CSC/ECE 517 Spring 2024 - E2419. Reimplement duties controller.rb and badges controller.rb

Overview

Our team is tasked with creating the backend reimplementation of the duties_controller.rb and badges_controller.rb. We are to use SOLID principles and adhere to the Guidelines for Reimplementation.

duties_controller.rb

This duties_controller defines the following actions: create, update, and remove. The create action is used to save the new duty to the database. While the edit action renders the form for altering an existing duty, the update action is used to update the duty in the database. Finally, the delete action can be used to remove a duty from the database. Expertiza's Duties module helps with duty management.

badges_controller.rb

The controller generates a new Badge instance by utilizing user-provided parameters via the create action. If an image file is included, it is also stored, and the badge instance's image_name attribute is updated accordingly.

Introduction To Expertiza System

The Expertiza platform is a versatile and modular system designed to enable students to submit assignments and quizzes smoothly, while also facilitating collaborative learning through features such as peer review. Embraced by students, teaching assistants, and professors alike, this sophisticated system optimizes academic assessments, promoting an interactive and efficient educational environment.

The primary aim of the student quizzes module is to provide a platform for students to generate quizzes for their peers who are working on the same assignments. This fosters a collaborative learning environment where students can collectively improve their understanding and support each other's educational progress.

Issues with Previous Functionality

Previously, the Expertiza system lacked specific functionalities related to duties and badges, which meant there were no established mechanisms within the system to manage duties or to create and manage badges. This absence was notable, as such features could significantly enhance user interaction and system management by allowing for the assignment of responsibilities and the acknowledgment of achievements within the system. To address this gap, a project has been initiated to develop and integrate these functionalities into the Expertiza system through an API framework built on Rails.

Design

The project entails revamping and improving the Duties and Badges modules within an API framework constructed on Rails. In duties_controller.rb, actions for handling duties, such as creation, editing, updating, and deletion, in the Expertiza system are defined. Conversely, badges_controller.rb manages the creation of Badge instances, enabling users to define badge parameters and optionally attach an image file, which is then saved and linked with the badge.

The primary focus of the project is to implement these functionalities as RESTful API endpoints, adhering strictly to JSON response standards. Comprehensive testing, covering both positive and negative scenarios, is imperative to validate the accuracy and resilience of the implemented features. Additionally, prioritizing security, error handling, and validation is crucial for maintaining data integrity and thwarting potential vulnerabilities. The reimplementation must adhere to Rails conventions and adhere to best practices, promoting maintainability and scalability while ensuring smooth integration with other modules in the Expertiza system.

Test Driven Development (TDD)

Our approach to developing Expertiza duties and bages controller will adhere to a test-driven design methodology. This means that we will be utilizing the test skeletons provided to us and tests for each component of the each module before implementing the corresponding functionalities. By following this rigorous testing approach, we ensure a reliable and thoroughly validated system, enhancing the overall quality and robustness of the Expertiza platform.

Objectives

Create: Develop methods in duties_controller and badges_controller to facilitate the creation of new Duties and Badges, respectively. These methods will allow instructors and system administrators to input necessary details such as duty descriptions, badge criteria, and associated rewards.

Read: Implement show actions within both controllers to enable users to retrieve and view details of specific Duties and Badges. This includes viewing duty responsibilities, badge criteria, and any rewards associated with the completion of duties or earning of badges.

Update: Add update methods in duties_controller and badges_controller to allow for the modification of existing Duties and Badges. This functionality will enable the adjustment of details such as duty parameters and badge criteria to keep the system’s content current and relevant.

Delete: Create destroy actions in both controllers to support the deletion of Duties and Badges that are no longer needed or relevant. This will assist in maintaining a clean and efficient database, removing outdated or unnecessary information.

Index: Enhance the index actions in both duties_controller and badges_controller to list all Duties and Badges, respectively, providing users with an overview of available duties and badges. The index view will be optimized for ease of access and clarity, making it simpler for users to navigate and manage duties and badges within the system.

Test Plan

cURL shall be used to simulate HTTP requests
Only an Admin shall create a test

Implementation

Duties Controller

class Api::V1::DutiesController < ApplicationController
 before_action :set_duty, only: %i[ show update destroy ]

index Method:

Function: Retrieves all duties.

HTTP Verb: GET

URL Endpoint: /duties

Description: Fetches all duties from the database using the Duty.all method and renders a JSON response containing all duties.

 # GET /duties
 def index
   @duties = Duty.all
   render json: @duties
 end

show Method:

Function: Retrieves a specific duty.

HTTP Verb: GET

URL Endpoint: /duties/:id

Description: Finds a duty by its ID and renders a JSON response containing the specific duty

 # GET /duties/1
 def show
   render json: @duty, status: :ok
 end

create Method:

Function: Creates a new duty.

HTTP Verb: POST

URL Endpoint: /duties

Description: Creates a new duty by instantiating a Duty object with the provided duty parameters from the request (duty_params).

 # POST /duties
 def create
   @duty = Duty.new(duty_params)

   if @duty.save
     render json: @duty, status: :created, location: @duty
   else
     render json: @duty.errors, status: :unprocessable_entity
   end
 end

update Method:

Function: Updates an existing duty.

HTTP Verb: PATCH/PUT

URL Endpoint: /duties/:id

Description: Updates an existing duty specified by its ID using the provided duty parameters from the request (duty_params).

 # PATCH/PUT /duties/1
 def update
   if @duty.update(duty_params)
     render json: @duty
   else
     render json: @duty.errors, status: :unprocessable_entity
   end
 end

destroy Method:

Function: Deletes a duty.

HTTP Verb: DELETE

URL Endpoint: /duties/:id

Description: Finds a specific duty by its ID and destroys (deletes) it. It then renders a JSON response with a success message

 # DELETE /duties/1
 def destroy
   @duty.destroy
   render json: { message: "Duty was successfully destroyed." }, status: :ok
 end

set_duty Method (Private):

This technique serves as a callback to establish the @duty instance variable by locating the duty according to the :id parameter. It is applied prior to the show, update, and destroy actions to prepare the specific duty undergoing operation.

 private
   # Use callbacks to share common setup or constraints between actions.
   def set_duty
     @duty = Duty.find(params[:id])
   end

duty_params Method (Private):

This process filters the duty parameters received from the request, permitting only designated parameters (:name, :assignment_id, :max_members_for_duties) for creating or updating a duty. It utilizes Rails' strong parameters feature for security purposes.

   # Only allow a list of trusted parameters through.
   def duty_params
     params.require(:duty).permit(:name, :assignment_id, :max_members_for_duties)
   end
end

Badges Controller

class Api::V1::BadgesController < ApplicationController
 before_action :set_badge, only: %i[ show update destroy ]

index Method:

HTTP Verb: GET

Endpoint: /badges

Functionality: Retrieves all badges.

Description: Fetches all existing badges from the database using Badge.all and returns a JSON array containing all badge records.

 # GET /badges
 # Lists all badges
 def index
   @badges = Badge.all
   render json: { badges: @badges }, status: :ok
 end

show Method:

HTTP Verb: GET

Endpoint: /badges/:id

Functionality: Retrieves a specific badge.

Description: Finds and retrieves a particular badge by its ID from the database. The method responds with a JSON object containing the details of the specific badge.

 # GET /badges/1
 # Shows a single badge
 def show
   render json: { badge: @badge }, status: :ok
 end

create Method:

HTTP Verb: POST

Endpoint: /badges

Functionality: Creates a new badge.

Description: Instantiates a new badge using the parameters provided in the request (badge_params).

 # POST /badges
 # Creates a new badge
 def create
   @badge = Badge.new(badge_params)

   if @badge.save
     render json: { badge: @badge }, status: :created
   else
     render json: { errors: @badge.errors.full_messages }, status: :unprocessable_entity
   end
 end

update Method:

HTTP Verb: PATCH/PUT

Endpoint: /badges/:id

Functionality: Updates an existing badge.

Description: Modifies the attributes of an existing badge based on the parameters received in the request (badge_params).

 # PATCH/PUT /badges/1
 # Updates an existing badge
 def update
   if @badge.update(badge_params)
     render json: { badge: @badge }, status: :ok
   else
     render json: { errors: @badge.errors.full_messages }, status: :unprocessable_entity
   end
 end

destroy Method:

HTTP Verb: DELETE

Endpoint: /badges/:id

Functionality: Deletes a badge.

Description: Locates a specific badge by its ID and removes it from the database.

 # DELETE /badges/1
 # Deletes a badge
 def destroy
   @badge.destroy
   render json: { message: "Badge was successfully destroyed." }, status: :ok
 end

set_badge Method (Private):

Function: Sets up a specific badge for other actions.

Description: This callback function locates and assigns the @badge instance variable according to the :id parameter before executing the show, update, and destroy actions.

 private
   # Use callbacks to share common setup or constraints between actions.
   def set_badge
     @badge = Badge.find(params[:id])
   end

badge_params Method (Private):

Function: Filters and permits badge parameters for security.

Description: This process screens the badge parameters received via the request, permitting only certain parameters (:name, :description, :image_name, :image_file) to be utilized for creating or updating a badge.

   # Only allow a list of trusted parameters through.
   def badge_params
     params.require(:badge).permit(:name, :description, :image_name)
   end
end

Database Setup

1. Create an Institution

Open shell on the mysql server and run:

 mysql -u dev -pexpertiza
 use reimplementation_development;

Then run the followinginsert command:

 INSERT INTO institutions (name, created_at, updated_at) VALUES ('North Carolina State University', NOW(), NOW());

2. Obtain an Encrypted Password

Open a new terminal in the container reimplementation-back-end-app and run the following commands

 rails console
 BCrypt::Password.create('password123')

You should obtain a string like the following but it will not match:

 '$2a$12$TWct/jRMKbb1Pm1NtxKmPuAkk8IOIHnJyBaU4eiMQ5MjV41Se0AXG'

This will be placed as the password in the next step.

3. Create an Admin User

Now, in the mysql terminal run the following (replacing the ‘$2a…’ with the one generated in step 2)

 INSERT INTO users (name, email, password_digest, role_id, created_at, updated_at, full_name, institution_id) VALUES ('admin', 'admin2@example.com', '$2a$12$TWct/jRMKbb1Pm1NtxKmPuAkk8IOIHnJyBaU4eiMQ5MjV41Se0AXG', 1, NOW(), NOW(), 'admin admin', 1);

4. Start the Server

At this point we can start the server to issue cURL commands once the server is running. Start rails server on port 3002

 rails s -p 3002

cURL User Required Setup

1. Login as an User and Get Bearer Token

Get bearer token first (for instructor):

 curl -X POST http://localhost:3002/login -H "Content-Type: application/json" -d '{"user_name": "admin", "password": "password123"}'

Note: You can use curl commands from the Windows command prompt, but you cannot use single quotes. For example the above JSON command must be written for Windows:

 curl -X POST http://localhost:3002/login -H "Content-Type: application/json" -d “{\"user_name\": \"admin\", \"password\": \"password123\"}”

Also, RubyMine has an option to construct HTTP requests from cURL commands. Tools->HTTP Client->Convert cURL to HTTP Request

Issuing the HTTP requests will return a Bearer Token that must be included while accessing other pages as an Instructor

2. User Creates Duty

Execute the following command. Make sure the Bearer Token matches what was obtained in step 1 when logging in as an User. Be sure the ids match the database ids for the assignments.

 curl -X 'POST' \
 'http://127.0.0.1:3002/api/v1/duties' \
 -H 'accept: /' \
 -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJpZCI6MSwibmFtZSI6ImFkbWluIiwiZnVsbF9uYW1lIjoiYWRtaW4gYWRtaW4iLCJyb2xlIjoiU3VwZXIgQWRtaW5pc3RyYXRvciIsImluc3RpdHV0aW9uX2lkIjoxLCJleHAiOjE3MTEzNDEzOTl9.GNjSZGuZnmCJVWRtwKORMgMtV6f9wiHlWzH7weLMq3z3ipTU2qw6SMoDZsSoNnRlDerknzcIaz8sccrjWdQ6CGT_IDavygi0GQzA9t8l4HZtDCObmcGRiFyFEkYoJHfxw6M2F_AQC9Csl_FgUFbQCxj-goFfVYZxs-YkXnqMl_nJFKeQRWrhkSEW-_sJm0IUw8ytmo3TuOEwbuNWwHI6EjH3acB5o4WBZxBfJPbKb3OoFEMYe-vjf6lnpLn4mIBhHrnrgNFe8AxMiqV0CuOe6Yl8MqMMyCEzf9k_1aXIpb3nqHlBATRzjrZh7vS-YDqt0bUCYNHPsSINdPqVrzhLFg' \
 -H 'Content-Type: application/json' \
 -d '{
 "name": "test duty 1",
 "max_members_for_duty": 2,
 "assignment_id": 1}'