Challenge Overview
CHALLENGE OBJECTIVES
Welcome back to “Best Practices - Build API To Support Admin Web Application ”. In this challenge, we would like to update an existing backend application to support the new Admin Web Application.
Let us know in the forum if you have questions!
PROJECT BACKGROUND
Recently we just finished the design for the Admin web applications. See below the design links.
Design Marvel App links:
- Admin web application design - https://marvelapp.com/70285d1
The current backend application is composed of 3 roles (Worker, Place Admin and Patient). At the moment only Worker and Patient roles were fully implemented for the current web and mobile applications.
The Admin Web application is a new application being developed and it isn't currently being handled properly by the existing backend. For this new web application, we will need to fully implement the Place Admin role and add the Site Admin role.
REQUIREMENTS
- Implement the missing endpoints for Admin web application based on the Swagger API file provided in the forum and the requirements shown below;
- There are new endpoints to be implemented and existing endpoints to be updated. See next topic for more details;
- Use the same code style as the current base code. We are not refactoring the entire backend;
- Update any library dependency to work with current Node.Js LTS (10+) and fix all high and critical vulnerabilities (one example is the random string generator currently being used);
- Create initialization scripts to allow for verification;
- Update Swagger to allow testing the application, if necessary. Postman usage is also allowed.
CLARIFICATIONS
- Mappings from Frontend to Backend:
- Dentist -> worker
- Admin -> place admin
- Practice -> place
- All users (workers, patients, and place admins) are related to a given Place;
- Site Admin is a new role that should be added to backend;
- Site admins are the only users that can see the entire Admin Web page;
- Logging should be added. All Create and Remove endpoints must log with info level. All Edit endpoints must log with debug level. Errors must be logged using error level;
- The log must have the user currently performing the change and the new data (when applicable). Only the endpoints listed below will need logs.
Modify the isAuthorized method for Worker and PlaceAdmin models to also return true if currently logged in user has SiteAdmin role. Any other solution must be approved in the forum.
1) New Endpoints to be implemented
a) /dashboard/data - For site admin only;
b) /dashboard/{type}/aggregateMonthly - For site admin only;
c) /places - Only site admin can list places;
d) /places/create - Only site admin can create places (the design is missing alias property);
e) /places/report/export - NOT IN SCOPE;
f) /places/activate - Only site admin can activate places. This endpoint just changes the Place status;
g) /places/deactivate - Only site admin can de-activate places. This endpoint just changes the Place status;
h) /placeadmins - Site Admin can view any place admin list. Place admin can only view other place admins associated with its own place;
i) /placeadmins/create - Site Admin can create any place admin. Place admin can only create other place admins associated with its own place;
j) /workers - Site Admin can view any worker list. Place admin can only view workers associated with the admin's place;
k) /workers/create - Site Admin can create any worker. Place admin can only create workers associated with the admin's place. During creation a random password should be set;
l) /countries - All logged in users can view;
m) /states - All logged in users can view;
n) /citites - All logged in users can view;
o) /{userType}/{defaultPlaceAlias}/forgot - E-mail not in scope. Log to terminal to generate reset code;
p) /{userType}/{defaultPlaceAlias}/reset - Will reset the current password;
q) /siteadmins/signin - Sign in Site Admin role;
2) Existing Endpoints to be updated (should be minor changes - mostly role check)
a) /places/edit - Site Admin can edit any place. Place admin and Worker can only edit its own place; b) /places/get - Site Admin can view any place. Place admin and Worker can only view its own place; c) /places/remove - Only site admin can remove places. This endpoint will remove the place record from the database and all its associated data; d) /placeadmins/edit - Site Admin can edit any place admin. Place admin can only edit other place admins associated with its own place; b) /placeadmins/get - Site Admin can view any place admin. Place admin can only view other place admins associated with its own place; e) /placeadmins/remove - Site Admin can remove any place admin. Place admin can only remove other place admins associated with its own place; f) /workers/remove - Site Admin can remove any worker. Place admin can only remove workers associated with the admin's place; g) /workers/edit - Site Admin can edit any worker. Place admin can only edit workers associated with the admin's place; h) /workers/get - Site Admin can get any worker. Place admin can only get workers associated with the admin's place; i) /siteadmins/signout - Sign out Site Admin role;���
TECHNOLOGY STACK
The following technology stack will be used as part of this challenge.
- Node.js 10+
- MongoDB
Final Submission Guidelines
- Updated backend
- Verification document