "type")
-    private Byte type;// exam: 0, exercise: 1, activity: 2
 
     public Long getId() {
         return id;

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/CasePermission.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/instancePermission/CasePermission.java

@@ -1,17 +1,15 @@
-package cn.iselab.mooctest.site.models;
-
-import org.apache.shiro.authz.permission.WildcardPermission;
+package cn.iselab.mooctest.site.models.instancePermission;
 
 import javax.persistence.*;
 import java.sql.Timestamp;
 
 /**
  * @author sean
- * @date 2017-07-03.
+ * @date 2017-07-07.
  */
 @Entity
 @Table(name = "case_permission")
-public class CasePermission extends WildcardPermission {
+public class CasePermission {
 
     @Id
     @GeneratedValue
@@ -21,7 +19,7 @@ public class CasePermission extends WildcardPermission {
     private Long userId;
 
     @Column(name = "operation")
-    private Long operation;
+    private String operation;
 
     @Column(name = "instance_id")
     private Long instanceId;
@@ -45,11 +43,11 @@ public class CasePermission extends WildcardPermission {
         this.userId = userId;
     }
 
-    public Long getOperation() {
+    public String getOperation() {
         return operation;
     }
 
-    public void setOperation(Long operation) {
+    public void setOperation(String operation) {
         this.operation = operation;
     }
 
@@ -68,4 +66,9 @@ public class CasePermission extends WildcardPermission {
     public void setCreateTime(Timestamp createTime) {
         this.createTime = createTime;
     }
+
+    @Override
+    public String toString() {
+        return String.join(":", userId.toString(), "case", operation, instanceId.toString());
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/User2Permission.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/instancePermission/GroupPermission.java

@@ -1,15 +1,15 @@
-package cn.iselab.mooctest.site.models;
+package cn.iselab.mooctest.site.models.instancePermission;
 
 import javax.persistence.*;
 import java.sql.Timestamp;
 
 /**
  * @author sean
- * @date 2017-06-20.
+ * @date 2017-07-07.
  */
 @Entity
-@Table(name = "user_2_permission")
-public class User2Permission {
+@Table(name = "group_permission")
+public class GroupPermission {
 
     @Id
     @GeneratedValue
@@ -18,9 +18,6 @@ public class User2Permission {
     @Column(name = "user_id")
     private Long userId;
 
-    @Column(name = "resource")
-    private String resource;
-
     @Column(name = "operation")
     private String operation;
 
@@ -28,7 +25,7 @@ public class User2Permission {
     private Long instanceId;
 
     @Column(name = "create_time")
-    private Timestamp createTime = new Timestamp(System.currentTimeMillis());
+    private Timestamp createTime;
 
     public Long getId() {
         return id;
@@ -46,14 +43,6 @@ public class User2Permission {
         this.userId = userId;
     }
 
-    public String getResource() {
-        return resource;
-    }
-
-    public void setResource(String resource) {
-        this.resource = resource;
-    }
-
     public String getOperation() {
         return operation;
     }
@@ -77,4 +66,9 @@ public class User2Permission {
     public void setCreateTime(Timestamp createTime) {
         this.createTime = createTime;
     }
+
+    @Override
+    public String toString() {
+        return String.join(":", userId.toString(), "group", operation, instanceId.toString());
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/GroupPermission.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/instancePermission/ReportPermission.java

@@ -1,4 +1,4 @@
-package cn.iselab.mooctest.site.models;
+package cn.iselab.mooctest.site.models.instancePermission;
 
 import org.apache.shiro.authz.permission.WildcardPermission;
 
@@ -7,11 +7,11 @@ import java.sql.Timestamp;
 
 /**
  * @author sean
- * @date 2017-07-03.
+ * @date 2017-07-11.
  */
 @Entity
-@Table(name = "group_permission")
-public class GroupPermission extends WildcardPermission{
+@Table(name = "report_permission")
+public class ReportPermission extends WildcardPermission{
 
     @Id
     @GeneratedValue

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/TaskPermission.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/models/instancePermission/TaskPermission.java

@@ -1,17 +1,17 @@
-package cn.iselab.mooctest.site.models;
-
-import org.apache.shiro.authz.permission.WildcardPermission;
+package cn.iselab.mooctest.site.models.instancePermission;
 
 import javax.persistence.*;
 import java.sql.Timestamp;
 
 /**
  * @author sean
- * @date 2017-06-29.
+ * @date 2017-07-07.
  */
 @Entity
 @Table(name = "task_permission")
-public class TaskPermission extends WildcardPermission{
+public class TaskPermission {
+
+//    private String SEPERATOR = ":";
 
     @Id
     @GeneratedValue
@@ -29,14 +29,6 @@ public class TaskPermission extends WildcardPermission{
     @Column(name = "create_time")
     private Timestamp createTime;
 
-    public Long getUserId() {
-        return userId;
-    }
-
-    public void setUserId(Long userId) {
-        this.userId = userId;
-    }
-
     public Long getId() {
         return id;
     }
@@ -45,6 +37,14 @@ public class TaskPermission extends WildcardPermission{
         this.id = id;
     }
 
+    public Long getUserId() {
+        return userId;
+    }
+
+    public void setUserId(Long userId) {
+        this.userId = userId;
+    }
+
     public String getOperation() {
         return operation;
     }
@@ -68,4 +68,9 @@ public class TaskPermission extends WildcardPermission{
     public void setCreateTime(Timestamp createTime) {
         this.createTime = createTime;
     }
+
+    @Override
+    public String toString() {
+        return String.join(":", userId.toString(), "task", operation, instanceId.toString());
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/MenuService.java

@@ -9,5 +9,8 @@ import java.util.List;
  * @date 2017-06-29.
  */
 public interface MenuService {
+
     List<Menu> getMenuList();
+
+    Menu getMenuBymenuId(Long menuId);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/PermissionService.java

@@ -13,4 +13,6 @@ public interface PermissionService {
     List<Permission> findByUserId(Long userId);
 
     Permission findById(Long id);
+
+    List<Permission> findByRoleId(Long roleId);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/Role2MenuService.java

@@ -0,0 +1,15 @@
+package cn.iselab.mooctest.site.service;
+
+import cn.iselab.mooctest.site.models.Role2Menu;
+
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+public interface Role2MenuService {
+
+    List<Role2Menu> getRole2MenuListByRoleName(String roleName);
+
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/Role2PermissionService.java

@@ -2,11 +2,13 @@ package cn.iselab.mooctest.site.service;
 
 import cn.iselab.mooctest.site.models.Role2Permission;
 
+import java.util.List;
+
 /**
  * @author sean
  * @date 2017-06-15.
  */
 public interface Role2PermissionService {
 
-    Role2Permission getByRoleId(Long roleId);
+    List<Role2Permission> getByRoleId(Long roleId);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/RoleService.java

@@ -2,6 +2,8 @@ package cn.iselab.mooctest.site.service;
 
 import cn.iselab.mooctest.site.models.Role;
 
+import java.util.List;
+
 /**
  * @author sean
  * @date 2017-06-14.
@@ -9,4 +11,8 @@ import cn.iselab.mooctest.site.models.Role;
 public interface RoleService {
 
     Role findById(Long id);
+
+    List<Role> getRolesOfUser(String username);
+
+    Role getRoleByRoleName(String roleName);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/UserService.java

@@ -8,12 +8,14 @@ import cn.iselab.mooctest.site.models.User;
  */
 public interface UserService {
 
-    User register(User user);
+    User createUser(User user);
 
     User findByUsername(String username);
 
     User findByUserId(Long userId);
 
+    User getUserByEmail(String email);
+
     User updateUser(User user);
 
     User findByEmail(String email);

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/MenuServiceImpl.java

@@ -23,4 +23,9 @@ public class MenuServiceImpl implements MenuService{
     public List<Menu> getMenuList() {
         return Lists.newArrayList(menuDao.findAll());
     }
+
+    @Override
+    public Menu getMenuBymenuId(Long menuId) {
+        return menuDao.findOne(menuId);
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/PermissionServiceImpl.java

@@ -1,13 +1,17 @@
 package cn.iselab.mooctest.site.service.impl;
 
 import cn.iselab.mooctest.site.dao.PermissionDao;
+import cn.iselab.mooctest.site.dao.Role2PermissionDao;
 import cn.iselab.mooctest.site.models.Permission;
+import cn.iselab.mooctest.site.models.Role2Permission;
 import cn.iselab.mooctest.site.service.BaseService;
 import cn.iselab.mooctest.site.service.PermissionService;
+import com.google.common.collect.Lists;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * @author sean
@@ -19,9 +23,11 @@ public class PermissionServiceImpl extends BaseService implements PermissionServ
     @Autowired
     private PermissionDao permissionDao;
 
+    @Autowired
+    private Role2PermissionDao role2PermissionDao;
+
     @Override
-    public Permission findById(Long id)
-    {
+    public Permission findById(Long id) {
         return permissionDao.findOne(id);
     }
 
@@ -29,4 +35,11 @@ public class PermissionServiceImpl extends BaseService implements PermissionServ
     public List<Permission> findByUserId(Long userId) {
         return permissionDao.findByUserId(userId);
     }
+
+    @Override
+    public List<Permission> findByRoleId(Long roleId) {
+        List<Role2Permission> role2Permissions = role2PermissionDao.findByRoleId(roleId);
+        List<Long> permissionIds = role2Permissions.stream().map(Role2Permission::getPermissionId).collect(Collectors.toList());
+        return Lists.newArrayList(permissionDao.findAll(permissionIds));
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/Role2MenuServiceImpl.java

@@ -0,0 +1,31 @@
+package cn.iselab.mooctest.site.service.impl;
+
+import cn.iselab.mooctest.site.dao.Role2MenuDao;
+import cn.iselab.mooctest.site.dao.RoleDao;
+import cn.iselab.mooctest.site.models.Role;
+import cn.iselab.mooctest.site.models.Role2Menu;
+import cn.iselab.mooctest.site.service.Role2MenuService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@Service
+public class Role2MenuServiceImpl implements Role2MenuService {
+
+    @Autowired
+    private Role2MenuDao role2MenuDao;
+
+    @Autowired
+    private RoleDao roleDao;
+
+    @Override
+    public List<Role2Menu> getRole2MenuListByRoleName(String roleName) {
+        Role role = roleDao.findByName(roleName);
+        return role2MenuDao.findByRoleId(role.getId());
+    }
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/Role2PermissionServiceImpl.java

@@ -7,6 +7,8 @@ import cn.iselab.mooctest.site.service.Role2PermissionService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
+
 /**
  * @author sean
  * @date 2017-06-15.
@@ -18,7 +20,7 @@ public class Role2PermissionServiceImpl extends BaseService implements Role2Perm
     private Role2PermissionDao role2PermissionDao;
 
     @Override
-    public Role2Permission getByRoleId(Long roleId) {
+    public List<Role2Permission> getByRoleId(Long roleId) {
         return role2PermissionDao.findByRoleId(roleId);
     }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/RoleServiceImpl.java

@@ -1,24 +1,56 @@
 package cn.iselab.mooctest.site.service.impl;
 
 import cn.iselab.mooctest.site.dao.RoleDao;
+import cn.iselab.mooctest.site.dao.User2RoleDao;
+import cn.iselab.mooctest.site.dao.UserDao;
 import cn.iselab.mooctest.site.models.Role;
+import cn.iselab.mooctest.site.models.User;
+import cn.iselab.mooctest.site.models.User2Role;
 import cn.iselab.mooctest.site.service.BaseService;
 import cn.iselab.mooctest.site.service.RoleService;
+import com.google.common.collect.Lists;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
+import java.util.stream.Collectors;
+
 /**
  * @author sean
  * @date 2017-06-14.
  */
 @Service
-public class RoleServiceImpl extends BaseService implements RoleService{
+public class RoleServiceImpl extends BaseService implements RoleService {
 
     @Autowired
     private RoleDao roleDao;
 
+    @Autowired
+    private UserDao userDao;
+
+    @Autowired
+    private User2RoleDao user2RoleDao;
+
     @Override
     public Role findById(Long id) {
         return roleDao.findOne(id);
     }
+
+    @Override
+    public List<Role> getRolesOfUser(String username) {
+
+        User user = userDao.findByUsername(username);
+
+        List<User2Role> user2Roles = user2RoleDao.findByUserId(user.getId());
+
+        Iterable<Role> roles = roleDao.findAll(user2Roles.stream().map(User2Role::getRoleId).collect(Collectors.toList()));
+
+        return Lists.newArrayList(roles);
+
+    }
+
+    @Override
+    public Role getRoleByRoleName(String roleName) {
+        return roleDao.findByName(roleName);
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/UserServiceImpl.java

@@ -1,5 +1,7 @@
 package cn.iselab.mooctest.site.service.impl;
 
+import cn.iselab.mooctest.site.dao.Role2PermissionDao;
+import cn.iselab.mooctest.site.dao.User2RoleDao;
 import cn.iselab.mooctest.site.dao.UserDao;
 import cn.iselab.mooctest.site.models.User;
 import cn.iselab.mooctest.site.service.BaseService;
@@ -17,8 +19,14 @@ public class UserServiceImpl extends BaseService implements UserService {
     @Autowired
     private UserDao userDao;
 
+    @Autowired
+    private User2RoleDao user2RoleDao;
+
+    @Autowired
+    private Role2PermissionDao role2PermissionDao;
+
     @Override
-    public User register(User user) {
+    public User createUser(User user) {
         return userDao.save(user);
     }
 
@@ -37,6 +45,11 @@ public class UserServiceImpl extends BaseService implements UserService {
     }
 
     @Override
+    public User getUserByEmail(String email) {
+        return userDao.findByEmail(email);
+    }
+
+    @Override
     public User findByEmail(String email) {
         return userDao.findByEmail(email);
     }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/CasePermissionService.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/CasePermissionService.java

@@ -1,6 +1,6 @@
-package cn.iselab.mooctest.site.service;
+package cn.iselab.mooctest.site.service.instancePermission;
 
-import cn.iselab.mooctest.site.models.CasePermission;
+import cn.iselab.mooctest.site.models.instancePermission.CasePermission;
 
 import java.util.List;
 

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/GroupPermissionService.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/GroupPermissionService.java

@@ -1,6 +1,6 @@
-package cn.iselab.mooctest.site.service;
+package cn.iselab.mooctest.site.service.instancePermission;
 
-import cn.iselab.mooctest.site.models.GroupPermission;
+import cn.iselab.mooctest.site.models.instancePermission.GroupPermission;
 
 import java.util.List;
 

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/ReportPermissionService.java

@@ -0,0 +1,13 @@
+package cn.iselab.mooctest.site.service.instancePermission;
+
+import cn.iselab.mooctest.site.models.instancePermission.ReportPermission;
+
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+public interface ReportPermissionService {
+    List<ReportPermission> getReportPermissionsByuserId(Long userId);
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/TaskPermissionService.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/TaskPermissionService.java

@@ -1,6 +1,6 @@
-package cn.iselab.mooctest.site.service;
+package cn.iselab.mooctest.site.service.instancePermission;
 
-import cn.iselab.mooctest.site.models.TaskPermission;
+import cn.iselab.mooctest.site.models.instancePermission.TaskPermission;
 
 import java.util.List;
 

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/CasePermissionServiceImpl.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/impl/CasePermissionServiceImpl.java

@@ -1,8 +1,10 @@
-package cn.iselab.mooctest.site.service.impl;
+package cn.iselab.mooctest.site.service.instancePermission.impl;
 
-import cn.iselab.mooctest.site.dao.CasePermissionDao;
-import cn.iselab.mooctest.site.models.CasePermission;
-import cn.iselab.mooctest.site.service.CasePermissionService;
+
+
+import cn.iselab.mooctest.site.dao.instancePermission.CasePermissionDao;
+import cn.iselab.mooctest.site.models.instancePermission.CasePermission;
+import cn.iselab.mooctest.site.service.instancePermission.CasePermissionService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -10,10 +12,10 @@ import java.util.List;
 
 /**
  * @author sean
- * @date 2017-07-04.
+ * @date 2017-07-07.
  */
 @Service
-public class CasePermissionServiceImpl implements CasePermissionService {
+public class CasePermissionServiceImpl implements CasePermissionService{
 
     @Autowired
     private CasePermissionDao casePermissionDao;

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/GroupPermissionServiceImpl.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/impl/GroupPermissionServiceImpl.java

@@ -1,8 +1,8 @@
-package cn.iselab.mooctest.site.service.impl;
+package cn.iselab.mooctest.site.service.instancePermission.impl;
 
-import cn.iselab.mooctest.site.dao.GroupPermissionDao;
-import cn.iselab.mooctest.site.models.GroupPermission;
-import cn.iselab.mooctest.site.service.GroupPermissionService;
+import cn.iselab.mooctest.site.dao.instancePermission.GroupPermissionDao;
+import cn.iselab.mooctest.site.models.instancePermission.GroupPermission;
+import cn.iselab.mooctest.site.service.instancePermission.GroupPermissionService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/impl/ReportPermissionServiceImpl.java

@@ -0,0 +1,25 @@
+package cn.iselab.mooctest.site.service.instancePermission.impl;
+
+import cn.iselab.mooctest.site.dao.instancePermission.ReportPermissionDao;
+import cn.iselab.mooctest.site.models.instancePermission.ReportPermission;
+import cn.iselab.mooctest.site.service.instancePermission.ReportPermissionService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@Service
+public class ReportPermissionServiceImpl implements ReportPermissionService{
+
+    @Autowired
+    private ReportPermissionDao reportPermissionDao;
+
+    @Override
+    public List<ReportPermission> getReportPermissionsByuserId(Long userId) {
+        return reportPermissionDao.findByUserId(userId);
+    }
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/TaskPermissionServiceImpl.java → mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/instancePermission/impl/TaskPermissionServiceImpl.java

@@ -1,9 +1,9 @@
-package cn.iselab.mooctest.site.service.impl;
+package cn.iselab.mooctest.site.service.instancePermission.impl;
 
-import cn.iselab.mooctest.site.dao.TaskPermissionDao;
-import cn.iselab.mooctest.site.models.TaskPermission;
+import cn.iselab.mooctest.site.dao.instancePermission.TaskPermissionDao;
+import cn.iselab.mooctest.site.models.instancePermission.TaskPermission;
 import cn.iselab.mooctest.site.service.BaseService;
-import cn.iselab.mooctest.site.service.TaskPermissionService;
+import cn.iselab.mooctest.site.service.instancePermission.TaskPermissionService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/AccountController.java

@@ -42,12 +42,12 @@ public class AccountController extends BaseController {
         accountLogic.logout(response, session);
     }
 
-    @RequestMapping(value = UrlConstants.API_COMMON + "register/email", method = RequestMethod.POST)
+    @RequestMapping(value = UrlConstants.API_COMMON + "createUser/email", method = RequestMethod.POST)
     public AccountVO registerByEmail(@RequestBody AccountVO accountVO, HttpServletRequest request, HttpServletResponse response) {
         return accountLogic.registerByEmail(accountVO, request, response);
     }
 
-    @RequestMapping(value = UrlConstants.API_COMMON + "register/mobile", method = RequestMethod.POST)
+    @RequestMapping(value = UrlConstants.API_COMMON + "createUser/mobile", method = RequestMethod.POST)
     public AccountVO registerByMobile(@RequestBody AccountVO accountVO, HttpServletRequest request, HttpServletResponse response) {
         return accountLogic.registerByMobile(accountVO, request, response);
     }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/ApiController.java

@@ -53,7 +53,8 @@ public class ApiController extends BaseController {
     }
 
     @RequestMapping(value = UrlConstants.API_INTERNAL + "getCases", method = RequestMethod.GET)
-    public String getCases(HttpServletRequest request) {
+    public String getCases(HttpServletRequest request)
+    {
         return apiLogic.getCases(request);
     }
 

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/ExamController.java

@@ -1,9 +1,11 @@
 package cn.iselab.mooctest.site.web.ctrl;
 
-import cn.iselab.mooctest.site.web.data.AssignedCaseVO;
+import cn.iselab.mooctest.site.service.UserService;
 import cn.iselab.mooctest.site.web.data.ExamVO;
-import cn.iselab.mooctest.site.web.data.PaperVO;
+import cn.iselab.mooctest.site.web.exception.HttpForbiddenException;
+import cn.iselab.mooctest.site.web.exception.IllegalOperationException;
 import cn.iselab.mooctest.site.web.logic.ExamLogic;
+import org.apache.shiro.SecurityUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
@@ -11,9 +13,6 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
-import java.util.List;
-
-import cn.iselab.mooctest.site.web.exception.IllegalOperationException;
 
 /**
  * Created by major on 2017/6/15.
@@ -25,29 +24,39 @@ public class ExamController {
     @Autowired
     ExamLogic examLogic;
 
+    @Autowired
+    UserService userService;
+
     @RequestMapping(value = "api/exams", method = RequestMethod.GET)
     public Page<ExamVO> getExamList(@RequestParam(value = "organizer_id", required = false) Long organizerId
             , @RequestParam(value = "participant_id", required = false) Long participantId,
                                     HttpServletRequest request) {
         String activePageStr = request.getHeader("activePage");
         String rowsOnPageStr = request.getHeader("rowsOnPage");
-        if(activePageStr == null || activePageStr.isEmpty() || rowsOnPageStr == null || rowsOnPageStr.isEmpty())
+        if (activePageStr == null || activePageStr.isEmpty() || rowsOnPageStr == null || rowsOnPageStr.isEmpty())
             throw new IllegalOperationException();
         Integer activePage = Integer.parseInt(activePageStr);
         Integer rowsOnPage = Integer.parseInt(rowsOnPageStr);
 
         Pageable pageable = new PageRequest(activePage - 1, rowsOnPage);
-        if(organizerId != null && participantId == null) {
+        if (organizerId != null && participantId == null) {
             Page<ExamVO> vo = examLogic.getOrganizerExamList(organizerId, pageable);
             return vo;
         }
-        if(participantId != null && organizerId == null)
+        if (participantId != null && organizerId == null)
             return examLogic.getParticipantExamList(participantId, pageable);
         return null;
     }
 
-    @RequestMapping(value= "api/exam/{examId}", method = RequestMethod.GET)
-    public ExamVO getExamById(@PathVariable Long examId) {
+
+    @RequestMapping(value = "api/exam/{examId}", method = RequestMethod.GET)
+    public ExamVO getExamById(@PathVariable Long examId)
+    {
+        Long userId = userService.findByUsername((String)SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal()).getId();
+        String permissionStr = String.valueOf(userId)+":task:view:"+String.valueOf(examId);
+        if (!SecurityUtils.getSubject().isPermitted(permissionStr)){
+            throw new HttpForbiddenException("unauthourized");
+        }
         return examLogic.getExamById(examId);
     }
 
@@ -63,4 +72,5 @@ public class ExamController {
         }
         return examLogic.updateExam(examVO);
     }
+
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/ctrl/TestController.java

@@ -2,6 +2,8 @@ package cn.iselab.mooctest.site.web.ctrl;
 
 import cn.iselab.mooctest.site.common.enums.SessionKey;
 import cn.iselab.mooctest.site.util.data.EncryptionUtil;
+import cn.iselab.mooctest.site.web.data.*;
+import cn.iselab.mooctest.site.web.logic.*;
 import cn.iselab.mooctest.site.web.data.MenuVO;
 import cn.iselab.mooctest.site.web.data.PermissionVO;
 import cn.iselab.mooctest.site.web.data.RoleVO;
@@ -40,6 +42,9 @@ public class TestController {
     @Autowired
     private MenuLogic menuLogic;
 
+    @Autowired
+    private Role2MenuLogic role2MenuLogic;
+
     @RequestMapping(value = "/api/test/getSession", method = RequestMethod.GET)
     public String getSession(HttpSession session) {
         return session.getAttribute(SessionKey.IDENTITY.toString()) + "_" +
@@ -140,5 +145,9 @@ public class TestController {
         return menuLogic.getMenuList();
     }
 
-
+    @RequestMapping(value = "/api/test/role2menuList", method = RequestMethod.GET)
+    public List<Role2MenuVO> getRole2MenuList(){
+        String username = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
+        return role2MenuLogic.getRole2MenuListByUsername(username);
+    }
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/data/Role2MenuVO.java

@@ -0,0 +1,71 @@
+package cn.iselab.mooctest.site.web.data;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class Role2MenuVO extends BaseVO{
+
+    private Long id;
+
+    private Long roleId;
+
+    private Long menuId;
+
+    private String menuName;
+
+    private String operation;
+
+    private String url;
+
+    public String getMenuName() {
+        return menuName;
+    }
+
+    public void setMenuName(String menuName) {
+        this.menuName = menuName;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public Long getRoleId() {
+        return roleId;
+    }
+
+    public void setRoleId(Long roleId) {
+        this.roleId = roleId;
+    }
+
+    public Long getMenuId() {
+        return menuId;
+    }
+
+    public void setMenuId(Long menuId) {
+        this.menuId = menuId;
+    }
+
+    public String getOperation() {
+        return operation;
+    }
+
+    public void setOperation(String operation) {
+        this.operation = operation;
+    }
+
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/data/wrapper/MenuVOWrapper.java

@@ -16,15 +16,12 @@ public class MenuVOWrapper extends BaseWrapper<MenuVO, Menu> {
         MenuVO menuVO = new MenuVO();
         menuVO.setId(menu.getId());
         menuVO.setMenu(menu.getMenu());
-        menuVO.setUrl(menu.getUrl());
         return menuVO;
     }
 
     @Override
     public Menu unwrap(MenuVO data) {
         Menu menu = new Menu();
-
-        menu.setUrl(data.getUrl());
         menu.setMenu(data.getMenu());
         menu.setId(data.getId());
         return menu;

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/data/wrapper/PermissionVOWraper.java

@@ -11,15 +11,14 @@ import java.sql.Timestamp;
  * @date 2017-06-15.
  */
 @Service
-public class PermissionVOWraper extends BaseWrapper<PermissionVO, Permission>{
+public class PermissionVOWraper extends BaseWrapper<PermissionVO, Permission> {
 
     @Override
     public PermissionVO wrap(Permission permission) {
-        PermissionVO permissionVO =  new PermissionVO();
+        PermissionVO permissionVO = new PermissionVO();
 
         permissionVO.setCreateTime(permission.getCreateTime().getTime());
         permissionVO.setId(permission.getId());
-        permissionVO.setName(permission.getName());
         permissionVO.setOperation(permission.getOperation());
         permissionVO.setResource(permission.getResource());
         return permissionVO;
@@ -32,7 +31,6 @@ public class PermissionVOWraper extends BaseWrapper<PermissionVO, Permission>{
         permission.setCreateTime(new Timestamp(data.getCreateTime()));
         permission.setOperation(data.getOperation());
         permission.setResource(data.getResource());
-        permission.setName(data.getName());
         permission.setId(data.getId());
         return permission;
     }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/data/wrapper/Role2MenuVOWrapper.java

@@ -0,0 +1,39 @@
+package cn.iselab.mooctest.site.web.data.wrapper;
+
+import cn.iselab.mooctest.site.models.Role2Menu;
+import cn.iselab.mooctest.site.web.data.Role2MenuVO;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@Service
+public class Role2MenuVOWrapper extends BaseWrapper<Role2MenuVO, Role2Menu> {
+
+    @Override
+    public Role2MenuVO wrap(Role2Menu role2Menu) {
+        Role2MenuVO role2MenuVO = new Role2MenuVO();
+
+        role2MenuVO.setId(role2Menu.getId());
+        role2MenuVO.setOperation(role2Menu.getOperation());
+        role2MenuVO.setMenuId(role2Menu.getMenuId());
+        role2MenuVO.setRoleId(role2Menu.getRoleId());
+        role2MenuVO.setUrl(role2Menu.getUrl());
+
+        return role2MenuVO;
+    }
+
+    @Override
+    public Role2Menu unwrap(Role2MenuVO data) {
+        Role2Menu role2Menu = new Role2Menu();
+
+        role2Menu.setOperation(data.getOperation());
+        role2Menu.setUrl(data.getUrl());
+        role2Menu.setRoleId(data.getRoleId());
+        role2Menu.setMenuId(data.getMenuId());
+        role2Menu.setId(data.getId());
+
+        return role2Menu;
+    }
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/logic/Role2MenuLogic.java

@@ -0,0 +1,14 @@
+package cn.iselab.mooctest.site.web.logic;
+
+import cn.iselab.mooctest.site.web.data.Role2MenuVO;
+
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+public interface Role2MenuLogic {
+
+    List<Role2MenuVO> getRole2MenuListByUsername(String username);
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/logic/impl/Role2MenuLogicImpl.java

@@ -0,0 +1,64 @@
+package cn.iselab.mooctest.site.web.logic.impl;
+
+import cn.iselab.mooctest.site.models.Role;
+import cn.iselab.mooctest.site.service.MenuService;
+import cn.iselab.mooctest.site.service.Role2MenuService;
+import cn.iselab.mooctest.site.service.RoleService;
+import cn.iselab.mooctest.site.service.UserService;
+import cn.iselab.mooctest.site.web.data.Role2MenuVO;
+import cn.iselab.mooctest.site.web.data.wrapper.Role2MenuVOWrapper;
+import cn.iselab.mooctest.site.web.logic.Role2MenuLogic;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+/**
+ * @author sean
+ * @date 2017-07-11.
+ */
+@Service
+public class Role2MenuLogicImpl implements Role2MenuLogic {
+
+    @Autowired
+    private UserService userService;
+
+    @Autowired
+    private RoleService roleService;
+
+    @Autowired
+    private Role2MenuService role2MenuService;
+
+    @Autowired
+    private Role2MenuVOWrapper role2MenuVOWrapper;
+
+    @Autowired
+    private MenuService menuService;
+
+    @Override
+    public List<Role2MenuVO> getRole2MenuListByUsername(String username) {
+        List<Role> roles = roleService.getRolesOfUser(username);
+        //roles:admin
+        if (roles.contains(roleService.getRoleByRoleName("admin"))) {
+            List<Role2MenuVO> role2MenuVOs = role2MenuVOWrapper.wrap(role2MenuService.getRole2MenuListByRoleName("admin"));
+            role2MenuVOs.forEach(role2MenuVO -> {
+                role2MenuVO.setMenuName(menuService.getMenuBymenuId(role2MenuVO.getMenuId()).getMenu());
+            });
+            return role2MenuVOs;
+        }
+        //role:manager
+        if (roles.contains(roleService.getRoleByRoleName("manager"))) {
+            List<Role2MenuVO> role2MenuVOs = role2MenuVOWrapper.wrap(role2MenuService.getRole2MenuListByRoleName("manager"));
+            role2MenuVOs.forEach(role2MenuVO -> {
+                role2MenuVO.setMenuName(menuService.getMenuBymenuId(role2MenuVO.getMenuId()).getMenu());
+            });
+            return role2MenuVOs;
+        }
+        //role:worker
+        List<Role2MenuVO> role2MenuVOs = role2MenuVOWrapper.wrap(role2MenuService.getRole2MenuListByRoleName("worker"));
+        for (Role2MenuVO r2m:role2MenuVOs){
+            r2m.setMenuName(menuService.getMenuBymenuId(r2m.getMenuId()).getMenu());
+        }
+        return role2MenuVOs;
+    }
+}

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/logic/impl/UserLogicImpl.java

@@ -1,13 +1,19 @@
 package cn.iselab.mooctest.site.web.logic.impl;
 
+import cn.iselab.mooctest.site.models.Group;
 import cn.iselab.mooctest.site.models.User;
+import cn.iselab.mooctest.site.models.User2Role;
+import cn.iselab.mooctest.site.service.GroupService;
 import cn.iselab.mooctest.site.service.UserService;
+import cn.iselab.mooctest.site.service.instancePermission.GroupPermissionService;
 import cn.iselab.mooctest.site.util.data.EncryptionUtil;
 import cn.iselab.mooctest.site.web.data.UserVO;
 import cn.iselab.mooctest.site.web.data.wrapper.UserVOWrapper;
+import cn.iselab.mooctest.site.web.exception.HttpBadRequestException;
 import cn.iselab.mooctest.site.web.logic.BaseLogic;
 import cn.iselab.mooctest.site.web.logic.UserLogic;
 import cn.iselab.mooctest.site.web.util.Converter;
+import org.apache.commons.validator.routines.EmailValidator;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -26,18 +32,46 @@ public class UserLogicImpl extends BaseLogic implements UserLogic {
     @Autowired
     private UserVOWrapper userVOWrapper;
 
+    @Autowired
+    private GroupService groupService;
+
+    @Autowired
+    private GroupPermissionService groupPermissionService;
+
     @Override
     public UserVO register(UserVO userVO) {
-//        if (userService.findByEmail(userVO.getEmail()) != null) {
-//            userService.deleteUser(userVO.getEmail());
-//        }
+        if (!EmailValidator.getInstance().isValid(userVO.getEmail())) {
+            throw new HttpBadRequestException("Invalid email");
+        }
+        if (userService.getUserByEmail(userVO.getEmail()) != null) {
+            throw new HttpBadRequestException("Worker already exists");
+        }
+
+        User user = registerUser(userVO);
+
+        //add user2role(worker default)
+        User2Role user2Role = new User2Role();
+        user2Role.setRoleId(3L);
+        user2Role.setUserId(user.getId());
+
+        //add worker into group 0
+        Group group =  groupService.getGroup(0);
+        groupService.joinGroup(user.getId(),group);
+        return userVOWrapper.wrap(userService.createUser(user));
+    }
+
+    private User registerUser(UserVO userVO) {
+        if (userService.findByEmail(userVO.getEmail()) != null) {
+            throw new HttpBadRequestException("user already exist");
+        }
         User user = userVOWrapper.unwrap(userVO);
         user.setPassword(EncryptionUtil.encryptMD5(userVO.getPassword()));
         user.setCreateTime(new Timestamp(System.currentTimeMillis()));
-
-        return userVOWrapper.wrap(userService.register(user));
+        user.setMobile(null);
+        return userService.createUser(user);
     }
 
+
     @Override
     public void deleteRepeatedUser(String email) {
         userService.deleteUser(email);