Skip to content

Lab 9 Report

burakogut5 edited this page Apr 30, 2026 · 32 revisions

Lab 9 Report

Date: April 30, 2026 Attendees: Amin Abu-Hilga, Övgü Su Afşar, Muhammet Sami Çakmak, Beratcan Doğan, İbrahim Kayan, Mehmet Bora Sarıoğlu, Burak Ögüt


Requirements Review

Methodology

We revisited every wiki requirement and tagged each as DONE, PARTIAL, or MISSING against the current code. All wiki requirements are committed to Final Delivery — none are deferred.

Scoping meeting for Blog, Community, and Profile-content requirements. Before implementing the Blog (1.1.6), Community (1.1.7–1.1.12 and 1.2.4), and Profile-content (1.2.2) clusters, we will hold a dedicated meeting with the instructor and a project stakeholder to confirm priorities, refine user-facing surfaces, and lock acceptance criteria. The meetings are scheduled this fridayand the second one in the final week of the project, after the smaller well-bounded features (mentorship lifecycle, meetings, tasks, advanced recommendation, notifications, admin) have shipped, so the community-style features are implemented against confirmed scope.

Status by Area

1.1.1.1 Mentees (13)

# Status Plan
1, 2, 3, 4, 5, 9, 10 DONE Profile CRUD, recommendation list, mentorship requests, in-app messaging (#245), single-active-mentor enforcement, and keyword search are live
6 MISSING Build Task entity with deadlines + a TaskSubmission upload endpoint (#248)
7 MISSING Add feedback field on TaskSubmission plus a GET endpoint so the mentee can view it
8 MISSING Build a Meeting entity (separate from AvailabilitySlot) with concrete dates, plus GET /api/meetings for the mentee (#284)
11 MISSING Add POST /api/mentorships/{id}/rating, available only after the relationship reaches COMPLETED/TERMINATED
12 MISSING Add POST /api/mentorships/{id}/cancel with cancel-reason tracking; trigger escalating auto-ban based on Mentee.cancelCount
13 MISSING Build a unified Report entity (also reused for community reporting) with an admin review queue

1.1.1.2 Mentors (15)

# Status Plan
1–3, 5–7, 11, 12 DONE Profile editing, candidate browsing, accept/reject, messaging, multi-mentee capacity, and predefined 1/3/6-month durations are all in production
4 PARTIAL Match-found notification fires on every browse — fix per bug #273 to fire only when the top match actually changes
8 PARTIAL Only weekly recurring availability slots exist; need an explicit Meeting entity with concrete dates to satisfy this requirement
9, 10 MISSING Both unblocked by the Task entity work (#248) — assign weekly tasks with deadlines, review submissions, and provide structured feedback
13, 14 MISSING Add POST /api/mentorships/{id}/extend and POST /api/mentorships/{id}/end with the appropriate state transitions and notifications
15 MISSING Build the Blog feature (post + comment + like) — final scope confirmed in the stakeholder meeting

1.1.1.3 Admins (3) — All MISSING

AdminController is currently a stub (only the /me endpoint exists). For Final Delivery we will build admin endpoints to ban/unban users, list flagged accounts, and walk through the report review queue. All three requirements depend on the unified Report entity that is also used by 1.1.1.1.13 and 1.1.12.

1.1.2 Recommendation (8)

# Status Plan
6, 7 DONE Surname and profile photo are hidden at the recommendation stage (to be re-verified by acceptance test); mentees cannot search or discover other mentees because no such endpoint exists
1, 2, 8 PARTIAL (1) Background fields are not yet weighted into the matching score; (2) the match-found notification over-fires on every browse (bug #273); (8) the capacity check has a race condition (bug #270) — add a DB-level optimistic lock
3 MISSING Add city (and optional lat/lng) to User, include a proximity bucket in the score, and expose a distance filter
4 MISSING Add a "diverse pick" branch in rankMentors that surfaces ~10% out-of-primary-goal mentors via shared interests/skills
5 MISSING Return a per-recommendation factor breakdown on MentorMatchResponse (e.g. "shared interest: ML; same major; 3 km away") to power the explanation card UI

1.1.3 Messaging (5)

# Status Plan
1–4 DONE STOMP + REST messaging, paginated history, and document/link attachments via AttachmentController (#245)
5 PARTIAL ConversationKind enum already supports mentor-to-mentor conversations; need to wire the entry point on web and mobile and confirm it works without an active mentorship requirement (#284)

1.1.4 Scheduling (6)

# Status Plan
1 DONE Mentor weekly availability is fully managed via AvailabilityController
2 PARTIAL Recurring meetings need a dedicated Meeting entity with concrete dates — the current AvailabilitySlot models only the weekly template, not actual scheduled meetings
3, 4 MISSING Send a confirmation notification on meeting create/accept and a reminder via a @Scheduled job (the MEETING_REMINDER enum value already exists)
5 MISSING Add a mentee reschedule-request flow: POST /api/meetings/{id}/reschedule with mentor approval
6 MISSING Add a daily @Scheduled sweep that auto-terminates active mentorships once endDate < now

1.1.5 Tasks & Progress (8)

# Status Plan
6 DONE Shared-goal field on Mentorship plus PUT /api/mentorships/{id}/goal for both parties
1–5 MISSING Build Task entity with deadlines, submission upload (reusing AttachmentStorageService), structured feedback fields, per-mentorship task history, and a progress aggregation endpoint (#248)
7 MISSING Build a Milestone entity tied to the mentorship with progress calculation across completed milestones
8 MISSING Add a deadline + milestone reminder scheduler with per-user opt-in preference

1.1.6 Blog (4) — All MISSING

Build BlogPost, BlogComment, and BlogLike entities; expose /api/blogs CRUD with mentor-author authorization; integrate the published-posts list into the mentor public profile (#283). Final scope confirmed in the stakeholder meeting.

1.1.7–1.1.12 Communities (~60) — All MISSING

Final scope to be confirmed in the stakeholder meeting before last-week implementation. High-level plan, by subsection:

Subsection Reqs Plan
1.1.7 Creation & Membership 16 Community entity (immutable name, slug, visibility enum), Moderator + MembershipRequest entities, join/leave/approve endpoints
1.1.8 Posts & Comments 19 Post (TEXT/IMAGE/VIDEO/LINK/POLL via type enum + Poll sub-entity), Comment with parentId, Bookmark, Award; CRUD with author/mod checks
1.1.9 Voting & Reputation 6 PostVote/CommentVote (unique per user-target), cached postReputation/commentReputation on User, hot-score ranking
1.1.10 Feed & Discovery 5 /api/feed/home, /api/feed/popular, community feed; sort modes hot/new/top/rising/controversial
1.1.11 Moderation 14 mod management endpoints, CommunityBan/CommunityMute, AutomodRule (spam, keyword, flair, suspicious-activity flagging), admin override endpoints
1.1.12 Reporting 5 unified Report entity (polymorphic target) + ReportRoutingService (mod-first vs. admin-direct based on violation type)

1.2.1 Notifications (7)

# Status Plan
4, 5 DONE Notifications are scoped to relevant users only; mentees receive a REQUEST_ACCEPTED notification when a mentor accepts their request
1, 2 PARTIAL In-app delivery via the notification event bus is in place; FCM (mobile) push dispatch is missing — the User.deviceToken field exists but no FCM SDK or send path
3 MISSING Add meeting confirmation/reminder dispatch alongside the new Meeting entity
6 MISSING Add the REQUEST_SUBMITTED enum value and dispatch on mentorship-request creation
7 MISSING Add TASK_DEADLINE_REMINDER and MILESTONE_REMINDER enum values plus the @Scheduled reminder job

1.2.2 Profiles (5)

Final scope confirmed in the stakeholder meeting (profile-content cluster).

# Status Plan
1, 2 DONE Background, goals, skills, interests, and mentoring preferences are all stored on the Mentor/Mentee entities and rendered on profile pages
3 PARTIAL Mentee.profileVisibility already exists; add an equivalent flag on Mentor and respect it in profile read endpoints
4 MISSING Once Blog ships, embed the mentor's published posts in the public profile response
5 MISSING Add city (and optional lat/lng) to User; surface it on profile cards and feed it into the recommendation proximity score

1.2.3 Sign-Up & Authentication (8) — All DONE

Registration with real name/email/password, unique-email enforcement, password strength via PasswordValidator, email verification via VerificationToken, JWT-based login, error response on bad credentials, and stateless logout via JWT discard are all live.

1.2.4 Community API (5) — All MISSING

Build public read endpoints for posts and comments (e.g. /api/v1/public/communities/{slug}/posts), scoped API tokens that moderators can issue for automated tooling, an API-key issuance flow for third-party integrations subject to platform terms, and apply the rate-limiting middleware from #252. Final scope confirmed in the stakeholder meeting.

2.1 Availability (2)

24/7 availability is PARTIAL — Docker Compose is in place for local/staging environments, but the production deployment plus monitoring (Prometheus/Grafana) are still planned by DevOps. Web + mobile access is DONE with both platforms in active development.

2.2 Security (8)

# Status Plan
1 DONE Passwords are stored as BCrypt hashes
2 PARTIAL HTTPS termination at the deployment layer is planned; messages-at-rest are not encrypted in the database (acceptable per stakeholder discussion)
3 MISSING Add data-export and account-delete endpoints plus a consent flow at registration to comply with GDPR/KVKK
4 MISSING Mentee.cancelCount is already tracked; add a bannedUntil field and escalating-ban logic on cancel events
5 MISSING Apply rate limiting (#252), add a signup CAPTCHA, and run heuristic content checks (duplicate text, link density) on new posts
6 MISSING Per-user/IP vote rate limiting, rapid-sequential-vote detection, and a sockpuppet similarity check across newly-created accounts
7 MISSING Device-fingerprint, IP, and email-domain checks at registration cross-referenced against the active-bans table
8 MISSING Time-window graph clustering on vote/post patterns; flag clusters above a threshold for admin review

2.3 Performance (5)

# Status Plan
1, 3 DONE Notifications are dispatched event-driven well within the 5s budget; the recommendation pipeline analyzes user profiles and produces ranked suggestions
2, 4, 5 UNVERIFIED Concurrent session capacity, near-real-time feed updates, and high-volume content handling will be validated by DevOps load tests prior to Final Delivery

Pre-existing Bug Fixes (Lab 8 Backlog)

Five backend bugs identified in Lab 8 must be closed before final delivery:

  • #270 Mentor capacity race in MentorshipService.acceptRequest — add DB-level optimistic lock
  • #271 NPE risk when JWT lacks userId/role claims — null-safe JwtAuthenticationFilter
  • #272 Inconsistent timezone handling — standardize on Clock + UTC OffsetDateTime
  • #273 Match-found notification fires on every browse — fire only on new top-match change
  • #274 Missing per-resource authorization on GET /api/availability/{mentorId}

Plan to Address Unimplemented Requirements

The Final Milestone plan (wiki) is being expanded to cover every wiki requirement — none are deferred. Priority order for the remaining sprints:

  1. Core mentorship lifecycle — end/extend/cancel/auto-terminate/auto-ban/rate
  2. Meetings — Meeting entity + reminders + reschedule flow
  3. Tasks & milestones — Task/Milestone entities, submissions, feedback, progress aggregation
  4. Recommendation overhaul — location, diversity, explanation
  5. Blog — full CRUD + mentor profile integration (#283)
  6. Notifications — FCM dispatch, new types, reminder schedulers
  7. Admin & moderation — admin endpoints (ban/list/reports), unified Report entity (shared with community reporting)
  8. Communities — Phase A Community + membership + visibility + moderator role (1.1.7)
  9. Communities — Phase B Posts (text/image/video/link/poll), edit/delete, share/save, mod approval, pin (1.1.8 posts)
  10. Communities — Phase C Comments, replies, comment voting, awards (1.1.8 comments)
  11. Communities — Phase D Voting + reputation scoring (1.1.9)
  12. Communities — Phase E Feeds (home / popular / community-specific) + sort modes (1.1.10)
  13. Communities — Phase F Moderation + automoderation rules + admin oversight (1.1.11)
  14. Communities — Phase G Reporting flow (extends shared Report) (1.1.12)
  15. Public Community API + integrations with rate-limiting middleware (1.2.4)
  16. Anti-abuse hardening — spam-bot, vote-manipulation, ban-evasion, coordinated-abuse detectors (2.2.5–2.2.8)
  17. GDPR/KVKK compliance — data-export + delete endpoints + consent UI
  18. Lab 8 bug closures — five fixes (#270–#274)
  19. DevOps hardening — production deploy, monitoring (Prometheus + Grafana), load testing for performance requirements 2.3.2 and 2.3.5---

As part of executing this plan, we will update the deadlines and descriptions of the relevant GitHub issues (#137, #243, #248–#292) to reflect the expanded final scope and the new phase sequencing, and we will open new issues for the community phases (1.1.7–1.1.12), the public Community API (1.2.4), the anti-abuse detectors (2.2.5–2.2.8), and GDPR/KVKK compliance work so that every wiki requirement is tracked against a concrete issue with an owner and a target date.

--

Acceptance Testing Strategy

Acceptance Testing Strategy

  1. How will you structure your acceptance tests?
  • We will structure our acceptance tests around specific user journeys (e.g., "Mentee registers -> verifies email -> logs in") and categorize them based on system roles (Mentee, Mentor, Admin).
  • Following the structured test document format introduced in the lectures, each test will include specific fields such as a unique Test Case ID, Test Title, Pre-conditions, sequential Test Steps, Test Data, and Expected Results.
  • To ensure complete traceability, every test case will be directly linked to a specific requirement ID or user story.
  • For every critical workflow, we will design at least one "happy path" (normal operation) and 1-2 high-risk negative scenarios. We will utilize extreme or invalid data (e.g., full mentor capacity, unauthorized access attempts, invalid tokens) to expose potential defects.
  • We will implement a seed or reset mechanism for test data isolation to ensure each test runs in a clean, predictable state.
  1. What is your acceptance testing strategy?
  • Our core strategy relies on requirements-based black-box testing, focusing on validating the system's functionality and performance from the user's perspective without needing to know the internal code structure.
  • We will utilize Playwright for automated End-to-End (E2E) testing to verify realistic user flows within actual browser environments.
  • System testing will be executed in an integrated environment (frontend combined with backend, such as local Docker or a staging server) to ensure all components interact correctly and transfer the right data across interfaces.
  • We will prioritize critical workflows, business rules enforcement, and user-visible feedback mechanisms.
  • Our coverage goal is 90-95% for critical paths. The primary success condition is that all critical flows pass seamlessly without yielding any significant UX degradation or regressions in previously working code.
  1. What acceptance criteria will you use to validate that you are building "the right thing" from a stakeholder/user perspective?
  • Core Goal Completion: Users must be able to successfully complete their primary objectives: registration, verification, login, mentor/mentee discovery, sending/answering requests, messaging, and receiving notifications.
  • Business Rule Enforcement: The system must strictly apply and handle all defined business constraints, such as mentor capacity limits, role-based access restrictions, and accurate request status transitions.
  • Clear User Feedback: The system must provide clear, understandable, and consistent user feedback (success or failure messages) for all inputs, particularly for borderline or incorrect input attempts.
  • State Persistence and Integrity: System data must be persistent and accurate; the correct data must be displayed consistently across page reloads and different user sessions without data corruption.
  • Zero Critical Regression: New updates or features must not break previously accepted and working workflows, which will be verified continuously.
  • Stakeholder Meetings: We will conduct meetings with stakeholders to demonstrate the implemented features, gather direct feedback, and verify whether the delivered system truly aligns with their initial expectations and desired goals.

Data Strategy

Our data strategy is based on synthetic and scenario-based test data. Since our system includes personal profile information, we will not use real user data; instead, we will generate realistic mentor and mentee profiles for testing. We will use the existing seed infrastructure in our repository, especially scripts/seed_mentors.py, to populate the system with diverse mentor profiles that vary in expertise, interests, mentoring goals, and capacity. This will allow us to test mentor discovery, matching quality, filtering, and mentorship request flows under realistic conditions.

In addition to bulk synthetic data, we will create a small number of hand-crafted test accounts for specific acceptance scenarios, such as a verified mentor, a verified mentee, an unverified user, a mentor at full capacity, and a mentee with an active mentorship. We will also create realistic recurring weekly availability entries to test scheduling-related features. To validate the quality of the test data, we will manually review whether profiles, capacities, interests, and schedules reflect realistic usage patterns, and we will check whether the matching and request results produced by the system are meaningful from a user perspective.


Example Acceptance Tests

Test 5 — Mentorship Request Lifecycle

Author: Burak Ögüt (2021400168)

Feature: Mentorship Requests

Name: Mentor and mentee complete request lifecycle

ID: AT-05

Description: Verifies request creation, sent/received listing, duplicate prevention, rejection, and acceptance of mentorship requests end-to-end across mobile and web. Covers all business rules: status transitions, capacity enforcement, duplicate blocking, surname hiding, and cross-platform notifications.

Prerequisite: A mentee account without an active mentor exists and is verified. A mentor account with available capacity (current mentee count < maxMenteeCapacity) exists and is verified. A second pending request from a different mentee to the same mentor also exists (to test the rejection step). Both users can log in on mobile. The production server (http://167.71.44.71:8080/api) is reachable.

# Instruction Expectation Result Notes
1 Log in as the mentee on the mobile app using valid credentials Home screen is displayed; navigation tabs are visible; mentee role is active with no active mentor shown
2 Navigate to the Explore tab Mentor list loads; each mentor card shows name, expertise area, and availability status; no other mentee profiles are visible
3 Tap on a mentor marked as "Available" to open their profile Mentor's full profile is displayed: name, bio, mentoring goals, skills, availability slots, and current mentee count
4 Tap "Send Mentorship Request"; enter a cover letter: "I am looking for guidance in backend development and would appreciate your mentorship." and tap Send Success message is displayed: request submitted; request appears in mentee's "My Requests" section on the Profile tab with status PENDING
5 Navigate back to the same mentor's profile and attempt to send a second mentorship request System blocks the duplicate request with an error message indicating a request already exists; no duplicate entry is created in the requests list
6 Navigate to Profile → My Requests and verify the pending request details The request is listed with status PENDING, the target mentor's name, and the submission timestamp; no duplicate entries appear
7 Log out of the mentee account; log in as the mentor on the mobile app Mentor's Home dashboard is displayed; navigation tabs are visible
8 Navigate to the Requests tab and open the received pending requests list The pending request from the mentee is visible; the mentee's first name is shown but the surname is hidden (e.g., "Elif Y." not "Elif Yılmaz"); the cover letter is accessible
9 Tap on a different pending request (from a second mentee) and tap Reject The rejection is confirmed with a success message; the request is removed from the pending list; the second mentee receives a notification
10 Verify the mentor's mentee count on the Home dashboard Mentee count is unchanged after rejection (e.g., still 2/5)
11 Tap on the original mentee's pending request; review their goals and background; tap Accept; enter mentorship duration (e.g., 3 months) and confirm Acceptance is confirmed with a success message; the mentee appears in the mentor's active mentees list on the Home dashboard
12 Check the mentor's Home dashboard mentee count Mentee count has increased by 1 (e.g., from 2/5 to 3/5)
13 Log out as mentor; log back in as the mentee Mentee's Profile tab is visible
14 Check the mentee's My Requests section and the Home or dashboard The request status is updated to ACCEPTED; a notification is visible: "Your mentorship request was accepted"; no additional requests can be sent to other mentors (one active mentor limit enforced)

Note:



Individual Contributions

Name Task Linked Issue
Mehmet Bora Sarıoğlu to be filled to be filled
to be filled to be filled
Amin Abu-Hilga to be filled to be filled
to be filled to be filled
Övgü Su Afşar to be filled to be filled
to be filled to be filled
Muhammet Sami Çakmak to be filled to be filled
to be filled to be filled
Beratcan Doğan to be filled to be filled
to be filled to be filled
İbrahim Kayan to be filled to be filled
to be filled to be filled
Burak Ögüt
to be filled
to be filled to be filled
Team Members

Lab Reports


Weekly Meetings


Customer Meetings


Stakeholder Meetings


Project Requirements


🎦 Scenarios and Mock-ups

Use Case Diagrams

Class Diagram

Sequence Diagrams

Test Plan and Coverage


Project Standards


Final Milestone and MVP Plan

MVP Report


Final Milestone Report

Per-Member Prompt Logs


Future Work

Clone this wiki locally