Severity: Data Integrity / Feature Implementation
Component: apps/backend (Events Engine) & schema.prisma
Problem: The newly integrated Event and EventAttendee relational tables need explicit, bulletproof controller restrictions to maintain system data safety. Currently, there are no route parameters ensuring a user cannot RSVP multiple times to the same event, nor are there data validation rules preventing an organizer from accidentally registering as an attendee for their own event. Furthermore, deleting a user account will fail if that user is organizing active events due to missing cascading rules on the Event relation block.
Proposed Solution: Secure data handling boundaries within the events operational lifecycle:
Update the schema.prisma file to apply appropriate deletion constraints on the event relationship blocks (onDelete: Cascade or custom behaviors where applicable). Regenerate and apply a local development database migration.
Build robust endpoints inside routes/event.js for handling attendee check-ins: POST /api/events/:id/rsvp and DELETE /api/events/:id/rsvp.
Enforce validation layers within the controller logic:
Verify the target event exists.
Verify the authenticated user is not the creator/organizer of the event.
Query EventAttendee using the compound @unique([userId, eventId]) constraint to catch double-booking actions before writing duplicate keys, gracefully returning a 400 Bad Request instead of crashing with a raw database error.
Please assign me under gssoc 2026
Severity: Data Integrity / Feature Implementation
Component: apps/backend (Events Engine) & schema.prisma
Problem: The newly integrated Event and EventAttendee relational tables need explicit, bulletproof controller restrictions to maintain system data safety. Currently, there are no route parameters ensuring a user cannot RSVP multiple times to the same event, nor are there data validation rules preventing an organizer from accidentally registering as an attendee for their own event. Furthermore, deleting a user account will fail if that user is organizing active events due to missing cascading rules on the Event relation block.
Proposed Solution: Secure data handling boundaries within the events operational lifecycle:
Update the schema.prisma file to apply appropriate deletion constraints on the event relationship blocks (onDelete: Cascade or custom behaviors where applicable). Regenerate and apply a local development database migration.
Build robust endpoints inside routes/event.js for handling attendee check-ins: POST /api/events/:id/rsvp and DELETE /api/events/:id/rsvp.
Enforce validation layers within the controller logic:
Verify the target event exists.
Verify the authenticated user is not the creator/organizer of the event.
Query EventAttendee using the compound @unique([userId, eventId]) constraint to catch double-booking actions before writing duplicate keys, gracefully returning a 400 Bad Request instead of crashing with a raw database error.
Please assign me under gssoc 2026