Use enum class to group repository/user operations.

gitop.core/src/main/java/com/pmease/gitop/core/gatekeeper/ApprovedByAuthorizedUsers.java

@@ -4,14 +4,14 @@ import java.util.Collection;
 
 import com.pmease.gitop.core.model.MergeRequest;
 import com.pmease.gitop.core.model.User;
-import com.pmease.gitop.core.permission.operation.Write;
+import com.pmease.gitop.core.permission.operation.RepositoryOperation;
 
 @SuppressWarnings("serial")
 public class ApprovedByAuthorizedUsers extends AbstractGateKeeper {
 
 	@Override
 	public CheckResult check(MergeRequest request) {
-		Collection<User> authorizedUsers = request.getDestination().getRepository().findAuthorizedUsers(new Write());
+		Collection<User> authorizedUsers = request.getDestination().getRepository().findAuthorizedUsers(RepositoryOperation.WRITE);
 		OrGateKeeper or = new OrGateKeeper();
 		for (User user: authorizedUsers) {
 			ApprovedBySpecifiedUser entry = new ApprovedBySpecifiedUser();

gitop.core/src/main/java/com/pmease/gitop/core/manager/AuthorizationManager.java

@@ -3,9 +3,9 @@ package com.pmease.gitop.core.manager;
 import com.google.inject.ImplementedBy;
 import com.pmease.commons.hibernate.dao.GenericDao;
 import com.pmease.gitop.core.manager.impl.DefaultAuthorizationManager;
-import com.pmease.gitop.core.model.Authorization;
+import com.pmease.gitop.core.model.RepositoryAuthorization;
 
 @ImplementedBy(DefaultAuthorizationManager.class)
-public interface AuthorizationManager extends GenericDao<Authorization> {
+public interface AuthorizationManager extends GenericDao<RepositoryAuthorization> {
 	
 }

gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultAuthorizationManager.java

@@ -6,10 +6,10 @@ import javax.inject.Singleton;
 import com.pmease.commons.hibernate.dao.DefaultGenericDao;
 import com.pmease.commons.hibernate.dao.GeneralDao;
 import com.pmease.gitop.core.manager.AuthorizationManager;
-import com.pmease.gitop.core.model.Authorization;
+import com.pmease.gitop.core.model.RepositoryAuthorization;
 
 @Singleton
-public class DefaultAuthorizationManager extends DefaultGenericDao<Authorization> implements AuthorizationManager {
+public class DefaultAuthorizationManager extends DefaultGenericDao<RepositoryAuthorization> implements AuthorizationManager {
 
 	@Inject
 	public DefaultAuthorizationManager(GeneralDao generalDao) {

gitop.core/src/main/java/com/pmease/gitop/core/model/Repository.java

@@ -18,7 +18,7 @@ import com.pmease.commons.hibernate.AbstractEntity;
 import com.pmease.gitop.core.gatekeeper.GateKeeper;
 import com.pmease.gitop.core.permission.object.ProtectedObject;
 import com.pmease.gitop.core.permission.object.UserBelonging;
-import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
+import com.pmease.gitop.core.permission.operation.RepositoryOperation;
 
 @Entity
 @Table(uniqueConstraints={
@@ -39,7 +39,7 @@ public class Repository extends AbstractEntity implements UserBelonging {
 	private GateKeeper gateKeeper;
 
 	@OneToMany(mappedBy="repository")
-	private Collection<Authorization> authorizations = new ArrayList<Authorization>();
+	private Collection<RepositoryAuthorization> authorizations = new ArrayList<RepositoryAuthorization>();
 
 	public User getOwner() {
 		return owner;
@@ -80,11 +80,11 @@ public class Repository extends AbstractEntity implements UserBelonging {
 		return getOwner();
 	}
 
-	public Collection<Authorization> getAuthorizations() {
+	public Collection<RepositoryAuthorization> getAuthorizations() {
 		return authorizations;
 	}
 
-	public void setAuthorizations(Collection<Authorization> authorizations) {
+	public void setAuthorizations(Collection<RepositoryAuthorization> authorizations) {
 		this.authorizations = authorizations;
 	}
 
@@ -98,10 +98,10 @@ public class Repository extends AbstractEntity implements UserBelonging {
 		}
 	}
 
-	public Collection<User> findAuthorizedUsers(PrivilegedOperation operation) {
+	public Collection<User> findAuthorizedUsers(RepositoryOperation operation) {
 		Map<Long, Boolean> authorizationMap = new HashMap<Long, Boolean>();
-		for (Authorization authorization: getAuthorizations()) {
+		for (RepositoryAuthorization authorization: getAuthorizations()) {
-			authorizationMap.put(authorization.getTeam().getId(), authorization.getOperation().can(operation));
+			authorizationMap.put(authorization.getTeam().getId(), authorization.getAuthorizedOperation().can(operation));
 		}
 		
 		Collection<Team> teams = new HashSet<Team>();
@@ -113,7 +113,7 @@ public class Repository extends AbstractEntity implements UserBelonging {
 				else
 					continue;
 			} else {
-				if (team.getOperation().can(operation))
+				if (team.getAuthorizedOperation().can(operation))
 					teams.add(team);
 			}
 		}

gitop.core/src/main/java/com/pmease/gitop/core/model/RepositoryAuthorization.java

@@ -7,15 +7,14 @@ import javax.persistence.Table;
 import javax.persistence.UniqueConstraint;
 
 import com.pmease.commons.hibernate.AbstractEntity;
-import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
+import com.pmease.gitop.core.permission.operation.RepositoryOperation;
-import com.pmease.gitop.core.permission.operation.Read;
 
 @SuppressWarnings("serial")
 @Entity
 @Table(uniqueConstraints={
 		@UniqueConstraint(columnNames={"team", "repository"})
 })
-public class Authorization extends AbstractEntity {
+public class RepositoryAuthorization extends AbstractEntity {
 
 	@ManyToOne
 	@JoinColumn(nullable=false)
@@ -25,14 +24,14 @@ public class Authorization extends AbstractEntity {
 	@JoinColumn(nullable=false)
 	private Repository repository;
 	
-	private PrivilegedOperation operation = new Read();
+	private RepositoryOperation authorizedOperation = RepositoryOperation.READ;
 	
-	public PrivilegedOperation getOperation() {
+	public RepositoryOperation getAuthorizedOperation() {
-		return operation;
+		return authorizedOperation;
 	}
 
-	public void setOperation(PrivilegedOperation operation) {
+	public void setAuthorizedOperation(RepositoryOperation authorizedOperation) {
-		this.operation = operation;
+		this.authorizedOperation = authorizedOperation;
 	}
 
 	public Team getTeam() {

gitop.core/src/main/java/com/pmease/gitop/core/model/Team.java

@@ -15,8 +15,7 @@ import org.apache.shiro.authz.Permission;
 
 import com.pmease.commons.hibernate.AbstractEntity;
 import com.pmease.gitop.core.permission.ObjectPermission;
-import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
+import com.pmease.gitop.core.permission.operation.UserOperation;
-import com.pmease.gitop.core.permission.operation.Read;
 
 @Entity
 @Table(uniqueConstraints={
@@ -39,13 +38,13 @@ public class Team extends AbstractEntity implements Permission {
 	private boolean register;
 
 	@Column(nullable=false)
-	private PrivilegedOperation operation = new Read();
+	private UserOperation authorizedOperation = UserOperation.READ;
 	
 	@OneToMany(mappedBy="team")
 	private Collection<TeamMembership> memberships = new ArrayList<TeamMembership>();
 	
 	@OneToMany(mappedBy="team")
-	private Collection<Authorization> authorizations = new ArrayList<Authorization>();
+	private Collection<RepositoryAuthorization> repositoryAuthorizations = new ArrayList<RepositoryAuthorization>();
 
 	public User getOwner() {
 		return owner;
@@ -87,12 +86,12 @@ public class Team extends AbstractEntity implements Permission {
 		this.register = register;
 	}
 
-	public PrivilegedOperation getOperation() {
+	public UserOperation getAuthorizedOperation() {
-		return operation;
+		return authorizedOperation;
 	}
 
-	public void setOperation(PrivilegedOperation operation) {
+	public void setAuthorizedOperation(UserOperation authorizedOeration) {
-		this.operation = operation;
+		this.authorizedOperation = authorizedOeration;
 	}
 
 	public Collection<TeamMembership> getMemberships() {
@@ -103,12 +102,12 @@ public class Team extends AbstractEntity implements Permission {
 		this.memberships = memberships;
 	}
 
-	public Collection<Authorization> getAuthorizations() {
+	public Collection<RepositoryAuthorization> getRepositoryAuthorizations() {
-		return authorizations;
+		return repositoryAuthorizations;
 	}
 
-	public void setAuthorizations(Collection<Authorization> authorizations) {
+	public void setAuthorizations(Collection<RepositoryAuthorization> repositoryAuthorizations) {
-		this.authorizations = authorizations;
+		this.repositoryAuthorizations = repositoryAuthorizations;
 	}
 
 	@Override
@@ -116,13 +115,13 @@ public class Team extends AbstractEntity implements Permission {
 		if (permission instanceof ObjectPermission) {
 			ObjectPermission objectPermission = (ObjectPermission) permission;
 			
-			for (Authorization each: getAuthorizations()) {
+			for (RepositoryAuthorization each: getRepositoryAuthorizations()) {
 				if (each.getRepository().has(objectPermission.getObject()))
-					return each.getOperation().can(objectPermission.getOperation());
+					return each.getAuthorizedOperation().can(objectPermission.getOperation());
 			}
 
 			if (getOwner().has(objectPermission.getObject()))
-				return getOperation().can(objectPermission.getOperation());
+				return getAuthorizedOperation().can(objectPermission.getOperation());
 		} 
 		
 		return false;

gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java

@@ -6,10 +6,10 @@ import com.pmease.gitop.core.model.Repository;
 import com.pmease.gitop.core.model.User;
 import com.pmease.gitop.core.permission.object.ProtectedObject;
 import com.pmease.gitop.core.permission.object.SystemObject;
-import com.pmease.gitop.core.permission.operation.Administration;
 import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
-import com.pmease.gitop.core.permission.operation.Read;
+import com.pmease.gitop.core.permission.operation.RepositoryOperation;
-import com.pmease.gitop.core.permission.operation.Write;
+import com.pmease.gitop.core.permission.operation.SystemOperation;
+import com.pmease.gitop.core.permission.operation.UserOperation;
 
 /**
  * This class represents permissions to operate an account and its belongings.
@@ -56,30 +56,30 @@ public class ObjectPermission implements Permission {
 	}
 
 	public static ObjectPermission ofUserAdmin(User user) {
-		return new ObjectPermission(user, new Administration());
+		return new ObjectPermission(user, UserOperation.ADMINISTRATION);
 	}
 	
 	public static ObjectPermission ofUserRead(User user) {
-		return new ObjectPermission(user, new Read());
+		return new ObjectPermission(user, UserOperation.READ);
 	}
 
 	public static ObjectPermission ofUserWrite(User user) {
-		return new ObjectPermission(user, new Write());
+		return new ObjectPermission(user, UserOperation.WRITE);
 	}
 
 	public static ObjectPermission ofRepositoryAdmin(Repository repository) {
-		return new ObjectPermission(repository, new Administration());
+		return new ObjectPermission(repository, RepositoryOperation.ADMINISTRATION);
 	}
 
 	public static ObjectPermission ofRepositoryRead(Repository repository) {
-		return new ObjectPermission(repository, new Read());
+		return new ObjectPermission(repository, RepositoryOperation.READ);
 	}
 
 	public static ObjectPermission ofRepositoryWrite(Repository repository) {
-		return new ObjectPermission(repository, new Write());
+		return new ObjectPermission(repository, RepositoryOperation.WRITE);
 	}
 
-	public static ObjectPermission ofSystem(PrivilegedOperation operation) {
+	public static ObjectPermission ofSystem(SystemOperation operation) {
 		return new ObjectPermission(new SystemObject(), operation);
 	}
 	

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Administration.java

@@ -1,11 +0,0 @@
-package com.pmease.gitop.core.permission.operation;
-
-@SuppressWarnings("serial")
-public class Administration implements PrivilegedOperation {
-
-	@Override
-	public boolean can(PrivilegedOperation operation) {
-		return true;
-	}
-
-}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateMergeRequest.java

@@ -1,11 +0,0 @@
-package com.pmease.gitop.core.permission.operation;
-
-@SuppressWarnings("serial")
-public class CreateMergeRequest implements PrivilegedOperation {
-
-	@Override
-	public boolean can(PrivilegedOperation operation) {
-		return operation instanceof CreateMergeRequest;
-	}
-
-}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateRepository.java

@@ -1,11 +0,0 @@
-package com.pmease.gitop.core.permission.operation;
-
-@SuppressWarnings("serial")
-public class CreateRepository implements PrivilegedOperation {
-
-	@Override
-	public boolean can(PrivilegedOperation operation) {
-		return operation instanceof CreateRepository;
-	}
-
-}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/NoAccess.java

@@ -1,11 +0,0 @@
-package com.pmease.gitop.core.permission.operation;
-
-@SuppressWarnings("serial")
-public class NoAccess implements PrivilegedOperation {
-
-	@Override
-	public boolean can(PrivilegedOperation operation) {
-		return false;
-	}
-
-}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Read.java

@@ -1,11 +0,0 @@
-package com.pmease.gitop.core.permission.operation;
-
-@SuppressWarnings("serial")
-public class Read implements PrivilegedOperation {
-
-	@Override
-	public boolean can(PrivilegedOperation operation) {
-		return operation instanceof Read;
-	}
-
-}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/RepositoryOperation.java

@@ -0,0 +1,36 @@
+package com.pmease.gitop.core.permission.operation;
+
+public enum RepositoryOperation implements PrivilegedOperation {
+	NO_ACCESS {
+
+		@Override
+		public boolean can(PrivilegedOperation operation) {
+			return false;
+		}
+		
+	},
+	READ {
+
+		@Override
+		public boolean can(PrivilegedOperation operation) {
+			return operation == READ;
+		}
+		
+	},
+	WRITE {
+
+		@Override
+		public boolean can(PrivilegedOperation operation) {
+			return operation == WRITE || READ.can(operation);
+		}
+		
+	},
+	ADMINISTRATION {
+
+		@Override
+		public boolean can(PrivilegedOperation operation) {
+			return true;
+		}
+		
+	}
+}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/SystemOperation.java

@@ -9,19 +9,19 @@ public enum SystemOperation implements PrivilegedOperation {
 		}
 		
 	},
-	CREATE_ASSESSMENT {
+	VOTE {
 
 		@Override
 		public boolean can(PrivilegedOperation operation) {
-			return operation == CREATE_ASSESSMENT;
+			return operation == VOTE;
 		}
 		
 	},
-	CREATE_COMMENT {
+	ADD_COMMENT {
 
 		@Override
 		public boolean can(PrivilegedOperation operation) {
-			return operation == CREATE_COMMENT;
+			return operation == ADD_COMMENT;
 		}
 		
 	},
@@ -45,7 +45,7 @@ public enum SystemOperation implements PrivilegedOperation {
 
 		@Override
 		public boolean can(PrivilegedOperation operation) {
-			return operation == READ_ALL_REPOSITORIES;
+			return operation == READ_ALL_REPOSITORIES || RepositoryOperation.READ.can(operation);
 		}
 		
 	},
@@ -53,7 +53,9 @@ public enum SystemOperation implements PrivilegedOperation {
 
 		@Override
 		public boolean can(PrivilegedOperation operation) {
-			return READ_ALL_REPOSITORIES.can(operation);
+			return operation == WRITE_ALL_REPOSITORIES 
+					|| READ_ALL_REPOSITORIES.can(operation) 
+					|| RepositoryOperation.WRITE.can(operation);
 		}
 		
 	}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/UserOperation.java

@@ -0,0 +1,28 @@
+package com.pmease.gitop.core.permission.operation;
+
+public enum UserOperation implements PrivilegedOperation {
+	READ {
+
+		@Override
+		public boolean can(PrivilegedOperation operation) {
+			return operation == READ || RepositoryOperation.READ.can(operation);
+		}
+		
+	},
+	WRITE {
+
+		@Override
+		public boolean can(PrivilegedOperation operation) {
+			return operation == WRITE || READ.can(operation) || RepositoryOperation.WRITE.can(operation);
+		}
+		
+	},
+	ADMINISTRATION {
+
+		@Override
+		public boolean can(PrivilegedOperation operation) {
+			return true;
+		}
+		
+	}
+}

gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Write.java

@@ -1,11 +0,0 @@
-package com.pmease.gitop.core.permission.operation;
-
-@SuppressWarnings("serial")
-public class Write implements PrivilegedOperation{
-
-	@Override
-	public boolean can(PrivilegedOperation operation) {
-		return operation instanceof Write || new Read().can(operation);
-	}
-
-}