- I have used a remote postgresql database, provided by Railway.
- Only 500 hours of usage available.
- User belongs to Role Primary Key of Role is the Foreign Key of User.
- School has many Student Primary Key of School is the Foreign Key of Student.
- User has many Student Primary Key of User is another Foreign Key of Student.
- There is no restriction on the name of the Role during its creation, but the scopes associated with a Role, should only consist as the following:
user-get
student-get
student-create
role-get
school-get
school-create
school-students
-
I assumed two Roles: Admin and Principal. Admin gets user-get and role-get scopes. Principal gets all the other scopes.
-
Some endpoints require a particular scope. It is implemented as said in the problem statement.
- CheckUserScope
Checks if the signed in user has the required scope to access endpoints.
- Validation
Validatorjs is used.
-
The school/student endpoint returns only the students of the particular school only.
-
The GET /student endpoint returns only the students of the user that is logged in.
- I used Postman throughout the development of this application.