WIP

Author: kthotav

Security-Readme.md

@@ -0,0 +1,8 @@
+# Dendrite - Security 
+
+Dendrite uses Spring security in two ways : 
+ 
+ 1. At the controller level - it filters incoming requests to check and see if it should honor a request. 
+ 2. At the service level - it uses the pre-method invocation filter to check and see if the current user 
+    has access to the graph in question by checking the ownership of project.
+        

src/main/java/org/lab41/dendrite/metagraph/MetaGraphTx.java

@@ -5,6 +5,8 @@
 import com.tinkerpop.frames.FramedGraphFactory;
 import com.tinkerpop.frames.FramedTransactionalGraph;
 
+import java.security.Principal;
+
 public class MetaGraphTx {
 
     private FramedTransactionalGraph<DendriteGraphTx> tx = null;
@@ -25,20 +27,27 @@ public Iterable<ProjectMetadata> getProjects() {
         return getVertices("project", ProjectMetadata.class);
     }
 
+    public UserMetadata getUser(String name)
+    {
+        return getVertex(name, "user", UserMetadata.class);
+    }
+
     public ProjectMetadata getProject(String projectId) {
         return getVertex(projectId, "project", ProjectMetadata.class);
     }
 
-    public ProjectMetadata createProject(String name) {
-        return createProject(name, true);
+    public ProjectMetadata createProject(String name, Principal principal) {
+        return createProject(name, principal, true);
     }
 
-    public ProjectMetadata createProject(String name, boolean createBranch) {
+    public ProjectMetadata createProject(String name, Principal principle, boolean createBranch) {
         Preconditions.checkArgument(!name.isEmpty());
 
         ProjectMetadata projectMetadata = createVertex("project", ProjectMetadata.class);
         projectMetadata.setName(name);
 
+        UserMetadata userMetadata = createVertex("user", UserMetadata.class);
+
         if (createBranch) {
             BranchMetadata branchMetadata = createBranch("master", projectMetadata);
             projectMetadata.setCurrentBranch(branchMetadata);

src/main/java/org/lab41/dendrite/metagraph/models/ProjectMetadata.java

@@ -32,6 +32,12 @@ public interface ProjectMetadata extends NamedMetadata {
     @JavaHandler
     public GraphMetadata getCurrentGraph();
 
+    @Adjacency(label = "userOwnsProject", direction = Direction.OUT)
+    public void setUserOwnsProject(UserMetadata user);
+
+    @Adjacency(label = "userOwnsProject", direction = Direction.OUT)
+    public UserMetadata getUserOwnsProject();
+
     @Adjacency(label = "ownsBranch", direction = Direction.OUT)
     public Iterable<BranchMetadata> getBranches();
 

src/main/java/org/lab41/dendrite/metagraph/models/UserMetadata.java

@@ -3,17 +3,14 @@
 import com.tinkerpop.blueprints.Direction;
 import com.tinkerpop.frames.Adjacency;
 import com.tinkerpop.frames.Property;
+import com.tinkerpop.frames.modules.typedgraph.TypeValue;
 
 /**
  * Models a user. Keeps track of what projects they belong to.
  */
+@TypeValue("user")
 public interface UserMetadata  extends NamedMetadata {
 
-    @Property("LDAPString")
-    public String getLDAPString();
-
-    @Property("LDAPString")
-    public void setLDAPString();
 
     /**
      * Returns all the projects created by this user
@@ -24,14 +21,5 @@ public interface UserMetadata  extends NamedMetadata {
     public Iterable<ProjectMetadata> getCreatedProjects();
 
 
-    /**
-     * Returns all the projects that have been shared with
-     * this user by other users.
-     *
-     * @return
-     */
-    @Adjacency(label = "sharedWith", direction = Direction.IN)
-    public Iterable<ProjectMetadata> getSharedProjects();
-
 }
 

src/main/java/org/lab41/dendrite/services/MetaGraphService.java

@@ -13,6 +13,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Service;
 
 import java.io.IOException;
@@ -45,6 +46,7 @@ public Set<String> getGraphNames() {
         return metaGraph.getGraphNames();
     }
 
+
     public Collection<DendriteGraph> getGraphs() {
         return metaGraph.getGraphs();
     }

src/main/java/org/lab41/dendrite/web/controller/ProjectController.java

@@ -18,6 +18,7 @@
 import org.springframework.web.util.UriComponentsBuilder;
 
 import javax.validation.Valid;
+import java.security.Principal;
 import java.text.SimpleDateFormat;
 import java.util.*;
 
@@ -78,10 +79,13 @@ public ResponseEntity<Map<String, Object>> getProject(@PathVariable String proje
     @RequestMapping(value = "/projects", method = RequestMethod.POST)
     public ResponseEntity<Map<String, Object>> createProject(@Valid @RequestBody CreateProjectBean item,
                                                              BindingResult result,
-                                                             UriComponentsBuilder builder) {
+                                                             UriComponentsBuilder builder,
+                                                             Principal principal) {
 
         Map<String, Object> response = new HashMap<>();
 
+        logger.debug("Principal" + principal.getName());
+
         if (result.hasErrors()) {
             response.put("status", "error");
             response.put("msg", result.toString());