-
Notifications
You must be signed in to change notification settings - Fork 0
Lab 9 Report
Date: April 30, 2026 Attendees: Amin Abu-Hilga, Övgü Su Afşar, Muhammet Sami Çakmak, Beratcan Doğan, İbrahim Kayan, Mehmet Bora Sarıoğlu, Burak Ögüt
We revisited every wiki requirement and tagged each as DONE, PARTIAL, or MISSING against the current code. All wiki requirements are committed to Final Delivery — none are deferred.
Scoping meeting for Blog, Community, and Profile-content requirements. Before implementing the Blog (1.1.6), Community (1.1.7–1.1.12 and 1.2.4), and Profile-content (1.2.2) clusters, we will hold a dedicated meeting with the instructor and a project stakeholder to confirm priorities, refine user-facing surfaces, and lock acceptance criteria. The meetings are scheduled this fridayand the second one in the final week of the project, after the smaller well-bounded features (mentorship lifecycle, meetings, tasks, advanced recommendation, notifications, admin) have shipped, so the community-style features are implemented against confirmed scope.
| # | Status | Note |
|---|---|---|
| 1, 2, 3, 4, 5, 9, 10 | DONE | profile CRUD, recs, requests, messaging (#245), single-active-mentor, keyword search |
| 6 | MISSING | Task submissions (#248) |
| 7 | MISSING | feedback on TaskSubmission |
| 8 | MISSING | Meeting entity (#284) |
| 11 | MISSING | mentor rating after end |
| 12 | MISSING | cancel + auto-ban |
| 13 | MISSING | Report entity |
| # | Status | Note |
|---|---|---|
| 1–3, 5–7, 11, 12 | DONE | profile, candidates, accept/reject, messaging, capacity, durations |
| 4 | PARTIAL | over-fires (bug #273) |
| 8 | PARTIAL | only weekly slots; need Meeting entity |
| 9, 10 | MISSING | covered by Task entity (#248) |
| 13, 14 | MISSING | extend / end-early endpoints |
| 15 | MISSING | Blog (scoping meeting) |
AdminController is stub-only. Build ban endpoints + Ban entity + Report review queue (depends on shared Report entity).
| # | Status | Note |
|---|---|---|
| 6, 7 | DONE | privacy at rec stage (verify), mentees can't find mentees |
| 1, 2, 8 | PARTIAL | background factor missing; over-fires (#273); capacity race (#270) |
| 3, 4, 5 | MISSING | location proximity, diversity branch, factor explanations |
| # | Status | Note |
|---|---|---|
| 1–4 | DONE | STOMP+REST, history, attachments (#245) |
| 5 | PARTIAL | mentor↔mentor wiring (#284) |
| # | Status | Note |
|---|---|---|
| 1 | DONE | weekly availability |
| 2 | PARTIAL | needs Meeting entity (separate from AvailabilitySlot) |
| 3, 4, 5, 6 | MISSING | confirmation/reminder notifications, reschedule flow, auto-terminate scheduler |
| # | Status | Note |
|---|---|---|
| 6 | DONE | sharedGoal endpoint |
| 1–5, 7, 8 | MISSING | Task + Milestone entities, submissions, feedback, progress aggregation, reminders (#248) |
Blog post + comment + like entities + /api/blogs CRUD + mentor profile integration (#283). Final scope to be confirmed in the stakeholder meeting.
Final scope to be confirmed in the stakeholder meeting before last-week implementation. High-level plan, by subsection:
| Subsection | Reqs | Plan |
|---|---|---|
| 1.1.7 Creation & Membership | 16 |
Community entity (immutable name, slug, visibility enum), Moderator + MembershipRequest entities, join/leave/approve endpoints |
| 1.1.8 Posts & Comments | 19 |
Post (TEXT/IMAGE/VIDEO/LINK/POLL via type enum + Poll sub-entity), Comment with parentId, Bookmark, Award; CRUD with author/mod checks |
| 1.1.9 Voting & Reputation | 6 |
PostVote/CommentVote (unique per user-target), cached postReputation/commentReputation on User, hot-score ranking |
| 1.1.10 Feed & Discovery | 5 |
/api/feed/home, /api/feed/popular, community feed; sort modes hot/new/top/rising/controversial |
| 1.1.11 Moderation | 14 | mod management endpoints, CommunityBan/CommunityMute, AutomodRule (spam, keyword, flair, suspicious-activity flagging), admin override endpoints |
| 1.1.12 Reporting | 5 | unified Report entity (polymorphic target) + ReportRoutingService (mod-first vs. admin-direct based on violation type) |
| # | Status | Note |
|---|---|---|
| 4, 5 | DONE | only-relevant-users, REQUEST_ACCEPTED |
| 1, 2 | PARTIAL | in-app only; FCM dispatch missing |
| 3, 6, 7 | MISSING | meeting reminders, REQUEST_SUBMITTED, task/milestone reminders + scheduler |
Final scope to be confirmed in the stakeholder meeting (profile-content cluster).
| # | Status | Note |
|---|---|---|
| 1, 2 | DONE | background/goals/skills/interests, mentoring prefs |
| 3 | PARTIAL | mentee visibility exists; add to mentor |
| 4 | MISSING | depends on Blog |
| 5 | MISSING | add city (+ optional lat/lng) to User |
Registration, unique email, password validation, email verification, login/logout, JWT, error on bad credentials.
Public read endpoints for posts/comments, scoped API tokens for moderation tools, API-key issuance for third-party integrations, rate limiting (shared with #252). Final scope in the stakeholder meeting.
24/7: PARTIAL (production deploy + monitoring planned). Web + mobile: DONE.
| # | Status | Note |
|---|---|---|
| 1 | DONE | BCrypt |
| 2 | PARTIAL | HTTPS at deploy layer |
| 3 | MISSING | data export + delete + consent (GDPR/KVKK) |
| 4 | MISSING | escalating temp-ban from cancelCount
|
| 5 | MISSING | rate limit (#252) + CAPTCHA + content heuristics |
| 6 | MISSING | vote rate limit + rapid-sequential detector + sockpuppet check |
| 7 | MISSING | device fingerprint + IP + email-domain checks at registration |
| 8 | MISSING | time-window graph clustering on vote/post patterns |
| # | Status | Note |
|---|---|---|
| 1, 3 | DONE | event-driven notifications, basic rec processing |
| 2, 4, 5 | UNVERIFIED | DevOps load tests pre-Final-Delivery |
Five backend bugs identified in Lab 8 must be closed before final delivery:
-
#270 Mentor capacity race in
MentorshipService.acceptRequest— add DB-level optimistic lock -
#271 NPE risk when JWT lacks
userId/roleclaims — null-safeJwtAuthenticationFilter -
#272 Inconsistent timezone handling — standardize on
Clock+ UTCOffsetDateTime - #273 Match-found notification fires on every browse — fire only on new top-match change
-
#274 Missing per-resource authorization on
GET /api/availability/{mentorId}
The Final Milestone plan (wiki) is being expanded to cover every wiki requirement — none are deferred. Priority order for the remaining sprints:
- Core mentorship lifecycle — end/extend/cancel/auto-terminate/auto-ban/rate
- Meetings — Meeting entity + reminders + reschedule flow
- Tasks & milestones — Task/Milestone entities, submissions, feedback, progress aggregation
- Recommendation overhaul — location, diversity, explanation
- Blog — full CRUD + mentor profile integration (#283)
- Notifications — FCM dispatch, new types, reminder schedulers
-
Admin & moderation — admin endpoints (ban/list/reports), unified
Reportentity (shared with community reporting) - Communities — Phase A Community + membership + visibility + moderator role (1.1.7)
- Communities — Phase B Posts (text/image/video/link/poll), edit/delete, share/save, mod approval, pin (1.1.8 posts)
- Communities — Phase C Comments, replies, comment voting, awards (1.1.8 comments)
- Communities — Phase D Voting + reputation scoring (1.1.9)
- Communities — Phase E Feeds (home / popular / community-specific) + sort modes (1.1.10)
- Communities — Phase F Moderation + automoderation rules + admin oversight (1.1.11)
-
Communities — Phase G Reporting flow (extends shared
Report) (1.1.12) - Public Community API + integrations with rate-limiting middleware (1.2.4)
- Anti-abuse hardening — spam-bot, vote-manipulation, ban-evasion, coordinated-abuse detectors (2.2.5–2.2.8)
- GDPR/KVKK compliance — data-export + delete endpoints + consent UI
- Lab 8 bug closures — five fixes (#270–#274)
- DevOps hardening — production deploy, monitoring (Prometheus + Grafana), load testing for performance requirements 2.3.2 and 2.3.5
Acceptance Testing Strategy
- How will you structure your acceptance tests?
- We will structure our acceptance tests around specific user journeys (e.g., "Mentee registers -> verifies email -> logs in") and categorize them based on system roles (Mentee, Mentor, Admin).
- Following the structured test document format introduced in the lectures, each test will include specific fields such as a unique Test Case ID, Test Title, Pre-conditions, sequential Test Steps, Test Data, and Expected Results.
- To ensure complete traceability, every test case will be directly linked to a specific requirement ID or user story.
- For every critical workflow, we will design at least one "happy path" (normal operation) and 1-2 high-risk negative scenarios. We will utilize extreme or invalid data (e.g., full mentor capacity, unauthorized access attempts, invalid tokens) to expose potential defects.
- We will implement a seed or reset mechanism for test data isolation to ensure each test runs in a clean, predictable state.
- What is your acceptance testing strategy?
- Our core strategy relies on requirements-based black-box testing, focusing on validating the system's functionality and performance from the user's perspective without needing to know the internal code structure.
- We will utilize Playwright for automated End-to-End (E2E) testing to verify realistic user flows within actual browser environments.
- System testing will be executed in an integrated environment (frontend combined with backend, such as local Docker or a staging server) to ensure all components interact correctly and transfer the right data across interfaces.
- We will prioritize critical workflows, business rules enforcement, and user-visible feedback mechanisms.
- Our coverage goal is 90-95% for critical paths. The primary success condition is that all critical flows pass seamlessly without yielding any significant UX degradation or regressions in previously working code.
- What acceptance criteria will you use to validate that you are building "the right thing" from a stakeholder/user perspective?
- Core Goal Completion: Users must be able to successfully complete their primary objectives: registration, verification, login, mentor/mentee discovery, sending/answering requests, messaging, and receiving notifications.
- Business Rule Enforcement: The system must strictly apply and handle all defined business constraints, such as mentor capacity limits, role-based access restrictions, and accurate request status transitions.
- Clear User Feedback: The system must provide clear, understandable, and consistent user feedback (success or failure messages) for all inputs, particularly for borderline or incorrect input attempts.
- State Persistence and Integrity: System data must be persistent and accurate; the correct data must be displayed consistently across page reloads and different user sessions without data corruption.
- Zero Critical Regression: New updates or features must not break previously accepted and working workflows, which will be verified continuously.
- Stakeholder Meetings: We will conduct meetings with stakeholders to demonstrate the implemented features, gather direct feedback, and verify whether the delivered system truly aligns with their initial expectations and desired goals.
Write your data strategy.
Author: Burak Ögüt (2021400168)
Feature: Mentorship Requests
Name: Mentor and mentee complete request lifecycle
ID: AT-05
Description: Verifies request creation, sent/received listing, duplicate prevention, rejection, and acceptance of mentorship requests.
Prerequisite: A mentee without an active mentor exists, a mentor with available capacity exists, and both users have verified accounts.
| # | Instruction | Expectation | Result | Notes |
|---|---|---|---|---|
| 1 | Log in as the mentee on the mobile app | Home screen is displayed; mentee role is active | ||
| 2 | Navigate to the Explore tab and select an available mentor; tap "Send Mentorship Request"; enter a cover letter and submit | Success message is displayed confirming the request was submitted; request appears in the mentee's "My Requests" list with status PENDING | Req 1.1.1.1.4, 1.2.1.6 | |
| 3 | Attempt to send a second mentorship request to the same mentor | System blocks the duplicate request with an appropriate error message; no second request is created | Business rule: one active request per mentor–mentee pair | |
| 4 | Log out and log in as the mentor | Mentor's Home dashboard is displayed | ||
| 5 | Open the received requests list (Requests tab) | The pending request from the mentee appears in the list with mentee's first name visible but surname hidden | Req 1.1.2.6, 1.1.1.2.4 | |
| 6 | Reject one pending request (if another pending request is available) by tapping Reject | The rejected request is removed from the pending list; the corresponding mentee receives a rejection notification; mentor mentee count is unchanged | Req 1.1.1.2.6 | |
| 7 | Tap on the valid pending request from the mentee; review the profile; tap Accept and provide mentorship duration information | Acceptance is confirmed with a success message; the mentee is added to the mentor's active mentees list; mentor mentee count increases by 1 | Req 1.1.1.2.6, 1.1.1.2.12, 1.2.1.5 | |
| 8 | Reopen the requests list and navigate to the mentee's active mentorships on the Home dashboard | The accepted request no longer appears in pending list; the mentee is listed as an active mentee; the mentee's app shows the mentorship as active | Req 1.1.1.1.9: mentee limited to one active mentor |
Note: Covers only request lifecycle and business rules around duplicate/capacity/request handling.
| Name | Task | Linked Issue |
|---|---|---|
| Mehmet Bora Sarıoğlu | to be filled | to be filled |
| to be filled | to be filled | |
| Amin Abu-Hilga | to be filled | to be filled |
| to be filled | to be filled | |
| Övgü Su Afşar | to be filled | to be filled |
| to be filled | to be filled | |
| Muhammet Sami Çakmak | to be filled | to be filled |
| to be filled | to be filled | |
| Beratcan Doğan | to be filled | to be filled |
| to be filled | to be filled | |
| İbrahim Kayan | to be filled | to be filled |
| to be filled | to be filled | |
| Burak Ögüt | to be filled | to be filled |
| to be filled | to be filled |
Team Members
- Lab 1 Report (12/02/2026)
- Lab 2 Report (19/02/2026)
- Lab 3 Report (26/02/2026)
- Lab 4 Report (05/03/2026)
- Lab 5 Report (12/03/2026)
- Lab 6 Report (26/03/2026)
- Lab 7 Report (02/04/2026)
- Lab 8 Report (18/04/2026)
- Lab 9 Report (30/04/2026)
- Lab 10 Report (07/05/2026)
- Weekly Meeting Notes Template
- Lab Meeting 1 (12.02.2026)
- Weekly Meeting 1 (16.02.2026)
- Weekly Meeting 2 (24.02.2026)
- Weekly Meeting 3 (04.03.2026)
- Weekly Meeting 4 (11.03.2026)
- Weekly Meeting 5 (23.03.2026)
- Weekly Meeting 6 (29.03.2026)
- Weekly Meeting 7 (11.04.2026)
- Weekly Meeting 8 (28.04.2026)
- Weekly Meeting 9 (10.05.2026)
- Use Case Diagram 1 (New Mentor User for Mobile Scenario)
- Use Case Diagram 2 (Mentor-Mentee Matching Scenario)
- Use Case Diagram 3 (New Mentee User Scenario)
- Final Use Case Diagram
- MVP Use Case Diagram
- All Sequence Diagrams
- Sequence Diagram: Mentee Matching
- Sequence Diagram: Mentor Matching
- Sequence Diagram: Mentorship Management
- Sequence Diagram: Registration
- Sequence Diagram: Cancelling Mentorship Relationship and Auto Ban
- Sequence Diagram: Login-Logout
- Sequence Diagram: Reporting-User
- Sequence Diagram: Mentor Profile Management
- MVP Sequence Diagrams
- Test Plan & Coverage (MVP)
- Acceptance Testing Strategy
- Acceptance Tests
- Test Data Strategy
- Web Frontend Test Report
- Amin Abu-Hilga
- Övgü Su Afşar
- Muhammet Sami Çakmak
- Beratcan Doğan
- İbrahim Kayan
- Burak Ögüt
- Mehmet Bora Sarıoğlu
- Future Work (reference, not a deliverable)