search

Meliksahcaliskan / Learning-Management-System

This repository will be used for the Learning Management System project of the CopyWorks team under the CSE343 Software Engineering course.
GNU General Public License v2.0
1 stars 0 forks source link

create assignemnt exceptions #4

Closed OnurhanTALAN closed 5 days ago

OnurhanTALAN commented 5 days ago

in assignmentService , there are multiple reasons that the assignment creation might fail. not all of them can be displayed to the user. For example, if the exceptions "Teachers can create assignments only their assigned classes" and "An assignment with this title already exists for this class" occur, they can be displayed to user. On the other hand, if the others occur,other actions should be taken. How can ı do that ?

@Transactional public Assignment createAssignment(AssignmentRequestDTO dto, Long loggedInUserId) throws AccessDeniedException { AppUser teacher = appUserRepository.findById(loggedInUserId) .orElseThrow(() -> new EntityNotFoundException("Teacher not found")); ClassEntity classEntity = classEntityRepository.findClassEntityByName(dto.getClassName()).orElseThrow( () -> new EntityNotFoundException("Class not found") ); Course course = courseRepository.findCourseByName(dto.getCourseName()).orElseThrow( () -> new EntityNotFoundException("Course not found") );

    if (teacher.getRole() == Role.ROLE_STUDENT) {
        throw new AccessDeniedException("Only teachers, admins, coordinators can create assignments");
    }

    if (teacher.getRole() == Role.ROLE_TEACHER && !teacher.getTeacherDetails().getClasses().contains(classEntity.getId())) {
        throw new AccessDeniedException("Teachers can create assignments only their assigned classes");
    }

    // Validate that teacher ID matches logged-in user
    if (!dto.getTeacherId().equals(loggedInUserId)) {
        throw new AccessDeniedException("Teacher ID must match logged in user");
    }

    // Check if assignment title already exists for the class
    if (assignmentRepository.existsByTitleAndClassEntity(dto.getTitle(), classEntity)) {
        throw new IllegalArgumentException("An assignment with this title already exists for this class");
    }

    Assignment assignment = new Assignment();
    assignment.setTitle(dto.getTitle());
    assignment.setDescription(dto.getDescription());
    assignment.setDueDate(dto.getDueDate());
    assignment.setAssignedBy(teacher);
    assignment.setClassEntity(classEntity);
    assignment.setCourse(course);
    assignment.setDate(LocalDate.now());

    return assignmentRepository.save(assignment);
}
Haruncakir commented 5 days ago

The exception stating that "teachers can create assignments only for their assigned classes" cannot be enforced on the front end, as classes for which the teacher does not have permission are not displayed and therefore not available as options. However, there are alternative methods for directly sending requests to the back-end that could potentially bypass this restriction. Consequently, this exception remains relevant and necessary.

Haruncakir commented 5 days ago

Similarly, other states are affected for the same reason; direct interaction with the back end, bypassing the front end, is possible. Therefore, no additional actions are required on the front end. This approach is implemented for security reasons.