Project Design

• Front-end pass username and web url to back-end then back-end will return boolean value to indicate whether the user can access the coresponding website.
• Front-end calls RESTful APIs implemented by back-end to add, update, delete users and roles;

  RBAC Model

• The relation between user and role is many to many, so as that between role and access;
• Admin is a special type of role which has all web accesses and can manage users and other roles;
• Admin create a set of roles with corresponding access permissions and assign part of them to a new-added user.
• User gain accesses based on the roles he/she is assigned with.

  Database Table Design

• User Table:

id	name	create_time	update_time

• Role Table:

id	type	create_time	update_time

• Access Table:

id	name	url	create_time	update_time

• User-Role Table:

id	user_id	role_id	create_time	update_time

• Role-Access Tabe:

id	role_id	access_id	create_time	update_time

RESTful APIs(According to company’s policy, url and request method are not provided):

• listAllUsers
• loadUserRoles
• addUser
• updateUser
• deleteUser
• listAllRoles
• loadRoleAccesses
• addRole
• updateRole
• deleteRole

Spring Boot Project Structure

• 

RESTful API

• Jackson maps JSON <-> Java POJO Automatically

  Parameter Acquiring and Sending

• @GetMapping('/url'): @RequestParam
• @PostMapping('/url'): @RequestBody
• @PutMapping('/url'): @RequestBody
• @DeleteMapping('/url/{id}') : @PathVariable
• response: code, message, data

  Related Spring Annotation

• @Autowired
• @RestController

Test

Postman

Mockito Unit Test

• @InjectMocks
• @Mock
• MockMVC: perform(), andExpect()
• when-return
• verify