Project: Administration system
Personal information
Name: Siddharth Tiwari
Country: India
Email Address: siddharthtiwarikreplind@gmail.com
Phone: +91-8319306878
University: Shri Vaishnav Vidyapeeth Vishwavidyalaya, Indore
LinkedIn: https://www.linkedin.com/in/siddharth-tiwari-10baa1178/
Portfolio: https://siddharthtiwari.tech/
Graduation year:2024
Project Description:
The BookBrainz platform currently lacks an administration system that can effectively manage and assign privileges to its users. This project aims to create a usable administration system that can assign arbitrary levels of privileges to users, providing flexibility to the platform’s hierarchy.
Project Requirements:
The project will require the following:
- Modification of the database schema, including the addition of tables to define roles and attach users to roles.
- Development of a simple admin panel webpage to allow administrators to search for users, assign privileges, and perform other administrative tasks.
- Implementation of middleware to secure specific routes based on a user’s assigned roles, such as allowing admins to view the admin panel, block or delete abusive users, and allowing privileged editors to edit relationships and identifiers and trigger a reindex of the search server.
Expected Outcomes:
The expected outcome of this project is a fully functional administration system that can assign arbitrary levels of privileges to users based on their roles. The system should be secure and user-friendly, allowing administrators to perform their tasks efficiently.
Extended Goals:
- The following are extended goals for the project:
- Development of a page that allows privileged users to edit and add relationships and identifiers.
- Creation of a public log of administration actions similar to the CritiqueBrainz admin log.
Objectives:
- Develop an administration system that can assign arbitrary levels of privileges to users based on their roles.
- Secure specific routes based on a user’s assigned roles.
- Develop a user-friendly and efficient admin panel webpage for administrators to perform tasks.
- Implement a public log of administration actions.
- Provide an option for privileged users to edit and add relationships and identifiers.
Scope:
The project will involve modifying the database schema, adding tables to define roles and attach users to roles, and implementing middleware for securing specific routes based on a user’s assigned roles. The project will also include developing an admin panel webpage for performing administrative tasks, creating a public log of administration actions, and providing an option for privileged users to edit and add relationships and identifiers.
Deliverables:
- Modified database schema with tables for roles and attaching users to roles.
- Middleware for securing specific routes based on a user’s assigned roles.
- Admin panel webpage for performing administrative tasks.
- Public log of administration actions.
- Option for privileged users to edit and add relationships and identifiers.
Action Plan
Week 1 - Initial schema changes and designs
- Discuss project expectations and goals, and create a plan for weekly check-ins with mentor and approach by discussing pros and cons
- Design and implement initial and make required changes in initial Schema.
Week 2 - Database schema design and inital APIs designing.
- Continue to Design and implement initial and make required changes in initial Schema.
- define roles and a table to attach users to roles and create roles Constants that will be needed for System
- Implement the schema changes and design Initial APIs
Weeks 3-4 - Admin panel webpage
- Design Admin panel.
- Create API for Admin Panel.
- Create a new admin panel webpage that allows admins to search for users, give users privileges, and take other actions
- Implement middleware to secure specific routes based on user roles
Weeks 5-6 - Privileged user pages
- Test the new admin panel and fix any bugs or issues that arise
- Create a new page that allows privileged users to edit relationships and identifiers.
- Implement middleware to secure the new page based on user roles
- Test the new privileged user pages and fix any bugs or issues that arise
Weeks 7-8 - Code review, testing, and documentation
- Implement trigger a reindex of the search server
- Make final changes in the main features of the admin system and test them and documentation.
- And submit to mentor for review.
Weeks 9-10 - Administration actions log
- Create a log system of administration actions,
- Implement middleware to secure the new log based on user roles
- Test the new administration actions log and fix any bugs or issues that arise
Weeks 11-12 - Final touches and submission
- Make any final adjustments or improvements to the administration system
- Submit the final work product to your mentor for evaluation
- Complete your final mentor evaluation
Method
The proposed solution is to use bit masking (thanks to the feedback of mr_monkey who guided me in this direction and help from @lucifer and @atj who explained me about the working of this technique in MusicBrainz)* for assigning permissions to roles, rather than creating a separate table for roles. The advantages of bit masking include scalability and future-proofing. To check if a user has a specific permission, the proposed solution involves using a bitwise AND operator with the user’s custom permissions and the permission constant. The middleware function will use this approach to determine if a user has the required permission to access a specific route.
Sample Code Snippets
Creating Tables to Define Roles and Attach Roles
-- Create a table for roles with their constants
CREATE TABLE roles (
id SERIAL PRIMARY KEY,
name TEXT NOT NULL,
permission_constants INTEGER NOT NULL
);
-- Create a table to attach users to roles
CREATE TABLE user_roles (
user_id INTEGER NOT NULL,
permissions INTEGER NOT NULL,
FOREIGN KEY (user_id) REFERENCES users(id),
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
Creating roles tables may not be important, and we can use CONSTANTS like this(below) to access the roles. It is also not necessary to create a user_roles table as we can add the permissions (INTEGER) column in the current user table, and it would work fine. This can be discussed with mentors and decided by evaluating the pros and cons of both approaches.
const VIEW_ADMIN_PANEL = 1; // 0001
const BLOCK_USER = 2; // 0010
const DELETE_USER = 4; // 0100
const EDIT_RELATIONSHIPS = 8; // 1000
const EDIT_IDENTIFIERS = 16; // 0001 0000
const TRIGGER_REINDEX = 32; // 0010 0000
Sample Middleware and its Usage that will use Required Roles as
Input And if the Role satisfies the Requirement It will get access,
This is sample/Prototype We will be using Libraries Such as JWT to get better Security and can Create Separate tables for allowed Action and can use them to access the allowed Action
const hasPermission = (permission) => {
return (req, res, next) => {
// Check if the user has the required permission
const hasPermission = !!(req.user.permissions & permission);
if (hasPermission) {
next();
} else {
res.status(403).send('Forbidden');
}
};
};
//Example working:
const user = {
id: 1,
name: 'Alice',
permissions : Roles.VIEW_ADMIN_PANEL | Roles.EDIT_RELATIONSHIPS
};
// Secure the /admin route using the hasPermission middleware
app.get('/admin', hasPermission(Roles.VIEW_ADMIN_PANEL), (req, res) => {
res.send('Admin panel');
});
//sample To check if user has role this will be a genral funciton useful when removing roles etc.
function hasRole(user, role) {
return !!(user.custom_permissions & role);
}
//Sample functions to remove roles
function removeRole(user, role) {
if (hasRole(user, role)) {
user.custom_permissions = user.custom_permissions ^ role;
//update in DB
}
}
Table to record admin logs
CREATE TABLE admin_logs (
id SERIAL PRIMARY KEY,
timestamp TIMESTAMP NOT NULL DEFAULT NOW(),
user_id INTEGER REFERENCES users(id) NOT NULL,
action TEXT NOT NULL,
note TEXT DEFAULT NULL
);
Some Sample URLs that will be needed during the project.
Roles:
- POST /roles - Create a new role with a name and permission bitmask
- GET /roles - Retrieve a list of all available roles
- GET /roles/:id - Retrieve details of a specific role by ID
- PUT /roles/:id - Update an existing role’s name and/or permission bitmask
- DELETE /roles/:id - Delete an existing role by ID
User Roles:
- GET /users/:id/roles - Retrieve a list of roles assigned to a specific user
- PUT /users/:id/roles/:roleId - Assign a role to a specific user by ID and role ID
- DELETE /users/:id/roles/:roleId - Remove a role from a specific user by ID and role ID
Admin Actions:
- GET /admin/users - Retrieve a list of all users
- GET /admin/users/:id - Retrieve details of a specific user by ID
- PUT /admin/users/:id/block - Block a specific user by ID
- PUT /admin/users/:id/unblock - Unblock a specific user by ID
- DELETE /admin/users/:id - Delete a specific user by ID
- PUT /admin/users/:id - Edit a specific user Details by ID
Others:
- PUT /relationships/:id - Update a specific relationship by ID
- PUT /identifiers/:id - Update a specific identifier by ID
- POST /relationships - Create Relationships
- POST /identifiers - Create identifiers
- POST /reindex - Trigger a search server reindex
- GET /admin-log - Public log of administration actions
- POST /admin-log - Create public log of administration actions.
Sample Rough Designs.
Searching Users and editing them
Admin Log Information
Additional Question
Q: Can you tell us about the computer(s) you have available for working on your SoC project?
A: Sure! I have a Legion Y540 laptop with 16 GB of RAM, 4 GB of VRAM, and an i5 9th gen processor. It runs on Windows OS, but I also have WSL2 installed for running Linux-based tools and applications. This configuration should be sufficient for my project’s requirements, and I’m confident that I can use it to complete the project successfully.
Q: When did you first start programming?
A: I started coding when I was in high school, around 4 years ago.
Q: If applying for a BookBrainz project, what type of books do you read?
A: I usually don’t read many books apart from technical skill books like Head First Java, O’Reilly Series, etc. I like listening to rap, pop, and Hollywood mashup songs.
Q: What aspects of the project you’re applying for (e.g., MusicBrainz, AcousticBrainz, etc.) interest you the most?
A: I am applying for the BookBrainz project. I want to contribute to this organization as data is going to fuel this world, and as AI is growing at a fast pace, the type of data available in BookBrainz will be really helpful for many people.
Q: Have you ever used MusicBrainz to tag your files?
A: I haven’t tried it, but I am interested in giving it a try.
Q: Have you contributed to other Open Source projects? If so, which projects, and can we see some of your code?
A: Yes, I am new to open source and have started contributing to open source recently. I have contributed to BookBrainz and Mathesar.
Q: If you have not contributed to open-source projects, do you have other code we can look at?
A: Yes, you can check my Github repository, and my portfolio.
and projects on which I have worked as a backend developer during internships https://techprofile.org/recruiter/dashboard, http://cryptoresearchfund.com/.
Q: What sorts of programming projects have you done on your own time?
A: I have created apps like e-commerce, social media, reselling, chat app, etc. using the MERN stack. I have used sklearn and TensorFlow for ML projects.
Q: How much time do you have available, and how would you plan to use it?
A: I can dedicate 35 hours per week and plan to use my time efficiently by focusing on the project’s priorities and completing tasks on time. I would also make sure to communicate effectively with the team and seek guidance whenever necessary.
Availability and Time Commitment for GSOC
The time I can dedicate to the GSOC is approximately 35 hours per week. Between May 8-14, I will have end-semester practical exams, but I have planned the tasks for this time frame that would require less time. Nevertheless, I will still deliver what I have promised.
About Me
Hi there! My name is Siddharth Tiwari, and I am a 20-year-old Bachelor of Technology student at Shri Vaishnav Vidyapeeth Vishwavidyalaya in Indore, India. As a full-stack developer, I have practical experience in a variety of programming languages, such as Python, JavaScript, Java, and C++, and I have a good understanding of front-end and back-end development. I also have experience with cloud technologies and DevOps.
In addition to my technical skills, I am interested in AI/ML. I work part-time as a Python, backend, and AWS developer (intern) at I8labs, where I am gaining valuable experience in the industry. Before this, I completed an internship at Unicorn Vision as a Python developer, where I learned new skills and gained practical experience.
In my free time, I enjoy exploring new technologies and staying updated with the latest developments in the tech industry. I also enjoy watching movies and socializing with friends. I am committed to continuing my learning and growth in the field of software development and believe that staying on top of the latest technologies and best practices is critical to success in this field. I am excited to see where my passion and experience will take me in my career.
My Tech Stack.
Languages: Python, JavaScript, Java, C++, TypeScript, SQL, HTML, CSS
Frameworks: Express, React, Django, Next.js, sklearn, TensorFlow
Cloud: AWS, Google Firebase
Database: MySQL, MongoDB
Other: Machine Learning, REST, GraphQL, AWS Lambda, Node.js, Docker
Previous experience
Incubate Technology Lab Pvt (I8labs): October 2021 – Present
As a Python, Backend, and AWS developer (Part Time intern) at Incubate Technology Lab Pvt, my primary responsibility was to design, develop and maintain a complex serverless backend architecture using AWS Lambda and other AWS services. I also used event-based programming to create event-driven microservices that would trigger serverless functions in response to specific events.
I worked extensively with AWS Lambda to create serverless functions that would run on the cloud without the need for any physical servers. This allowed for a highly scalable and cost-effective solution that could handle large amounts of traffic and data. To handle API requests from the front end, I created an API using AWS API Gateway and designed the API to handle different types of requests.
For database management, I worked on MySQL to design, develop and maintain the database. This involved creating database schemas, writing queries, and optimizing the database’s performance.
I integrated third-party APIs into the backend to access data and perform analysis using Python. This required me to have a good understanding of data analysis techniques and Python libraries such as Pandas and NumPy.
I also created CI/CD pipelines with AWS to automate the deployment and testing of the backend code. This allowed for faster and more efficient development cycles, improving the overall quality of the code.
Throughout my role, I worked closely with the front-end team to fulfill their requirements and ensure seamless integration between the backend and front end. This involved collaborating on the design and architecture of the application, as well as providing technical support and troubleshooting as needed.
Moreover, I have experience working with various other AWS services such as S3, SQS, Step Functions, Event Bridge, and more. This experience has given me a deep understanding of how to design and implement scalable, reliable, and cost-effective cloud-based solutions using AWS.
Unicorn Vision: July 2021 – September 2021
I have completed an internship previously at Unicorn Vision, Where I worked as a Python Developer, Where I had the opportunity to work on a challenging project that involved creating a multipage complex front end using Python and Tkinter from scratch. My role required me to work closely with my manager to provide an intuitive and user-friendly interface that would allow users to navigate between different pages and perform a variety of tasks.
In addition to designing the front end, I was also responsible for consuming APIs in the application for data exchange and implementing authentication and authorization to ensure that only authorized users could access sensitive information. This required me to have a good understanding of API integration.
To improve the performance of the application and enable it to handle multiple tasks simultaneously, I implemented multithreading. This allowed the application to perform multiple tasks in the background, improving the overall user experience.
Another important aspect of my role was to incorporate video capturing into the application using OpenCV. This required me to have a good understanding of computer vision and image processing techniques. I was able to use OpenCV to capture video in real time and display it on the application’s front end, which added a new dimension to the application’s functionality.
Finally, I used AWS S3 to upload media to the cloud in the background. This allowed users to store and access their files from anywhere, and it also improved the scalability and reliability of the application.
Overall, my experience as a Python Developer Intern at Unicorn Vision was extremely rewarding. I had the opportunity to work on a complex project that required me to use a variety of skills and technologies, and I was able to contribute to the development of an innovative and cutting-edge application.
Why should you select me?
I believe that I would be an excellent fit for the given project. As a full-stack developer with two years of internship experience, I have practical knowledge of a variety of programming languages, including Python, JavaScript, Java, and C++. My expertise in Node.js, SQL, and Express.js would be particularly useful in the development of the administration system.
In addition to my technical skills, I have experience creating admin systems for previous projects, which has given me an understanding of what’s required to create an effective and efficient system. I’m confident that I can leverage this experience to create a usable administration system with arbitrary levels of privileges, as per the given project requirements.
I’m also passionate about staying up-to-date with the latest developments in the tech industry, and I spend my free time exploring new technologies and learning new skills. I believe that keeping up with the latest technologies and best practices is critical to success in the field of software development.
Lastly, my previous work experience as a part-time Python, backend, and AWS developer (intern) at I8labs, as well as my previous internship at Unicorn Vision as a Python developer, has given me valuable experience in the industry. This experience has taught me how to write efficient, maintainable code and collaborate effectively with other developers. I have around 2 years of internship experience as a Software developer.
Overall, I believe that my technical skills, experience, and passion for learning make me an ideal candidate for the given project. I’m excited about the opportunity to work on this project and deliver a high-quality, functional administration system that meets the project’s requirements.