CSC/ECE 517 Spring 2024 - E2445. Implement BackEnd for participants.rb (Design Document)

Expertiza

Expertiza stands out as an open-source initiative rooted in the Ruby on Rails framework, brought to life through the collective efforts of NC State's faculty and students. This web application supports instructors in creating tailored assignments that can either be new or build upon existing ones. Moreover, it allows for the organization of topics into a roster for student selection. Expertiza offers students the chance to team up for joint projects and assignments, promoting collaborative learning. A key feature of this platform is enabling students to peer-review their colleagues' work.

With its capability to handle a wide variety of document types, Expertiza accepts submissions in formats ranging from URLs to wiki pages. As an open-source learning management system crafted with Ruby on Rails, it boasts a broad range of features that facilitate the submission and peer review of diverse learning materials, including articles, code, and websites. Instructors and teaching assistants can easily monitor and evaluate these submissions, making Expertiza a valuable tool for managing course assignments.

Introduction

To develop the backend functionality for the participants controller of Expertiza, ensuring seamless integration with the enhanced user interface for participants. This involves setting up API endpoints for CRUD (Create, Read, Update, Delete) operations, integrating with the database, and ensuring data integrity and security. Our focus includes thorough rswag testing of the participants_controller method and demonstrating Swagger UI integration.

Problem Statement

The reimplementation project entails:

1. CRUD Operations: Setting up CRUD (Create, Read, Update, Delete) functionalities in the controller to streamline data handling.
2. Routes: Establishing pathways for accessing actions within the participants controller.
3. Database: Maintaining a database for participant information, including their connections to "Assignment".
4. Adherence to DRY Principle: Adhering to the Don't Repeat Yourself (DRY) principle to minimize redundancy and enhance coding efficiency.
5. Testing with RSwag: Developing detailed tests using RSwag for every controller action, ensuring their performance and compatibility with Swagger UI. This includes a video tutorial to illustrate the integration with Swagger UI and the operational efficiency of the revamped controller.

Plan for Implementation of Participants Controller

Create Action:

create action will handle the addition of new participants. It will take participant information, conducts security validations, ensures data integrity, and inserts the new record into the database, responding with the participant's details in JSON format or an error message if the process fails.

Read Action:

index action will accept a participant ID, retrieves the corresponding data from the database, and returns it as a JSON object. If the participant does not exist, it will send an error message.

Update Action:

update action will require a participant ID and the new data to be provided. The method will update the relevant record after security and data validation checks and returns the updated information in JSON format.

Delete Action:

delete action will remove a participant's record using their ID, ensuring that the request is authenticated and the user is authorized to perform the deletion. Upon successful deletion, it will confirm the action with a success response; otherwise, it returns an error.

Participants of a particular assignment:

The participants_of_assignment method will receive an assignment ID, this method will join the pertinent records from the participants and assignments tables, retrieving a comprehensive dataset that is then converted into a JSON array. This method will be instrumental for scenarios where a holistic view of assignment participation is required.

Participants as a User:

The participants_as_user method will focus on associating participant records with user accounts. With a user ID as input, it will join the relevant data from the participants and users tables. The resulting dataset, encapsulated in a JSON array, provides an integrated perspective on the participants' user-related attributes. This method will be particularly valuable when user-based filtering of participant data is needed.

Comprehensive Testing with RSwag:

Extensive testing using RSwag will be carried out to confirm the functionality of API endpoints and achieve full test coverage. This process entails crafting tests for every method in the controller, addressing both successful and failure scenarios, and incorporating automated tests into the Continuous Integration (CI) pipeline to maintain consistent quality and dependability.

Design Principles

Single Responsibility Principle (SRP):

• Every function within the ParticipantsController will handle a distinct aspect of participant management.
• The functions will undergo restructuring to delineate responsibilities like fetching data, performing calculations, and presenting views.
• As an illustration, the view function will be dedicated to acquiring participant information.

Don't Repeat Yourself (DRY) Principle:

• Redundant code within the ParticipantsController will be reduced by moving shared functionalities into auxiliary methods or modules.

Encapsulation:

• The ParticipantsController will organize data and functionality into suitable methods and classes to reduce dependencies.
• The scope of access to instance variables and controller actions will be restricted to foster encapsulation and ensure a clear division of responsibilities.

Testing with RSwag:

Integration Testing:

• RSwag will be employed to create integration tests that validate the functionality of each action within the controller.
• Tests for CRUD operations (Create, Read, Update, Delete) will be conducted to confirm efficient data handling and database interaction.

Swagger UI Integration:

• Integration of RSwag with Swagger UI will offer an intuitive interface for users to engage with API endpoints.
• Swagger UI will faithfully represent the API documentation, enabling users to experiment with endpoints in an interactive manner.

Parameter Validation:

• Various input values for endpoint parameters, including assignment IDs and participant IDs, will be evaluated to verify accurate processing and error management.
• Parameters like IDs, query strings, and request payloads will undergo validation to maintain data integrity.

Error Handling:

• Tests will cover error scenarios such as validation failures, missing resources, unauthorized attempts, and server issues.
• Error replies will include suitable status codes, messages, and details in alignment with the API agreement.

Security Testing:

• API endpoints will undergo security evaluations to identify risks like SQL injection, cross-site scripting (XSS), and exposure of sensitive information.
• The robustness of authentication and authorization protocols will be scrutinized to guarantee protected access to grading features.

Documentation Verification:

• The API documentation produced by RSwag will be reviewed to ensure it correctly represents the endpoints, parameters, and responses that have been implemented.
• The documentation will be regularly updated to remain consistent with the actual functionality of the API endpoints.

Adhering to these design principles and testing approaches, the development of the ParticipantsController will lead to a robust, easily maintainable, and extensively tested component that fulfills project specifications efficiently.

Team

Mentor

• Chunduru Chetana

Members

• Akhilsai Chittipolu
• Koushik Gudipelly
• Sri Vaishnavi Mylavarapu