A student that completes this project shows that they can
- perform CRUD operations on an RDBMS using JPA and Hibernate.
- implement a data seeding class using JPA and Hibernate
- use JPA and Hibernate to perform advanced query operations on a RDBMS.
- add relationships between tables.
- implement Spring Security and OAuth2. to provide authentication for a project.
Specifically
- Seed Data
- CRUD Operations
- H2 Connections
- Authentication
This is a basic todo database scheme with users and a todo list.
Create a REST api service to store and read data from H2 database.
- seeddata.java is a sample script that can be modified to populate the database
- note that all new todos default to completed = false;
The table layouts are as follows:
-
All tables should have audit fields / columns - createby createddate modifiedby modifieddate
-
TODO
- todoid primary key, not null long
- description string, not null
- datestarted datetime
- completed boolean
- userid foreign key (one user to many todos) not null
-
USERS
- userid primary key, not null long
- username string, not null unique
- password string, not null
-
ROLES
- roleid primary key, not null long
- rolename string not null unique
-
USERROLES
- roleid foreign key to role
- userid foreign key to user
Expose the following end points
-
GET /users/mine - return the user and todo based off of the authenticated user. You can only look up your own.
-
POST /users - adds a user. Can only be done by an admin.
-
POST /users/todo/{userid} - adds a todo to the assigned user. Can be done by any user.
-
PUT /todos/todoid/{todoid} - updates a todo based on todoid. Can be done by any user.
-
DELETE /users/userid/{userid} - Deletes a user based off of their userid and deletes all their associated todos. Can only be done by an admin.
-
hint - think about taking the project https://github.com/LambdaSchool/java-oauth2.git and modifying it to fit this application
- Update the end points below:
- POST /users/todo/{userid} - adds a todo to the assigned user. Can only be done by the authenticated user. A user can only modify their own data.
- PUT /todos/todoid/{todoid} - updates a todo based on todoid. Can only be done by the authenticated user. A user can only modify their own data.
- add appropriate end points to manage users giving only admin access to these.