chore(security): Handle ownerId where it makes sense

This includes endpoints that create/register something,
or updates that are liable to change resource ownerships.

Author: rm3l

common/src/main/kotlin/com/cosmotech/api/exceptions/CsmClientExceptions.kt

@@ -14,3 +14,9 @@ class CsmResourceNotFoundException(
     override val message: String,
     override val cause: Throwable? = null
 ) : CsmClientException(message, cause)
+
+@ResponseStatus(HttpStatus.FORBIDDEN)
+class CsmAccessForbiddenException(
+    override val message: String,
+    override val cause: Throwable? = null
+) : CsmClientException(message, cause)

common/src/main/kotlin/com/cosmotech/api/utils/SecurityUtils.kt

@@ -2,6 +2,14 @@
 // Licensed under the MIT license.
 package com.cosmotech.api.utils
 
+import java.lang.IllegalStateException
+import org.springframework.security.core.Authentication
 import org.springframework.security.core.context.SecurityContextHolder
 
-fun getCurrentUserId(): String = SecurityContextHolder.getContext().authentication.name
+fun getCurrentAuthentication(): Authentication? = SecurityContextHolder.getContext().authentication
+
+fun getCurrentUserName(): String? = getCurrentAuthentication()?.name
+
+fun getCurrentAuthenticatedUserName() =
+    getCurrentUserName()
+        ?: throw IllegalStateException("User Authentication not found in Security Context")

connector/src/main/kotlin/com/cosmotech/connector/azure/ConnectorServiceImpl.kt

@@ -7,7 +7,8 @@ import com.cosmotech.api.azure.AbstractCosmosBackedService
 import com.cosmotech.api.azure.findAll
 import com.cosmotech.api.azure.findByIdOrThrow
 import com.cosmotech.api.events.ConnectorRemoved
-import com.cosmotech.api.utils.getCurrentUserId
+import com.cosmotech.api.exceptions.CsmAccessForbiddenException
+import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.connector.api.ConnectorApiService
 import com.cosmotech.connector.domain.Connector
 import javax.annotation.PostConstruct
@@ -36,11 +37,17 @@ class ConnectorServiceImpl : AbstractCosmosBackedService(), ConnectorApiService
   override fun registerConnector(connector: Connector): Connector =
       cosmosTemplate.insert(
           coreConnectorContainer,
-          connector.copy(id = idGenerator.generate("connector"), ownerId = getCurrentUserId()))
+          connector.copy(
+              id = idGenerator.generate("connector"), ownerId = getCurrentAuthenticatedUserName()))
           ?: throw IllegalStateException("No connector returned in response: $connector")
 
   override fun unregisterConnector(connectorId: String) {
-    cosmosTemplate.deleteEntity(coreConnectorContainer, this.findConnectorById(connectorId))
+    val connector = this.findConnectorById(connectorId)
+    if (connector.ownerId != getCurrentAuthenticatedUserName()) {
+      // TODO Only the owner or an admin should be able to perform this operation
+      throw CsmAccessForbiddenException("You are not allowed to delete this Resource")
+    }
+    cosmosTemplate.deleteEntity(coreConnectorContainer, connector)
     this.eventPublisher.publishEvent(ConnectorRemoved(this, connectorId))
   }
 }

dataset/src/main/kotlin/com/cosmotech/dataset/azure/DatasetServiceImpl.kt

@@ -13,7 +13,9 @@ import com.cosmotech.api.events.ConnectorRemoved
 import com.cosmotech.api.events.ConnectorRemovedForOrganization
 import com.cosmotech.api.events.OrganizationRegistered
 import com.cosmotech.api.events.OrganizationUnregistered
+import com.cosmotech.api.exceptions.CsmAccessForbiddenException
 import com.cosmotech.api.utils.changed
+import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.api.utils.toDomain
 import com.cosmotech.connector.api.ConnectorApiService
 import com.cosmotech.dataset.api.DatasetApiService
@@ -60,7 +62,9 @@ class DatasetServiceImpl(
     val existingConnector = connectorService.findConnectorById(dataset.connector!!.id!!)
     logger.debug("Found connector: {}", existingConnector)
 
-    val datasetCopy = dataset.copy(id = idGenerator.generate("dataset"))
+    val datasetCopy =
+        dataset.copy(
+            id = idGenerator.generate("dataset"), ownerId = getCurrentAuthenticatedUserName())
     datasetCopy.connector!!.apply {
       name = existingConnector.name
       version = existingConnector.version
@@ -70,14 +74,30 @@ class DatasetServiceImpl(
   }
 
   override fun deleteDataset(organizationId: String, datasetId: String) {
-    cosmosTemplate.deleteEntity(
-        "${organizationId}_datasets", findDatasetById(organizationId, datasetId))
+    val dataset = findDatasetById(organizationId, datasetId)
+    if (dataset.ownerId != getCurrentAuthenticatedUserName()) {
+      // TODO Only the owner or an admin should be able to perform this operation
+      throw CsmAccessForbiddenException("You are not allowed to delete this Resource")
+    }
+    cosmosTemplate.deleteEntity("${organizationId}_datasets", dataset)
   }
 
   override fun updateDataset(organizationId: String, datasetId: String, dataset: Dataset): Dataset {
     val existingDataset = findDatasetById(organizationId, datasetId)
 
     var hasChanged = false
+
+    if (dataset.ownerId != null && dataset.changed(existingDataset) { ownerId }) {
+      // Allow to change the ownerId as well, but only the owner can transfer the ownership
+      if (existingDataset.ownerId != getCurrentAuthenticatedUserName()) {
+        // TODO Only the owner or an admin should be able to perform this operation
+        throw CsmAccessForbiddenException(
+            "You are not allowed to change the ownership of this Resource")
+      }
+      existingDataset.ownerId = dataset.ownerId
+      hasChanged = true
+    }
+
     if (dataset.name != null && dataset.changed(existingDataset) { name }) {
       existingDataset.name = dataset.name
       hasChanged = true
@@ -87,11 +107,20 @@ class DatasetServiceImpl(
       hasChanged = true
     }
     if (dataset.connector != null && dataset.changed(existingDataset) { connector }) {
-      // TODO Validate connector ID
+      // Validate connector ID
+      if (dataset.connector?.id.isNullOrBlank()) {
+        throw IllegalArgumentException("Connector ID is null or blank")
+      }
+      val existingConnector = connectorService.findConnectorById(dataset.connector!!.id!!)
+      logger.debug("Found connector: {}", existingConnector)
+
       existingDataset.connector = dataset.connector
+      existingDataset.connector!!.apply {
+        name = existingConnector.name
+        version = existingConnector.version
+      }
       hasChanged = true
     }
-    // TODO Allow to change the ownerId as well, but only the owner can transfer the ownership
 
     if (dataset.tags != null && dataset.tags?.toSet() != existingDataset.tags?.toSet()) {
       existingDataset.tags = dataset.tags

organization/src/main/kotlin/com/cosmotech/organization/azure/OrganizationServiceImpl.kt

@@ -9,7 +9,9 @@ import com.cosmotech.api.azure.AbstractCosmosBackedService
 import com.cosmotech.api.azure.findAll
 import com.cosmotech.api.azure.findByIdOrThrow
 import com.cosmotech.api.events.*
+import com.cosmotech.api.exceptions.CsmAccessForbiddenException
 import com.cosmotech.api.utils.changed
+import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.api.utils.toDomain
 import com.cosmotech.organization.api.OrganizationApiService
 import com.cosmotech.organization.domain.Organization
@@ -111,12 +113,13 @@ class OrganizationServiceImpl(private val userService: UserApiService) :
     val usersWithNames =
         usersLoaded?.let { organization.users?.map { it.copy(name = usersLoaded[it.id]!!.name!!) } }
 
-    // TODO Set the ownerID to the logged-in user
-
     val organizationRegistered =
         cosmosTemplate.insert(
             coreOrganizationContainer,
-            organization.copy(id = newOrganizationId, users = usersWithNames))
+            organization.copy(
+                id = newOrganizationId,
+                users = usersWithNames,
+                ownerId = getCurrentAuthenticatedUserName()))
 
     val organizationId =
         organizationRegistered.id
@@ -165,7 +168,13 @@ class OrganizationServiceImpl(private val userService: UserApiService) :
   }
 
   override fun unregisterOrganization(organizationId: String) {
-    cosmosTemplate.deleteEntity(coreOrganizationContainer, findOrganizationById(organizationId))
+    val organization = findOrganizationById(organizationId)
+    if (organization.ownerId != getCurrentAuthenticatedUserName()) {
+      // TODO Only the owner or an admin should be able to perform this operation
+      throw CsmAccessForbiddenException("You are not allowed to delete this Resource")
+    }
+
+    cosmosTemplate.deleteEntity(coreOrganizationContainer, organization)
 
     this.eventPublisher.publishEvent(OrganizationUnregistered(this, organizationId))
 
@@ -179,11 +188,22 @@ class OrganizationServiceImpl(private val userService: UserApiService) :
     val existingOrganization = findOrganizationById(organizationId)
 
     var hasChanged = false
+
+    if (organization.ownerId != null && organization.changed(existingOrganization) { ownerId }) {
+      // Allow to change the ownerId as well, but only the owner can transfer the ownership
+      if (existingOrganization.ownerId != getCurrentAuthenticatedUserName()) {
+        // TODO Only the owner or an admin should be able to perform this operation
+        throw CsmAccessForbiddenException(
+            "You are not allowed to change the ownership of this Resource")
+      }
+      existingOrganization.ownerId = organization.ownerId
+      hasChanged = true
+    }
+
     if (organization.name != null && organization.changed(existingOrganization) { name }) {
       existingOrganization.name = organization.name
       hasChanged = true
     }
-    // TODO Allow to change the ownerId as well, but only the owner can transfer the ownership
 
     var userIdsRemoved: List<String>? = listOf()
     if (organization.users != null) {

scenario/src/main/kotlin/com/cosmotech/scenario/azure/ScenarioServiceImpl.kt

@@ -5,8 +5,10 @@ package com.cosmotech.scenario.azure
 import com.azure.cosmos.models.*
 import com.cosmotech.api.azure.AbstractCosmosBackedService
 import com.cosmotech.api.events.*
+import com.cosmotech.api.exceptions.CsmAccessForbiddenException
 import com.cosmotech.api.utils.changed
 import com.cosmotech.api.utils.convertToMap
+import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.api.utils.toDomain
 import com.cosmotech.organization.api.OrganizationApiService
 import com.cosmotech.scenario.api.ScenarioApiService
@@ -156,6 +158,7 @@ class ScenarioServiceImpl(
     val scenarioToSave =
         scenario.copy(
             id = idGenerator.generate("scenario"),
+            ownerId = getCurrentAuthenticatedUserName(),
             solutionId = solutionId,
             solutionName = solutionName,
             creationDate = now,
@@ -189,9 +192,14 @@ class ScenarioServiceImpl(
   }
 
   override fun deleteScenario(organizationId: String, workspaceId: String, scenarioId: String) {
-    cosmosTemplate.deleteEntity(
-        "${organizationId}_scenario_data",
-        this.findScenarioById(organizationId, workspaceId, scenarioId))
+    val scenario = this.findScenarioById(organizationId, workspaceId, scenarioId)
+
+    if (scenario.ownerId != getCurrentAuthenticatedUserName()) {
+      // TODO Only the owner or an admin should be able to perform this operation
+      throw CsmAccessForbiddenException("You are not allowed to delete this Resource")
+    }
+
+    cosmosTemplate.deleteEntity("${organizationId}_scenario_data", scenario)
     // TODO Notify users
   }
 
@@ -302,6 +310,18 @@ class ScenarioServiceImpl(
     val workspace = workspaceService.findWorkspaceById(organizationId, workspaceId)
 
     var hasChanged = false
+
+    if (scenario.ownerId != null && scenario.changed(existingScenario) { ownerId }) {
+      // Allow to change the ownerId as well, but only the owner can transfer the ownership
+      if (existingScenario.ownerId != getCurrentAuthenticatedUserName()) {
+        // TODO Only the owner or an admin should be able to perform this operation
+        throw CsmAccessForbiddenException(
+            "You are not allowed to change the ownership of this Resource")
+      }
+      existingScenario.ownerId = scenario.ownerId
+      hasChanged = true
+    }
+
     if (scenario.name != null && scenario.changed(existingScenario) { name }) {
       existingScenario.name = scenario.name
       hasChanged = true

scenariorun/src/main/kotlin/com/cosmotech/scenariorun/ScenarioRunServiceImpl.kt

@@ -5,7 +5,9 @@ package com.cosmotech.scenariorun
 import com.azure.cosmos.models.*
 import com.cosmotech.api.argo.WorkflowUtils
 import com.cosmotech.api.azure.AbstractCosmosBackedService
+import com.cosmotech.api.exceptions.CsmAccessForbiddenException
 import com.cosmotech.api.utils.convertToMap
+import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.api.utils.toDomain
 import com.cosmotech.connector.api.ConnectorApiService
 import com.cosmotech.dataset.api.DatasetApiService
@@ -79,8 +81,12 @@ class ScenariorunServiceImpl(
   }
 
   override fun deleteScenarioRun(organizationId: String, scenariorunId: String) {
-    cosmosTemplate.deleteEntity(
-        "${organizationId}_scenario_data", this.findScenarioRunById(organizationId, scenariorunId))
+    val scenarioRun = this.findScenarioRunById(organizationId, scenariorunId)
+    if (scenarioRun.ownerId != getCurrentAuthenticatedUserName()) {
+      // TODO Only the owner or an admin should be able to perform this operation
+      throw CsmAccessForbiddenException("You are not allowed to delete this Resource")
+    }
+    cosmosTemplate.deleteEntity("${organizationId}_scenario_data", scenarioRun)
   }
 
   override fun findScenarioRunById(organizationId: String, scenariorunId: String): ScenarioRun =
@@ -326,6 +332,7 @@ class ScenariorunServiceImpl(
     val scenarioRun =
         ScenarioRun(
             id = idGenerator.generate("scenariorun", prependPrefix = "SR-"),
+            ownerId = getCurrentAuthenticatedUserName(),
             csmSimulationRun = csmSimulationId,
             organizationId = organizationId,
             workspaceId = workspaceId,

solution/src/main/kotlin/com/cosmotech/solution/azure/SolutionServiceImpl.kt

@@ -10,8 +10,10 @@ import com.cosmotech.api.azure.findByIdOrThrow
 import com.cosmotech.api.azure.sanitizeForAzureStorage
 import com.cosmotech.api.events.OrganizationRegistered
 import com.cosmotech.api.events.OrganizationUnregistered
+import com.cosmotech.api.exceptions.CsmAccessForbiddenException
 import com.cosmotech.api.exceptions.CsmResourceNotFoundException
 import com.cosmotech.api.utils.changed
+import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.solution.api.SolutionApiService
 import com.cosmotech.solution.domain.*
 import org.apache.commons.compress.archivers.ArchiveException
@@ -123,12 +125,18 @@ class SolutionServiceImpl(
   override fun createSolution(organizationId: String, solution: Solution) =
       cosmosTemplate.insert(
           "${organizationId}_solutions",
-          solution.copy(id = idGenerator.generate("solution", prependPrefix = "SOL-")))
+          solution.copy(
+              id = idGenerator.generate("solution", prependPrefix = "SOL-"),
+              ownerId = getCurrentAuthenticatedUserName()))
           ?: throw IllegalArgumentException("No solution returned in response: $solution")
 
   override fun deleteSolution(organizationId: String, solutionId: String) {
-    cosmosTemplate.deleteEntity(
-        "${organizationId}_solutions", findSolutionById(organizationId, solutionId))
+    val solution = findSolutionById(organizationId, solutionId)
+    if (solution.ownerId != getCurrentAuthenticatedUserName()) {
+      // TODO Only the owner or an admin should be able to perform this operation
+      throw CsmAccessForbiddenException("You are not allowed to delete this Resource")
+    }
+    cosmosTemplate.deleteEntity("${organizationId}_solutions", solution)
   }
 
   override fun deleteSolutionRunTemplate(
@@ -153,6 +161,16 @@ class SolutionServiceImpl(
     val existingSolution = findSolutionById(organizationId, solutionId)
 
     var hasChanged = false
+    if (solution.ownerId != null && solution.changed(existingSolution) { ownerId }) {
+      // Allow to change the ownerId as well, but only the owner can transfer the ownership
+      if (existingSolution.ownerId != getCurrentAuthenticatedUserName()) {
+        // TODO Only the owner or an admin should be able to perform this operation
+        throw CsmAccessForbiddenException(
+            "You are not allowed to change the ownership of this Resource")
+      }
+      existingSolution.ownerId = solution.ownerId
+      hasChanged = true
+    }
     if (solution.key != null && solution.changed(existingSolution) { key }) {
       existingSolution.key = solution.key
       hasChanged = true
@@ -180,8 +198,6 @@ class SolutionServiceImpl(
       hasChanged = true
     }
 
-    // TODO Allow to change the ownerId as well, but only the owner can transfer the ownership
-
     if (solution.tags != null && solution.tags?.toSet() != existingSolution.tags?.toSet()) {
       existingSolution.tags = solution.tags
       hasChanged = true