CSNS2 Security Implementation
Department
Requirements
-
System admin can create departments.
-
Department admin can edit their own department such as changing logo, theme, and adding/removing faculty, instructors, and courses.
In theory department name abbreviation (e.g. cs) should not be changed once a department is created because doing so may break department role check. Right now it can be changed by System Admin.
Implementation
-
/admin/** requires sysadmin.
-
DepartmentDao.saveDepartment() requires system or department admin by @PreAuthorize
-
The following controller methods require department admin by @PreAuthorize
-
DepartmentUserController.operation()
-
DepartmentCourseController.operation()
User
Requirements
-
General user management operations like add, edit, disable, and search require sysadmin, department admin, or department faculty.
-
The search function used by auto complete is available to department instructors.
-
Users can edit their own account profile.
-
Temporary user accounts may be created during roster/grade import.
Implementation
-
/user/** requires sysadmin, department admin, or department faculty.
-
/user/autocomplete requires department instructors.
-
/profile requires authenticated users.
-
/register requires authenticated users with temporary accounts.
Course
Requirements
-
Adding and editing courses require department admin.
-
Other course operations like view and search are available to everyone, including anonymous users.
Implementation
-
/course/add and /course/edit require department admin.
Section
Requirements
-
Sections can be added by department admin, department faculty, and department instructor.
-
Sections can be edited by department admin.
-
Department faculty and department instructors can edit their own sections.
Section access is kind of tricky because it's not just access the Section objects, but also other data associated with a section such as assignments, student roster, student grades, and so on.
Implementation
-
/section/taken requires authenticated users.
-
/section/** requires department admin, department faculty, or department instructor.
-
SectionDao.getSection() require the caller to be either an instructor or a student in the section (using @PostAuthorize).
The current implementation is not perfect. In fact, there is a known loophole ....
Enrollment
Requirements
-
The instructor(s) of a section and department admin* can add, view, edit, delete enrollments.
-
The students can view their own enrollments.
* Because we allow a course to be included in the curriculum of any department (e.g. TECH250 included in CS BS program), it's difficult to determine which department a section belongs to. So here we allow the admin of any department to manage enrollments, basically trusting that all department admins are good people.
Implementation
-
EnrollmentDao.getEnrollment() is secured with an @PostAuthorize.
-
EnrollmentDao.saveEnrollment() and deleteEnrollment() are secured with @PreAuthorize.
Assignment
Requirements
-
Department instructors can view, add, edit, delete assignments of the sections they teach.
-
Students can views the assignments of the sections they take.
-
Department admins can view all assignments (again, it's admins of all departments)
Implementation
-
/assignment/** requires department admin/faculty/instructor.
-
AssignmentDao.getAssignment() is secured by an @PostAuthorize.
-
AssignemntDao.saveAssignment() is secured by an @PreAuthorize.
Submission
Requirements
-
Department instructors can create, view, edit, grade the submissions for their sections.
-
Students can create, view, and edit their own submissions.
-
Department admins can view all submissions.
Implementation
-
/submission/view, /submission/upload, and /submission/online/edit require authenticated users.
-
/submission/** require department instructors.
-
SubmissionDao.getSubmission() is secured with an @PostAuthorize.
-
SubmissionDao.saveSubmission() is secured with an @PreAuthorize.
Survey
Requirements
-
Department admin/faculty can create, view, edit, delete surveys.
-
Department admin/faculty can view survey results.
-
Anybody can take a survey.
-
Anybody can create a survey response, but only the author can edit a survey response.
-
Only department admin/faculty can view survey responses.
Implementation
-
/department/*/survey/current and /department/*/survey/response/edit allow all.
-
Some @PreAuthorize and @PostAuthorize in SurveyDaoImpl and SurveyResponseDaoImpl and controllers.
The current implementation is not very rigorous, but it should prevent anybody other department faculty from doing bad things. |