CSC/ECE 517 Spring 2023 - E2331. Reimplement Account Request module
Project Overview
Background
In Expertiza, Account Creation can only be done by Admins and Super Admins. So, new users first request an account by clicking "Request Account" button on home page and filling out an account request form. After the user submits this form, the Admin or Super Admin is notified of the request and then he can decide to Accept or Reject such requests. If he accepts, then an email with new login details is sent to that user.
The Account Request module is responsible for performing all these functions. In this project, we aim to write RESTful endpoints for the Account Request module CRUD operations along with adding the corresponding controllers and model files. We also add a few other non CRUD custom actions to the controller files which are required for the app to function normally. And, we also aim to write tests for the corresponding model and controller files.
Objectives
1. Write RESTful endpoints of create, show, index, update, destroy to simulate creating and approving new user accounts, listing pending requested accounts, creating a new account request, and notifying super-admins about new account requests.
2. Add non CRUD custom actions like action_allowed?, foreign, notify_supers_new_request to support the above RESTful endpoints.
3. Return proper status codes and proper validation for RESTful endpoints.
4. Write models and controllers such that they use modern approaches to writing Ruby code, including utilizing language features and adhering to best practices for object-oriented design.
5. Write proper Rspec tests for all APIs, models, controllers.
6. Implement simple Authorization for Swagger simply using session variables instead of complex code.
Team Members
Kaushik Jadhav (unity_id: kajadhav, github: kaushikjadhav01)
Aditi Vakeel (unity_id: avakeel, github: aditi-v79)
Shivesh Madan Nath Jha (unity_id: sjha7, github: ShiveshJha12)
Mentor
Ankur Mundra (unity_id: amundra, github: amundra)
Relevant Links
Github Repository: https://github.com/CSC-517-Spr23-kajadhav-avakeel-sjha7/reimplementation-back-end
Pull Request: https://github.com/expertiza/reimplementation-back-end/pull/29
VCL Server: http://152.7.178.99:3000/
VCL Swagger UI: http://152.7.178.99:3000/api-docs/
Files Modified
- app/controllers/account_request_controller.rb
- app/models/account_request.rb
- app/controllers/users_controller.rb
- spec/requests/api/v1/account_request_spec.rb
Implementation
UML Diagram
Functionality
In this project, we aim to add the following functions:
1. Enable users to create a new Account Request.
2. Enable admins to create a new Account Request.
3. Enable admin to list pending requested accounts.
4. Enable admins to Accept or Reject Account Requests.
5. Enable admins to list previously accepted or rejected account requests.
6. Ensure that data is validated properly in all the above APIs.
7. For Authorization with swagger APIs, we use simply the session variable instead of using extra gems.
8. Test cases for all the above.
Controllers
We create a new controller at app/controllers/account_request_controller.rb
with following methods:
Method: index
This method gives a list of all pending account requests or historic account requests to Admin or Super Admin.
Method: create
This method allows any user to create a new Account Request. On successful submission, admins are notified.
Method: show
This method enables Admin or Super Admin to view a specific Account Request
Method: update
This method enables Admin or Super Admin to Accept or Reject single or multiple Account Requests simultaneously. If accepted and if the account is not duplicate, the new account is generated for the user and the user is sent an email with the login credentials.
Method: destroy
This method enables Admin or Super Admin to delete a specific Account Request
Method: foreign
If the registered user status is Approved and if the new_user couldn't be saved, foreign function saves the role id in @all_roles variable
Method: notify_supers_new_request
Notifies all the super admins by email that request for a new account has been created
Method: requested_user_params
The params in a controller looks like a Hash, but it's actually an instance of ActionController::Parameters, which provides several methods such as require and permit. The require method ensures that a specific parameter is present, and if it's not provided, the require method throws an error. It returns an instance of ActionController::Parameters for the key passed into require. The permit method returns a copy of the parameters object, returning only the permitted keys and values. When creating a new ActiveRecord model, only the permitted attributes are passed into the model.
Models
We create a new model class AccountRequest
at app/models/account_request.rb
and add validations to all input fields as shown below. For more details, check UML diagram above:
API documentation
# | Method | Endpoint | Description |
---|---|---|---|
1 | index | GET /account_request
|
returns a list of pending account requests or previously accepted or rejected account requests |
2 | create | POST /account_request
|
creates a new account request |
3 | show | GET /account_request/:id
|
retreive a specific account request |
4 | update | PATCH /account_request/:id
|
accept or reject an account request |
5 | delete | DELETE /account_request/:id
|
deletes a participant from an assignment or a course |
Index
Description: This endpoint gives a list of all pending account requests to Admin or Super Admin. A success response renders a JSON with all pending account requests.
Path: GET /account_request
Parameters:
# | Parameter | Expected Value | |
---|---|---|---|
1 | historic
|
true or false | If true, returns a list historically accepted or rejected account requests. If false, returns pending account requests. |
Response:
Work In Progress
Create
Description: This endpoint enables any user to create a new account request.
Path: POST /account_request
Request Body:
Work In Progress
Response:
Work In Progress
Show
Description: This endpoint enables Admin or Super Admin to view a specific Account Request.
Path: GET /account_request/:id
Request Body:
Work In Progress
Response:
Work In Progress
Update
Description: This endpoint enables Admin or Super Admin to Accept or Reject single or multiple Account Requests simultaneously. If accepted and if the account is not duplicate, the new account is generated for the user and the user is sent an email with the login credentials.
Path: PATCH /account_request/:id
Request Body:
Work In Progress
Response:
Work In Progress
Delete
Description: This endpoint enables Admin or Super Admin to delete a specific Account Request.
Path: DELETE /account_request/:id
Request Body:
Work In Progress
Response:
Work In Progress
Design Pattern
A design pattern is a general repeatable solution to a commonly occurring problem in software design. It is a description or template for how to solve a problem that can be used in many different situations.
During the process of refactoring methods as well as method names,Strategy Pattern was used in the implementation. The Strategy pattern is most useful when you want to provide multiple ways of processing a request, without hard-coding knowledge about those different methods into the object that handles the request.
Test Plan
The testing framework is RSpec. To test the RESTful APIs, we have used stubs and mocks. We have created some new models and added some associations in them which were required for stubbing.
To run the tests:
1. git clone https://github.com/CSC-517-Spr23-kajadhav-avakeel-sjha7/reimplementation-back-end
2. cd reimplementation-back-end/
3. bundle install
4. bundle exec rspec spec/requests/api/v1/account_request_spec.rb
Tests
Test ID | Test Description |
---|---|
1 | Test to check index with historic false and valid parameters. |
2 | Test to check index with historic false and invalid parameters. |
3 | Test to check index with historic true and valid parameters. |
4 | Test to check index with historic true and invalid parameters. |
5 | Test to create a new account request by user with valid parameters |
6 | Test to create a new account request by admin with valid parameters |
7 | Test to create a new account request by user with invalid parameters |
8 | Test to create a new account request by admin with invalid parameters |
9 | Test to accept account request by admin |
10 | Test to reject account request by admin |
11 | Test to accept account request by user |
12 | Test to reject account request by user |
13 | Test to retrieve a specific account request by user with valid id |
14 | Test to retrieve a specific account request by admin with valid id |
15 | Test to retrieve a specific account request by user with invalid id |
16 | Test to retrieve a specific account request by admin with invalid id |
17 | Test to delete a specific account request by user with valid id |
18 | Test to delete a specific account request by admin with valid id |
19 | Test to delete a specific account request by user with invalid id |
20 | Test to delete a specific account request by admin with invalid id |
Test Screenshot
Work in Progress
Swagger UI Screenshot
Work in Progress