DPS907 WSA500 Assignment 10

Work with object ownership in an app.

Read/skim all of this document before you begin work.

 

Due date

Wednesday, November 23, 2016, at 11:00pm ET

Grade value: 5% of your final course grade

If you wish to submit the assignment before the due date and time, you can do that.

 

Objective(s)

We need a web service that feeds data for a social media app. The topic we’re testing is the ability to work with data that may be private to its owner.

 

Introduction to the problem to be solved

We need a web service that enables registered users to create hobby or craft “projects”. Each project can have associated media items (e.g. photo, video, etc.). The inspiration for this idea was apps like Pinterest or Trello.

A user’s project can be private, public, or shared.

A shared project can have a collection of users, who can contribute media items to the project.

The web service trusts an IA Server, which will perform identity management tasks, and authentication. A user of the web service must obtain an access token from the IA Server before they can access secured resources. The web service trusts an access token that’s generated by the IA Server, so it can validate the token.

Your work will be hosted publicly on Microsoft Azure Services.

 

Specifications overview and work plan

The following specifications apply to all of your assignments:

  • Follows best practices
  • Implements the recommended system design guidance
  • Customized appearance on the landing web page
  • Uses Entity Framework and Code First technology
  • Includes a Fiddler log file that shows complete coverage of tests

For this assignment, here is what we’re looking for:

  • Enable a “Project” object to be shared with other users
  • Enable other users to view and add “Media” objects to a specific/allowed “Project”

 

During the class/session, your professor will help you get started and make progress on this assignment.

Every week, in the computer-lab class/session, your teacher will record a grade when you complete a specific small portion of the assignment. We call this “in-class grading“.

The in-class grading will be announced in-class by your professor.

 

 

Getting started

In the GitHub code example repository, there are two projects that you can use as-is for this assignment.

The IAServerV2 (version 2) project is in the Week 9 folder. Get that, and use it as your IA Server.

The Assign10Base project is in the Week 10 folder. Get that, and use it as a base, or foundation, for this assignment.

Using the controller method in the IA Server project, generate a new machine key value. Then, add this to both apps.

Remember to customize the home controller’s index view with your personal information, and the _Layout.cshtml view template with the application name. Do this for both projects.

Build/compile, and run (without debugging), to ensure that each app’s home > index view loads in a browser.

 

Get oriented to the Assign10Base app

It has two entities in its design model. Click the image to open it full-size in its own tab/window.

DesignModelClasses

 

Two “Project” objects were created by user1@example.com (which has the standard initial password was Password123!). One “Media” object was created. The app includes a Fiddler archive. Open it to inspect the requests that created these objects. (After you make changes to the app, it is likely that those objects will not be queryable any longer.)

In Visual Studio, use the Task List to inspect the code that’s been highlighted with the “Attention” comment token. Study the features of the app.

Notice that the app currently works in a way that allows a user to work only with objects they have created. However, you will make a small change (described later) to that functionality.

Media items are defined by their own class, named “Media”. Adding a media item is a two-step process:

  1. First, the media item is created, with metadata
  2. Then, the media item’s byte-oriented content is uploaded/set/configured

Inspect the logic chain that implements this, including the controller methods, and manager methods.

 

Use cases and scenarios

When the app is complete, it will support the following additional functionality:

  • Each user account will have some task-oriented custom claims
  • A single (i.e. “get one”) Shared project (and its Media items) will be available to the owner, and to the users it has been shared with (you do not modify the “get all” projects methods)
  • A user in a Shared project, with the right claim, will be able to add new media items to the project

Before you begin coding, plan your authorization strategy, and your query and data access strategy. Write them down, so that you don’t forget this information. Each use case will be enabled by a specific combination of query terms.

How can you think about the use cases and object relationships? Well, consider this example. Remember, the app is designed to enable a user to create and maybe share a hobby or craft project.

 

How it will work

The app enables many human users to register for an account. Each user is able to create (zero or more) projects. Each project can have (zero or more) media items associated with it.

Assume that the user named Peter created a new project named “Raptors Game November 13 2015”. It was created as a “Shared” project. The project will initially be visible only to Peter (because Peter created the project).

Workflow visualizations 1

 

Two photos were added, associated with the project. Maybe they’re game action or selfies; whatever.

Workflow visualizations 2

 

Later, Peter talks to another user named Marie, and learns that Marie also went to the game, and has some photos. Peter decides to share the project with Marie, so that she can view the project and its media, and also contribute her photos.

Workflow visualizations 3

 

Next, Marie adds two photos, associated with the project. The project, and its media, is visible to Peter and Marie. Both can add photos and other media items.

Workflow visualizations 4

 

Doing the work

There are several tasks that must be done to complete this assignment:

  1. Plan and implement the claims configuration
  2. Add a new entity to support shared projects
  3. Modify existing entities to support shared projects
  4. Modify existing logic

 

Plan and implement the user account and claims

Your app will need new users with specific claims. Each will include a new custom claim named “Task”. It can have a value of “ProjectView” or “ProjectContribute”.

Therefore, in the IA Server app, add these claims to the master list of allowable claims.

Then, plan to add some users (with claims), but do the planning first. Write these down somewhere. Maybe use a simple table as an organizing device, as in the example below (use your own name and your friend names!).

We suggest that you use real names. Use your own name (maybe as the project owner), and names of 3 or 4 friends. This will make it easier to visualize the people involved, and what they are doing in the app.

User Role Custom claim(s)
Peter Member ProjectView, ProjectContribute
Sue User ProjectView
Ian Member ProjectView, ProjectContribute
Nagham User ProjectView
Asma User (none)

 

Next, think about claims. For role claims, maybe you can think about using “User”, for standard users of the app, and “Member” for users who pay an annual subscription fee for additional service and functionality. (This app will not implement billing or any other such functionality. The idea is simply to create users that have different roles.)

For the custom claims (“Task”), we suggested (above), you can use “ProjectView” and “ProjectContribute”. You can also design some other custom claims (“OU” or whatever). See the example above.

Then add these new users, and their claims, using the IA Server “api/account/register” endpoint.

 

Design and implement project-sharing entities

As noted above, a project owner can decide to share a project with other users. For each user, the project owner determines the kind of access the user has to the project. Initially, the two access levels will be “View”, which should be self-explanatory, and “Contribute”, which indicates that the user can contribute a media item to the project.

A new entity class (perhaps named Sharer) is needed to store the user name and access level. Both will be string properties. A project will have a to-many association with Sharer, which means that a project can be shared with zero or more users. At the other end of the association, Sharer has a required to-one association with Project. It should also have a date-time property, perhaps named DateUpdated. You should be able to figure out whether its date-and-time value is supplied in the request or set by the app’s logic.

Next, the Media entity needs to be modified. It needs a “Contributor” string property, holding the user name of the user who created the media item.

Here’s what the updated design model could look like. Click to open it full-size in its own tab/window.

DesignModelClasses

 

Build/compile your work so far, to ensure that there are no errors.

At this point in time, it will probably be a good idea to configure Code First Migrations. You may recall that you did this in Assignment 6; some of that info is repeated here:

Open the package manager console, and configure the initial state of the migrations task. Run these commands, in the sequence shown, and make sure each command completes without errors:

enable-migrations

add-migration Initial -ignorechanges

update-database

 

Next: After you modify the Media entity, consider whether its resource models need modification. Yeah, you should probably do that work now, before moving on.

 

Complete the entity-related tasks for Sharer

As you know, there’s a set of entity-related tasks that must be done after adding a new entity class (i.e. Sharer) to the app’s design model. Plan on completing them now, by following this list of reminders:

  1. Add DbSet property to the data context class
  2. Write/create resource model classes
  3. Write/create the AutoMapper maps in the WebApiApplication class

 

Plan the logic changes

So… the original “Assignment 10 Base” app allowed a user to create a “project”, with “media” items.

Your work will open up the ability for a friend (sharer) to view a project, and maybe contribute media items.

We will have to re-visit the use cases, to make sure that the logic/coding changes will do the job. Here’s a summary table that you can use to guide your work. After the table, some guidance and suggestions are offered to help you complete the work.

Use case User/identity check(s) Must have these role and custom claims
Project get all Owner Role = User or Member
Project get one Owner or Contributor Role = User or Member
Task = ProjectView
Project add new Role = Member
Task = ProjectContribute
Project share Owner Role = Member
Media get all Owner Role = User or Member
Media get one Owner or Contributor Role = User or Member
Task = ProjectView
Media add new (metadata and content) Owner or Contributor of the media item’s project Role = Member
Task = ProjectContribute

 

Edit some of the existing use cases to match the plan

The original base project has controller methods that work, but they do not have all the authorize attributes shown above. It’s also possible that the manager methods don’t have all the user / identity checks that are needed.

Therefore, the first task would be to edit the existing use cases in the original project to match the plan.

Let’s do the easy ones first: Project get-all and add-new, and Media get-all are easy to change, they just need authorize attributes. The others need logic changes. Before doing those, we will enable project sharing.

 

Sharing a project with a user

Enable the owner of a project to share it with another user.

We suggest that you implement this as a command (i.e. a PUT request) in the Project controller. Place the username, the access level, and the project identifier in the request body. This implies that you need a new resource model to hold the username, the access level, and project identifier.

The app logic will then cause a new Sharer object to be created. It should check for an existing sharer object that has a matching username, access level, and project. Don’t create a duplicate.

Note: We do not really need a Sharers controller in this assignment.

 

 

Edit the remaining use cases to match the plan

Now we’re ready to edit the remaining use cases.

 

Project get-one

The Project get-one use case needs changes in the manager method. The existing logic looks like this:

  1. Attempt to fetch the matching project object, based on matching identifier, and matching owner
  2. If null, return null
  3. Alternatively, return the project object

Now, we are allowing another user – a sharer – to fetch the matching object. In other words, the security principal will be based on the other user/sharer, and NOT the owner. Therefore, the flow from #2 onwards needs to be changed. For example:

  1. Attempt to fetch the matching project object, based on matching the project identifier, and matching owner name
  2. If null, do one more check…
  3. Attempt to fetch, from the Sharers entity collection, a Sharer object that matches the project identifier, and sharer name
  4. If the Sharer object is null, return null
  5. Alternatively, attempt to fetch (again) the matching project object, based only on a match with the project identifier
  6. If null, return null
  7. Alternatively, return the project object

 

Media get-one

The Media get-one use case also needs changes in the manager method. The existing logic looks like this:

  1. Attempt to fetch the matching media object, based on matching identifier, and matching owner
  2. If null, return null
  3. Alternatively, return the media object

Now, we are allowing another user – a sharer – to fetch any media objects in a shared project. Therefore, the flow needs to be changed. For example:

  1. Attempt to fetch the matching media object, and its associated project object, based on matching the media identifier, and matching owner name
  2. If null, do one more check…
  3. Using the associated project identifier, attempt to fetch, from the Sharers entity collection, a Sharer object that matches the project identifier, and sharer name
  4. If the Sharer object is null, return null
  5. Alternatively, attempt to fetch (again) the matching media object, based only on a match with the media identifier
  6. If null, return null
  7. Alternatively, return the media object

 

Media add new (metadata and content)

The Media add-new use cases (for both the metadata and the byte/stream content) also need changes. The existing logic looks like this:

  1. Attempt to fetch the associated project object, based on matching identifier, and matching owner
  2. If null, return null
  3. Alternatively, attempt to add the new media item
  4. Set its association and ownership properties
  5. Return the media object

Now, we are allowing another user – a sharer – to add a media object in a shared project. Therefore, the flow needs to be changed. For example:

  1. Using the project identifier, attempt to fetch, from the Sharers entity collection, a Sharer object that matches the project identifier, and sharer name
  2. If the Sharer object is null, return null
  3. Alternatively, attempt to fetch the associated project object, based on matching project identifier
  4. If null, return null
  5. Otherwise, attempt to add the new media item
  6. Set its association, ownership, and contributor properties
  7. Return the media object

 

 

Deploy your work to Microsoft Azure Services

More to come…

After you have created your “app service” (web app) for your Assignment 10 work, you will have a URL to the site (on azurewebsites.net).

Before deploying to Azure, edit the Home controller’s Index view, and add a nicely-formatted hyperlink, using the URL (above). That way, when we check/grade your work, we have the URL to your Azure-deployed app.

Detailed instructions for Azure deployment will be published within a few days. If you need help, your professor will help you with deployment early next week.

 

 

Testing your work

Use Fiddler.

Ensure that it has been configured to save the message bodies in requests and responses. (A default installation does not do this.) If you are using a College computer, this should have been configured, but check anyway. If you installed Fiddler on your own computer, follow the instructions on this document.

Test all scenarios (use cases). Make sure that you test error or error-like scenarios.

 

Saving – “exporting” – your tests

On the left side list of requests, you can delete items that you do not want included in the export.

When you’re ready to save, choose File > Export Sessions > All Sessions…

The export format will be “HTTPArchive v1.2”. Click the Next button to choose a save location (your project’s root, in the same folder level as the “packages” folder and specify a filename. Name the file by using the project name (e.g. “<whatever>.har”).

(You can test whether the export was successful. How? First, close then re-open Fiddler. Choose File > Import Sessions. Select “HTTPArchive” as the import format. Navigate to the folder that holds the “har” file, and select it. Finally, browse through the request-response sessions.)

 

Reminder about academic honesty

You must comply with the College’s academic honesty policy.

Although you may interact and collaborate with others, you must submit your own work.

 

Submitting your work

This Assignment 10 has a modified submission process (when compared to earlier assignments).

We need both projects to be able to grade your work.

Therefore, here is the modified procedure:

  1. Make copies of both projects
  2. For each project, remove its packages, bin, and obj folders
  3. Zip both projects together (in one zip file), and upload to the designated location on My.Seneca/Blackboard before the due date-and-time

 

For example, assume that you are currently viewing a folder named “A10” in File Explorer.

It should have these two sub-folders:

  1. IA
  2. Assign10

Select both folders, then zip them into one zip file result.

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Advertisements
%d bloggers like this: