[SOLVED] 代写 database security CIS 341 – Project: Final submission

CIS 341 – Project: Final submission
Project: Final submission
The goal of this project is to design and implement a web application that allows a restaurant to receive and manage orders from customers and manage materials stock.
In this checkpoint, your objectives are as follows:
• Transform the business model entities into a relational database
• Seed the database with sample data to facilitate customer and employee operations
• Connect the database to the Controllers and Views to implement the Create-Read-
Update-Delete operations necessary to make the website functional
• Implement authentication and authorization to enable access control
• Unit test the relevant Controller methods to ensure correctness of the implementation
This document is work in progress. Major changes are unlikely, but some details may be refined based on student feedback.
Application requirement specification
The application has three main user groups:
• Restaurant customers who submit orders through the Web interface
• Employees who review and process the orders at the restaurant
• Managers who review and manage stock levels at the restaurant
Required functionality for each user group:
• Customers must be able to add one or several food items to their order.
• Customers must be able to view food items currently in their shopping cart for the order.
• Customers must select a restaurant where the order is sent.
• Customers must provide a valid email address and credit card number (with expiration
date and security code) to submit the order.
• Employees must login to the application with their personal credentials.
• Employees must be able to see a list of orders submitted to a specific restaurant.
• Employees must be able to view the details of a specific order.
• Employees must be able to update the status of an order (waiting – in preparation – ready
for pickup).
• Employees must be able to remove an order that has been completed.
• Managers must be able to login to the application with their personal credentials.
• Managers must be able to see a list of ingredients and their stock levels.
• Managers must be able to add one or several ingredients to an order.
• Managers must be able to submit the order.
• Managers must be able to update the stock levels of ingredients.
1

CIS 341 – Project: Final submission
Final submission requirements
Transform the business model entities into a relational database
Update the business model entities you created for Checkpoint 1 based on the in-class demos of Entity Framework and class discussions.
• Add the necessary keys (primary and foreign) and navigation properties to enable querying and updates of related data within the database tables.
• Add any necessary join tables between entities to enable many-to-many relationships. Use the in-class demo and ASP.NET Core documentation for guidance on how to approach this.
• Add the necessary data annotation attributes to the business model entities (e.g., data type, minimum/maximum values, required/maximum length, etc.) to enable validation during the model binding and validation process.
• Add the necessary code to the web app to generate the database from the business model entities. You can achieve this automatically through scaffolding (add a Controller with CRUD Views using Entity Framework) or manually (using the DbInitializer class and related code used in the class demo).
Seed the database
Implement the necessary functionality to seed the application database with sample data.
• Populate all the tables in the database with sample data, except for the tables containing customer orders, ingredient orders and the related join tables. These tables will be updated when customers make orders or managers add ingredient orders.
• There should be enough sample data for customers, employees and managers to be able to perform their actions with the website.
• You may use the DbInitializer class from the class demo as starting point.
Connect the database to the Controllers and Views for CRUD operations
This part of the assignment builds on Assignment 4. Use it as a starting point to complete the functionality of the web application.
• Implement the necessary functionality in Controller action methods to query and update the database through Entity Framework Core LINQ queries.
• You should make use of both server-side validation (using the built-in ModelState object) and client-side validation via jQuery Unobtrusive Validation (using form tag helpers to generate the validation messages).
• Implement ViewModel classes as necessary to perform model binding on form submissions if you want to avoid binding directly to business model entities. This is also helpful with avoiding over-posting.
• The primary goal of this portion of the project is to ensure that the database is appropriately updated as a result of user actions. It is not necessary to focus on the look and feel of the web application, but I would recommend that you use the Bootstrap framework that is bundled with new projects to provide baseline UI styling.
2

CIS 341 – Project: Final submission
Implement authentication and authorization
Implement the necessary functionality to add authentication and access control through authorization to the web application.
• Add ASP.NET Core Identity with Individual User Accounts to the project (see week 11 ASP.NET security demo) to provide basic login/logout functionality for the app.
• You may either create a new project using Individual User Account authentication or manually add Identity support to an existing ASP.NET Core 2.1+ project (recommended).
• Add support for Role-based authorization to enable the use of authorization attributes on Controllers and action methods. We will go through a demo of implementing roles in class in Week 12.
• The application should support two user roles: authenticated users should be considered employees and managers should have a dedicated Manager role.
• Seed the user account database to create at least one user with the Manager role. To save some time, you can use the registration UI to create normal user accounts to represent employees.
• Appropriately restrict access to for those Controllers/action methods that should not be accessible to the public.
Retrospective
Include a brief retrospective (approximately 200-300 words) that discusses the following questions:
• What you think went well with the project? What did you learn?
• What didn’t go so well – did you struggle with some aspects of the project?
• What would you differently when completing a similar project in the future?
Submit the retrospective in the project dropbox in Microsoft Word or PDF format.
The retrospective will not be graded but it is required. Failure to include a retrospective will result in a 5% reduction in points.
Due date and submission
The checkpoint is due by 11:59 PM on Sunday, May 12.
Upload materials in D2L in the dropbox named “Project: Final submission”.
Late submissions will receive a 10% reduction in points for every 24 hours the submission is late. Submissions that are more than 5 days late will receive a grade of 0.
Grading
Rubric updated 5/3/2019 – added more detailed descriptions of each category.
This checkpoint awards a total of 15 points according to the following breakdown:
• Transform the business model entities into a relational database – 3 points
3

CIS 341 – Project: Final submission
o Each entity class should have a corresponding data base table (DbSet) – 1 point o One-to-many and many-to-many relations should be appropriately mapped using join table classes and navigation properties in entity classes, in order to enable
LINQ querying – 1 point
o Thedatabase(DbContext)shouldbeinitializedasapartofappstartupandadded
as a service that can be used in Controller actions through dependency injection
– 1 point
• Seed the database with sample data to facilitate customer and employee operations – 2
points
o The web app should check when started whether the database exists. If the
database does not exist, seed it with sample content. – 1 point
o Sample content should be provided for menu items (shown to customer in the customer-facing UI), restaurants (selected by customer when submitting order), order status (set when customer order is created) and ingredients (show to
managers when they create a stock order) – 1 point
• Connect the database to the Controllers and Views to implement the Create-Read-
Update-Delete operations necessary to make the website functional – 6 points
o Forcustomer-facingUI,implementaviewandassociatedcontrollermethodsthat
shows menu items and allows them to be added to a shopping cart – 1 point
o Forcustomer-facingUI,implementaviewandassociatedcontrollermethodsthat
allow the user to submit their order – 2 points
o Foremployee-facingUI,implementaviewandassociatedcontrollermethodsthat
allow the employee to update customer order status and deleted orders – 2 points o Foremployee-facingUI,implementaviewandassociatedcontrollermethodsthat
allow a manager to submit a stock order for ingredients – 1 point
• Implement authentication and authorization to enable access control – 4 points
o Add the ASP.NET Core Identity with Individual User Accounts to the project to provide user login functionality – 1 point
o Create roles and seed the user accounts with Manager role – 1 point
o Restrict access to Controllers/action methods using appropriate authorization
controls – 2 points
4