DPS907 programming assignment – specifications 2

DPS907 programming assignment specifications, document 2, for the November 15 due date.

.

Link to the assignment overview document.

Link to the specifications document 1.

.

Due date, November 15, 2013, at 1:30pm ET

The overview document asked you to complete the following by November 15, 2013, at 1:30pm ET:

Course entity support, includes:

  • view model classes
  • repository
  • controller (for get, post, put, delete)

Deployed on an Azure web site

.

Security infrastructure

Your web service will use the professor’s OAuth infrastructure web app to issue and validate access tokens.

Anonymous users will be able to send ‘get-all’ and ‘get-one’ requests for the Course entity.

Users in the “Faculty” role will be able to add (POST) and update (PUT) a Course object.

Users in the “Student” role will be able to update (PUT) their own Student object, most notably the ability to modify the Courses property/collection.

If you are using a “Student” access token, you must be able to update your own Student object. You must NOT be able to update someone else’s Student object. That’s what the check/match is for. It was in the ‘get-one’ method, but you must do that check in the ‘update-existing’ method (that responds to HTTP PUT).

So, in the situation where you are allowed to ‘update-existing’ to your own Student object, the check/match will ensure that you can. So, for example, you may want to add a specific “Course” to a Student object’s collection of Courses.

You should probably do that as a ‘command’. Remember these notes and task:

https://petermcintyre.com/dps907/notes/oct11/ – Handling ‘commands’ in a web service

https://petermcintyre.com/dps907/graded-work/lab3/ – more how-to info

.

Expectations for work quality

Follow best practices.

Your app’s design must conform to the System Design Guidance diagram, and the web service must be hypermedia-driven.

.

.

.

.

.

.

.

.

.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: