Introduce CourseContextRoleListener to dynamically assign contextual course roles#8491
Draft
AngelFQC wants to merge 30 commits into
Draft
Introduce CourseContextRoleListener to dynamically assign contextual course roles#8491AngelFQC wants to merge 30 commits into
CourseContextRoleListener to dynamically assign contextual course roles#8491AngelFQC wants to merge 30 commits into
Conversation
5 tasks
AngelFQC
force-pushed
the
8486-cidreq
branch
2 times, most recently
from
67f4417 to
3cc5eb6
Compare
…s and streamline access checks
…RRENT_COURSE_STUDENT` and `ROLE_CURRENT_COURSE_SESSION_STUDENT`)
…zed document access
… `CreateDocumentFileAction` to prevent IDOR vulnerabilities
… in API requests
…or cleaner context management in `DocumentCollectionStateProvider`
…andling with parameterized context management.
…ateCBlogAction` to prevent bypassing course, session, or group access gates.
Remove the platform-wide ROLE_TEACHER fallback from the create/import/export operations (it allowed any teacher of the platform to operate on any course), and add a contextual read role to the GetCollection that previously relied on the default ROLE_USER firewall check. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Drop the platform-wide ROLE_TEACHER fallback from the create/export operations and add a contextual read role to the GetCollection that previously relied on the default ROLE_USER firewall check. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ions Drop the platform-wide ROLE_TEACHER fallback from the create operation and add a contextual read role to the GetCollection that previously relied on the default ROLE_USER firewall check. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…I operations Replace the lax ROLE_USER check on the item Get with an object-level VIEW on the resource node, and add a contextual read role to the GetCollection (CidFilter already scopes results to the requested course). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ions Replace the lax ROLE_USER on the item Get with an object-level VIEW, add a contextual read role to the GetCollection, and swap the platform-wide ROLE_TEACHER/ROLE_ADMIN check on create and reorder for contextual teacher roles (admins keep access via the role hierarchy). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…operations Add a contextual read role to the GetCollection (replacing the lax ROLE_USER) and drop the platform-wide ROLE_TEACHER fallback from the create operation. The /upload operation (ROLE_STUDENT / ROLE_STUDENT_BOSS) is intentionally left unchanged: switching it to contextual roles would change who can submit assignments and affect student-boss supervisors, which needs a separate decision. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the lax ROLE_USER on the comment list and upload operations with contextual course/session read roles. The Delete operation keeps its owner-only check (object.getUser() == user), which is already stricter. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the lax ROLE_USER on the tool-intro list with contextual course/session read roles (CidFilter already scopes results to the requested course). Item operations already use object-level checks. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the lax ROLE_USER on the blog-post list with contextual course/session read roles. Item operations already gate through the parent blog's resource node. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the lax ROLE_USER on the blog-comment list with contextual course/session read roles. Item operations already gate through the parent blog/post resource node. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ations Align the blog-task operations with the rest of the blog module: gate item reads/writes through the parent blog's resource node (plus author ownership for patch/delete), add a contextual read role to the GetCollection, and require EDIT on the blog to create a task. Removes the lax ROLE_USER and the platform-wide ROLE_TEACHER/ROLE_ADMIN fallbacks (admins keep access via the role hierarchy). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the lax ROLE_USER on the blog-membership list with contextual course/session read roles. Write operations already gate through the parent blog's resource node. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Gate item reads and creates through the parent blog's resource node, add a contextual read role to the GetCollection, and require course membership for the upload endpoint (was IS_AUTHENTICATED_REMEMBERED). Removes the lax ROLE_USER. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the resource-wide ROLE_USER with contextual course/session roles so ratings can only be listed and submitted by members of the current course. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Gate item reads through the parent blog's resource node, add a contextual read role to the GetCollection, and replace the platform-wide ROLE_TEACHER/ROLE_ADMIN fallbacks on create/patch with contextual teacher roles (the patch keeps its owner check; admins keep access via the role hierarchy). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the platform-wide ROLE_TEACHER fallback on the correction upload with contextual course/session teacher roles. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…vel roles Gate the item Get through the parent publication's resource node, add a contextual read role to the GetCollection, and drop the platform-wide ROLE_TEACHER fallback from create/delete in favour of contextual teacher roles. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…roles Gate the item Get through the parent publication's resource node, add a contextual read role to the GetCollection and resource-level fallback, and replace the platform-wide ROLE_TEACHER/ROLE_SESSION_MANAGER checks on create/delete with contextual teacher roles. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add a contextual course/session read role to the course-tools list, which previously relied on the default ROLE_USER firewall check (CidFilter already scopes results to the requested course). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add a contextual course/session read role to the groups list, which previously relied on the default ROLE_USER firewall check. The item Get already uses an object-level VIEW on the resource node. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the very lax IS_AUTHENTICATED_REMEMBERED check on the dropbox upload with contextual course/session roles, so only members of the current course can share files through the dropbox. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.