yoanpetrov02 / student-management-system Goto Github PK

The existing code has to be documented with Javadoc to ensure that things like thrown exceptions are described properly.

Remove the numberOfStudents field from this entity and make the getter for it count the number of users with a 'STUDENT' role that are enrolled in it, using streams API.

The user_accounts table should be removed and the data from it should move to the users table. Instead of making new tables for those things, we can use DTOs.

A login page has to be returned when a user enters the website without being authenticated.

The README file has to contain details about:

• An overview of the application, what is its purpose and what it does
• How to install the application and use it
• How it works and what technologies are used
• Other meaningful parts can be added on the go.

These templates have to be added for developers to be able to set up their own local development environments.
The reason for this is that the application.properties file can contain sensitive data, such as database username and password, which are unique to the user, and shouldn't be shared on a public repository.

In all controllers, there are handlers that take an id and a response body object. Example:

@PostMapping("/{courseId}/users")
public ResponseEntity<User> addUserToCourse(
        @PathVariable Long courseId,
        @RequestBody User requestUser
    )

Here, the requestUser parameter can easily be a path variable instead of having to make the client pass the whole details of the user when they really just need the id.
All controllers have 1-2 handlers that follow the same pattern. The task is to change this to only use path variables in the method arguments.

Error message handling should be implemented for the different kinds of errors instead of just returning a status code without any body. This should be done by extending the ResponseEntityExceptionHandler class and using the @ControllerAdvice annotation, so read more about them before implementing the changes.

Useful links: Baeldung

The integration tests are not working. Try with:

• Creating a different profile with detailed configurations for testing and for development to see whether it fixes the problem.
• If this doesn't work, find a way to completely turn off spring security for the tests.

After removing the user_accounts table, JWT authentication has to be implemented.
We need to add:

• A Spring Security JWT filter (OncePerRequestFilter);
• A Spring Security configuration (WebSecurityConfigurerAdapter);
• A service that can create/validate JWT tokens;
• Proper DTOs to transfer the data easily.

• Change JWT token validation to validate tokens properly.

The controllers should not be throwing exceptions. This should be changed so that only the services throw these exceptions. The exceptions can then be handled using AOP (leaving this for later).

Add a logger to each controller/service for debugging purposes.

Enable method security and apply it to all methods in the controllers.

Useful links: Baeldung

We need to add this dependency in order to be able to support hot reloading of the server for smoother development.

Add JSON validation to all endpoints using @Valid from Hibernate.

Useful links:

• Baeldung - Validation in Spring Boot
• Baeldung - Differences between @Valid and @Validated

haha description