Challenge Overview
The Role-Based Curriculum App (RBC App) is a tool created to automate the processes of role-based curriculum checklist management. The Role-Based Curriculum App is utilized to track the overall proficiency and capabilities of associates to perform role-based tasks.
We’ve recently completed the wireframe challenge for this application. You can see the wireframe challenge spec here to understand the application better. The backend REST services for this app will be built in Java and we've created a skeleton project structure in our backend repo. We’ve also built the Swagger documentation for these proposed REST services in the last challenge.
We’ve also run a challenge earlier for implementing some endpoints.
In this challenge, we want to
A) implement the following entities and associated endpoints (See the provided Swagger)
-
Checklists and scores (including copy team scores)
A) Fix the following issues from earlier challenge
-
missing authorization checks for all the endpoints (any user can manage users/teams)
-
only /users endpoints require authentication, others can be called by anonymous users - this is wrong. all endpoints have to be protected
-
No role authorization is performed. The role of the externally logged-in user should be checked. Usually it is configured in a @SpringBootApplication class.
-
For the authentication, the current implementation returns true in HandlerInterceptorAdapter which is not correct as we need the user in the chain/request so it's role can be checked later.
-
The logic of checking the editing user/authentication like in TeamController.activateTeam shouldn't be mixed with business logic. User should be in the request or alternatively logic should be implemented in base controller.
-
generateTeamPdf is wrong, doesn't return anything
-
generateTeamExcel is wrong - doesn't handle IO properly. also can't use team id ad file name - parallel requests would fail. has to use timestamp as well, or even better not use files at all and create the responses in memoory
-
LookupServiceImpl.getAllUserRoles not implemented - it should be removed as well as UserRole entity. UserType is used instead
-
RBCRequest is implemented incorrectly. The request should be sent to admins (admin email should be configurable). Additionally we may remove the userId from the RBCRequest entity as it is not used
Provided Artefacts
- Wireframes
- Swagger & API mapping document for various pages
- We’ve completed the frontend Angular pages for mentor and trainee roles and these are present in the frontend repo (please see forums for how to access)
- Data model & Backend Skeleton Code (please see forums for how to access)
In this challenge, you need to do the following:
Submit a Java project implementing the listed endpoints & the fixes. You are expected to use the following technologies and build off the provided backend repo.
- Java 8
- REST API
- JSON
- Apache HTTP Server
- Tomcat 8
- Spring Framework 4.x http://projects.spring.io/spring-framework/
- Log4j 1.2 http://logging.apache.org/log4j/1.2/
- Joda-Time 2.9 http://www.joda.org/joda-time/installation.html
- Oracle 11g express edition
Final Submission Guidelines
- Git patch file of changes OR All source code and scripts that address the requirements
- Please include a Postman collection for testing all your API endpoints
- The winner will be asked to make a merge request to the repository
- Please provide a demo video and a deployment guide for how to run your submission