diff --git a/src/main/scala/plugin/PluginSystem.scala b/src/main/scala/plugin/PluginSystem.scala
index 6432ed3..8caf6bf 100644
--- a/src/main/scala/plugin/PluginSystem.scala
+++ b/src/main/scala/plugin/PluginSystem.scala
@@ -7,11 +7,8 @@
 import util.Directory._
 import util.ControlUtil._
 import org.apache.commons.io.FileUtils
-import util.JGitUtil
-import org.eclipse.jgit.api.Git
 import service.RepositoryService.RepositoryInfo
-import scala.reflect.runtime.currentMirror
-import scala.tools.reflect.ToolBox
+import Security._
 
 
 /**
@@ -91,8 +88,8 @@
   case class PluginRepository(id: String, url: String)
   case class GlobalMenu(label: String, url: String, icon: String, condition: Context => Boolean)
   case class RepositoryMenu(label: String, name: String, url: String, icon: String, condition: Context => Boolean)
-  case class Action(path: String, security: String, function: (HttpServletRequest, HttpServletResponse) => Any)
-  case class RepositoryAction(path: String, security: String, function: (HttpServletRequest, HttpServletResponse, RepositoryInfo) => Any)
+  case class Action(path: String, security: Security, function: (HttpServletRequest, HttpServletResponse) => Any)
+  case class RepositoryAction(path: String, security: Security, function: (HttpServletRequest, HttpServletResponse, RepositoryInfo) => Any)
   case class Button(label: String, href: String)
   case class JavaScript(filter: String => Boolean, script: String)
 
@@ -118,4 +115,3 @@
 
 }
 
-
diff --git a/src/main/scala/plugin/Security.scala b/src/main/scala/plugin/Security.scala
new file mode 100644
index 0000000..8295351
--- /dev/null
+++ b/src/main/scala/plugin/Security.scala
@@ -0,0 +1,11 @@
+package plugin
+
+object Security {
+  sealed trait Security
+  case class All() extends Security
+  case class Login() extends Security
+  case class Member() extends Security
+  case class Owner() extends Security
+  case class Admin() extends Security
+}
+
diff --git a/src/main/scala/servlet/PluginActionInvokeFilter.scala b/src/main/scala/servlet/PluginActionInvokeFilter.scala
index f6dc69d..d6d4354 100644
--- a/src/main/scala/servlet/PluginActionInvokeFilter.scala
+++ b/src/main/scala/servlet/PluginActionInvokeFilter.scala
@@ -11,6 +11,7 @@
 import service.RepositoryService.RepositoryInfo
 import service.SystemSettingsService.SystemSettings
 import org.json4s.jackson.Json
+import plugin.Security._
 
 class PluginActionInvokeFilter extends Filter with SystemSettingsService with RepositoryService with AccountService {
 
@@ -84,28 +85,28 @@
     } else false
   }
 
-  private def filterAction(security: String, context: app.Context, repository: Option[RepositoryInfo] = None): Boolean = {
+  private def filterAction(security: Security, context: app.Context, repository: Option[RepositoryInfo] = None): Boolean = {
     if(repository.isDefined){
       if(repository.get.repository.isPrivate){
         security match {
-          case "owner"  => context.loginAccount.isDefined && context.loginAccount.get.userName == repository.get.owner // TODO for group repository
-          case "member" => false // TODO owner or collaborator
-          case "admin"  => context.loginAccount.isDefined && context.loginAccount.get.isAdmin
+          case Owner()  => context.loginAccount.isDefined && context.loginAccount.get.userName == repository.get.owner // TODO for group repository
+          case Member() => false // TODO owner or collaborator
+          case Admin()  => context.loginAccount.isDefined && context.loginAccount.get.isAdmin
         }
       } else {
         security match {
-          case "all"    => true
-          case "login"  => context.loginAccount.isDefined
-          case "owner"  => context.loginAccount.isDefined && context.loginAccount.get.userName == repository.get.owner // TODO for group repository
-          case "member" => false // TODO owner or collaborator
-          case "admin"  => context.loginAccount.isDefined && context.loginAccount.get.isAdmin
+          case All()    => true
+          case Login()  => context.loginAccount.isDefined
+          case Owner()  => context.loginAccount.isDefined && context.loginAccount.get.userName == repository.get.owner // TODO for group repository
+          case Member() => false // TODO owner or collaborator
+          case Admin()  => context.loginAccount.isDefined && context.loginAccount.get.isAdmin
         }
       }
     } else {
       security match {
-        case "all"    => true
-        case "login"  => context.loginAccount.isDefined
-        case "admin"  => context.loginAccount.isDefined && context.loginAccount.get.isAdmin
+        case All()    => true
+        case Login()  => context.loginAccount.isDefined
+        case Admin()  => context.loginAccount.isDefined && context.loginAccount.get.isAdmin
       }
     }
   }