GSOC 2023: Administration System- Bookbrainz

Project: Administration system

Personal information

Name: Siddharth Tiwari

Country: India

Email Address: siddharthtiwarikreplind@gmail.com

Phone: +91-8319306878

University: Shri Vaishnav Vidyapeeth Vishwavidyalaya, Indore

LinkedIn: https://www.linkedin.com/in/siddharth-tiwari-10baa1178/

Portfolio: https://siddharthtiwari.tech/

Graduation year:2024

Project Description:

The BookBrainz platform currently lacks an administration system that can effectively manage and assign privileges to its users. This project aims to create a usable administration system that can assign arbitrary levels of privileges to users, providing flexibility to the platform’s hierarchy.

Project Requirements:

The project will require the following:

  • Modification of the database schema, including the addition of tables to define roles and attach users to roles.
  • Development of a simple admin panel webpage to allow administrators to search for users, assign privileges, and perform other administrative tasks.
  • Implementation of middleware to secure specific routes based on a user’s assigned roles, such as allowing admins to view the admin panel, block or delete abusive users, and allowing privileged editors to edit relationships and identifiers and trigger a reindex of the search server.

Expected Outcomes:

The expected outcome of this project is a fully functional administration system that can assign arbitrary levels of privileges to users based on their roles. The system should be secure and user-friendly, allowing administrators to perform their tasks efficiently.

Extended Goals:

  • The following are extended goals for the project:
  • Development of a page that allows privileged users to edit and add relationships and identifiers.
  • Creation of a public log of administration actions similar to the CritiqueBrainz admin log.

Objectives:

  • Develop an administration system that can assign arbitrary levels of privileges to users based on their roles.
  • Secure specific routes based on a user’s assigned roles.
  • Develop a user-friendly and efficient admin panel webpage for administrators to perform tasks.
  • Implement a public log of administration actions.
  • Provide an option for privileged users to edit and add relationships and identifiers.

Scope:

The project will involve modifying the database schema, adding tables to define roles and attach users to roles, and implementing middleware for securing specific routes based on a user’s assigned roles. The project will also include developing an admin panel webpage for performing administrative tasks, creating a public log of administration actions, and providing an option for privileged users to edit and add relationships and identifiers.

Deliverables:

  • Modified database schema with tables for roles and attaching users to roles.
  • Middleware for securing specific routes based on a user’s assigned roles.
  • Admin panel webpage for performing administrative tasks.
  • Public log of administration actions.
  • Option for privileged users to edit and add relationships and identifiers.

Action Plan

Week 1 - Initial schema changes and designs

  • Discuss project expectations and goals, and create a plan for weekly check-ins with mentor and approach by discussing pros and cons
  • Design and implement initial and make required changes in initial Schema.

Week 2 - Database schema design and inital APIs designing.

  • Continue to Design and implement initial and make required changes in initial Schema.
  • define roles and a table to attach users to roles and create roles Constants that will be needed for System
  • Implement the schema changes and design Initial APIs

Weeks 3-4 - Admin panel webpage

  • Design Admin panel.
  • Create API for Admin Panel.
  • Create a new admin panel webpage that allows admins to search for users, give users privileges, and take other actions
  • Implement middleware to secure specific routes based on user roles

Weeks 5-6 - Privileged user pages

  • Test the new admin panel and fix any bugs or issues that arise
  • Create a new page that allows privileged users to edit relationships and identifiers.
  • Implement middleware to secure the new page based on user roles
  • Test the new privileged user pages and fix any bugs or issues that arise

Weeks 7-8 - Code review, testing, and documentation

  • Implement trigger a reindex of the search server
  • Make final changes in the main features of the admin system and test them and documentation.
  • And submit to mentor for review.

Weeks 9-10 - Administration actions log

  • Create a log system of administration actions,
  • Implement middleware to secure the new log based on user roles
  • Test the new administration actions log and fix any bugs or issues that arise

Weeks 11-12 - Final touches and submission

  • Make any final adjustments or improvements to the administration system
  • Submit the final work product to your mentor for evaluation
  • Complete your final mentor evaluation

Method

The proposed solution is to use bit masking (thanks to the feedback of mr_monkey who guided me in this direction and help from @lucifer and @atj who explained me about the working of this technique in MusicBrainz)* for assigning permissions to roles, rather than creating a separate table for roles. The advantages of bit masking include scalability and future-proofing. To check if a user has a specific permission, the proposed solution involves using a bitwise AND operator with the user’s custom permissions and the permission constant. The middleware function will use this approach to determine if a user has the required permission to access a specific route.

Sample Code Snippets

Creating Tables to Define Roles and Attach Roles

-- Create a table for roles with their constants
CREATE TABLE roles (
    id SERIAL PRIMARY KEY,
    name TEXT NOT NULL,
    permission_constants INTEGER NOT NULL
);

-- Create a table to attach users to roles
CREATE TABLE user_roles (
    user_id INTEGER NOT NULL,
    permissions INTEGER NOT NULL,
    FOREIGN KEY (user_id) REFERENCES users(id),
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);

Creating roles tables may not be important, and we can use CONSTANTS like this(below) to access the roles. It is also not necessary to create a user_roles table as we can add the permissions (INTEGER) column in the current user table, and it would work fine. This can be discussed with mentors and decided by evaluating the pros and cons of both approaches.

const VIEW_ADMIN_PANEL = 1; // 0001
const BLOCK_USER = 2; // 0010
const DELETE_USER = 4; // 0100
const EDIT_RELATIONSHIPS = 8; // 1000
const EDIT_IDENTIFIERS = 16; // 0001 0000
const TRIGGER_REINDEX = 32; // 0010 0000

Sample Middleware and its Usage that will use Required Roles as

Input And if the Role satisfies the Requirement It will get access,

This is sample/Prototype We will be using Libraries Such as JWT to get better Security and can Create Separate tables for allowed Action and can use them to access the allowed Action

const hasPermission = (permission) => {
  return (req, res, next) => {
    // Check if the user has the required permission
    const hasPermission = !!(req.user.permissions  & permission);
    if (hasPermission) {
      next();
    } else {
      res.status(403).send('Forbidden');
    }
  };
};


//Example working: 
const user = {
  id: 1,
  name: 'Alice',
  permissions : Roles.VIEW_ADMIN_PANEL |   Roles.EDIT_RELATIONSHIPS
};


// Secure the /admin route using the hasPermission middleware
app.get('/admin', hasPermission(Roles.VIEW_ADMIN_PANEL), (req, res) => {
  res.send('Admin panel');
});

//sample To check if user has role  this will be a genral funciton useful when removing roles etc.
function hasRole(user, role) {
  return !!(user.custom_permissions & role);
}

//Sample functions to remove roles 
function removeRole(user, role) {
  if (hasRole(user, role)) {
    user.custom_permissions = user.custom_permissions ^ role;
    //update in DB
  }
}

Table to record admin logs

CREATE TABLE admin_logs (
  id SERIAL PRIMARY KEY,
  timestamp TIMESTAMP NOT NULL DEFAULT NOW(),
  user_id INTEGER REFERENCES users(id) NOT NULL,
  action TEXT NOT NULL,
  note TEXT DEFAULT NULL
);

Some Sample URLs that will be needed during the project.

Roles:

  • POST /roles - Create a new role with a name and permission bitmask
  • GET /roles - Retrieve a list of all available roles
  • GET /roles/:id - Retrieve details of a specific role by ID
  • PUT /roles/:id - Update an existing role’s name and/or permission bitmask
  • DELETE /roles/:id - Delete an existing role by ID

User Roles:

  • GET /users/:id/roles - Retrieve a list of roles assigned to a specific user
  • PUT /users/:id/roles/:roleId - Assign a role to a specific user by ID and role ID
  • DELETE /users/:id/roles/:roleId - Remove a role from a specific user by ID and role ID

Admin Actions:

  • GET /admin/users - Retrieve a list of all users
  • GET /admin/users/:id - Retrieve details of a specific user by ID
  • PUT /admin/users/:id/block - Block a specific user by ID
  • PUT /admin/users/:id/unblock - Unblock a specific user by ID
  • DELETE /admin/users/:id - Delete a specific user by ID
  • PUT /admin/users/:id - Edit a specific user Details by ID

Others:

  • PUT /relationships/:id - Update a specific relationship by ID
  • PUT /identifiers/:id - Update a specific identifier by ID
  • POST /relationships - Create Relationships
  • POST /identifiers - Create identifiers
  • POST /reindex - Trigger a search server reindex
  • GET /admin-log - Public log of administration actions
  • POST /admin-log - Create public log of administration actions.

Sample Rough Designs.

Searching Users and editing them
|639x444.848476789972

Admin Log Information

Additional Question
Q: Can you tell us about the computer(s) you have available for working on your SoC project?

A: Sure! I have a Legion Y540 laptop with 16 GB of RAM, 4 GB of VRAM, and an i5 9th gen processor. It runs on Windows OS, but I also have WSL2 installed for running Linux-based tools and applications. This configuration should be sufficient for my project’s requirements, and I’m confident that I can use it to complete the project successfully.

Q: When did you first start programming?

A: I started coding when I was in high school, around 4 years ago.

Q: If applying for a BookBrainz project, what type of books do you read?

A: I usually don’t read many books apart from technical skill books like Head First Java, O’Reilly Series, etc. I like listening to rap, pop, and Hollywood mashup songs.

Q: What aspects of the project you’re applying for (e.g., MusicBrainz, AcousticBrainz, etc.) interest you the most?

A: I am applying for the BookBrainz project. I want to contribute to this organization as data is going to fuel this world, and as AI is growing at a fast pace, the type of data available in BookBrainz will be really helpful for many people.

Q: Have you ever used MusicBrainz to tag your files?

A: I haven’t tried it, but I am interested in giving it a try.

Q: Have you contributed to other Open Source projects? If so, which projects, and can we see some of your code?

A: Yes, I am new to open source and have started contributing to open source recently. I have contributed to BookBrainz and Mathesar.

Q: If you have not contributed to open-source projects, do you have other code we can look at?

A: Yes, you can check my Github repository, and my portfolio.

and projects on which I have worked as a backend developer during internships https://techprofile.org/recruiter/dashboard, http://cryptoresearchfund.com/.

Q: What sorts of programming projects have you done on your own time?

A: I have created apps like e-commerce, social media, reselling, chat app, etc. using the MERN stack. I have used sklearn and TensorFlow for ML projects.

Q: How much time do you have available, and how would you plan to use it?

A: I can dedicate 35 hours per week and plan to use my time efficiently by focusing on the project’s priorities and completing tasks on time. I would also make sure to communicate effectively with the team and seek guidance whenever necessary.

Availability and Time Commitment for GSOC

The time I can dedicate to the GSOC is approximately 35 hours per week. Between May 8-14, I will have end-semester practical exams, but I have planned the tasks for this time frame that would require less time. Nevertheless, I will still deliver what I have promised.

About Me

Hi there! My name is Siddharth Tiwari, and I am a 20-year-old Bachelor of Technology student at Shri Vaishnav Vidyapeeth Vishwavidyalaya in Indore, India. As a full-stack developer, I have practical experience in a variety of programming languages, such as Python, JavaScript, Java, and C++, and I have a good understanding of front-end and back-end development. I also have experience with cloud technologies and DevOps.

In addition to my technical skills, I am interested in AI/ML. I work part-time as a Python, backend, and AWS developer (intern) at I8labs, where I am gaining valuable experience in the industry. Before this, I completed an internship at Unicorn Vision as a Python developer, where I learned new skills and gained practical experience.

In my free time, I enjoy exploring new technologies and staying updated with the latest developments in the tech industry. I also enjoy watching movies and socializing with friends. I am committed to continuing my learning and growth in the field of software development and believe that staying on top of the latest technologies and best practices is critical to success in this field. I am excited to see where my passion and experience will take me in my career.

My Tech Stack.

Languages: Python, JavaScript, Java, C++, TypeScript, SQL, HTML, CSS

Frameworks: Express, React, Django, Next.js, sklearn, TensorFlow

Cloud: AWS, Google Firebase

Database: MySQL, MongoDB

Other: Machine Learning, REST, GraphQL, AWS Lambda, Node.js, Docker

Previous experience

Incubate Technology Lab Pvt (I8labs): October 2021 – Present

As a Python, Backend, and AWS developer (Part Time intern) at Incubate Technology Lab Pvt, my primary responsibility was to design, develop and maintain a complex serverless backend architecture using AWS Lambda and other AWS services. I also used event-based programming to create event-driven microservices that would trigger serverless functions in response to specific events.

I worked extensively with AWS Lambda to create serverless functions that would run on the cloud without the need for any physical servers. This allowed for a highly scalable and cost-effective solution that could handle large amounts of traffic and data. To handle API requests from the front end, I created an API using AWS API Gateway and designed the API to handle different types of requests.

For database management, I worked on MySQL to design, develop and maintain the database. This involved creating database schemas, writing queries, and optimizing the database’s performance.

I integrated third-party APIs into the backend to access data and perform analysis using Python. This required me to have a good understanding of data analysis techniques and Python libraries such as Pandas and NumPy.

I also created CI/CD pipelines with AWS to automate the deployment and testing of the backend code. This allowed for faster and more efficient development cycles, improving the overall quality of the code.

Throughout my role, I worked closely with the front-end team to fulfill their requirements and ensure seamless integration between the backend and front end. This involved collaborating on the design and architecture of the application, as well as providing technical support and troubleshooting as needed.

Moreover, I have experience working with various other AWS services such as S3, SQS, Step Functions, Event Bridge, and more. This experience has given me a deep understanding of how to design and implement scalable, reliable, and cost-effective cloud-based solutions using AWS.

Unicorn Vision: July 2021 – September 2021

I have completed an internship previously at Unicorn Vision, Where I worked as a Python Developer, Where I had the opportunity to work on a challenging project that involved creating a multipage complex front end using Python and Tkinter from scratch. My role required me to work closely with my manager to provide an intuitive and user-friendly interface that would allow users to navigate between different pages and perform a variety of tasks.

In addition to designing the front end, I was also responsible for consuming APIs in the application for data exchange and implementing authentication and authorization to ensure that only authorized users could access sensitive information. This required me to have a good understanding of API integration.

To improve the performance of the application and enable it to handle multiple tasks simultaneously, I implemented multithreading. This allowed the application to perform multiple tasks in the background, improving the overall user experience.

Another important aspect of my role was to incorporate video capturing into the application using OpenCV. This required me to have a good understanding of computer vision and image processing techniques. I was able to use OpenCV to capture video in real time and display it on the application’s front end, which added a new dimension to the application’s functionality.

Finally, I used AWS S3 to upload media to the cloud in the background. This allowed users to store and access their files from anywhere, and it also improved the scalability and reliability of the application.

Overall, my experience as a Python Developer Intern at Unicorn Vision was extremely rewarding. I had the opportunity to work on a complex project that required me to use a variety of skills and technologies, and I was able to contribute to the development of an innovative and cutting-edge application.

Why should you select me?

I believe that I would be an excellent fit for the given project. As a full-stack developer with two years of internship experience, I have practical knowledge of a variety of programming languages, including Python, JavaScript, Java, and C++. My expertise in Node.js, SQL, and Express.js would be particularly useful in the development of the administration system.

In addition to my technical skills, I have experience creating admin systems for previous projects, which has given me an understanding of what’s required to create an effective and efficient system. I’m confident that I can leverage this experience to create a usable administration system with arbitrary levels of privileges, as per the given project requirements.

I’m also passionate about staying up-to-date with the latest developments in the tech industry, and I spend my free time exploring new technologies and learning new skills. I believe that keeping up with the latest technologies and best practices is critical to success in the field of software development.

Lastly, my previous work experience as a part-time Python, backend, and AWS developer (intern) at I8labs, as well as my previous internship at Unicorn Vision as a Python developer, has given me valuable experience in the industry. This experience has taught me how to write efficient, maintainable code and collaborate effectively with other developers. I have around 2 years of internship experience as a Software developer.

Overall, I believe that my technical skills, experience, and passion for learning make me an ideal candidate for the given project. I’m excited about the opportunity to work on this project and deliver a high-quality, functional administration system that meets the project’s requirements.

3 Likes

Thanks for submitting a draft @Siddhart1o1 !

Some of the aspects in the first two weeks of the project I would expect would already be done by the time the coding period begins: Setting up your development environment, being familiar with the relevant parts of the database schema and its required changes, having goals anda precise timeline already discussed.
On the other side of the same coin you only give yourself two weeks to implement the main feature of the project, test it and fix issues, which sounds like it’s going to be tight.
I would also definitely want to see all the code review, test suites, testing, documentation and final touches done and finished for the main feature of the project before thinking about implementing the extended goals.


I do have a specific comment about roles, which I'll copy over from another post I wrote: The proposed system only suggests three roles (which could have been a `type` column instead, probably) but we are bound to end up with more complicated use-cases and combinations of roles. Can I be an admin but not have some data modification rights? Can I have some admin rights, but not the right to delete users? Can I be a privileged user that can edit relationship types, but not have the right to reindex? What if we want to prevent a user from entering edits? In short, the system as proposed is not very extensible/future-proof.

I know MusicBrainz uses another type of system to define permissions with bit masking I believe. Have a look at the flags they can set: musicbrainz-server/constants.js at master · metabrainz/musicbrainz-server · GitHub
You can ask someone from the MusicBrainz team in the #metabrainz IRC channel who could have more information about how this is used and set.
Consequently, the database tables and the middleware would be different.
For one, we would only need a numeric column on the user table to define multiple privileges, since the numeric flags can be combined.


You only suggest three API endpoints for the admin panel. What other endpoints would be implemented? Currently I don't see a lot of details on the meat of the project.

@mr_monkey
Thank you for your feedback. I have made some changes based on your suggestions. Please take a look. Thanks!

1 Like

Hi, thanks for updating your proposal @Siddhart1o1
In particular nice job on discussing the binary permission flags and on fleshing out the list of endpoints.

I do have a question regarding the user_roles table. I’m a bit confused as for the need of the user_roles and roles tables. In user_roles you have a permissions column, presumably the number representing the accumulated permission flags, but you also have a role_id column to point to the role table which has a permission number as well.
I think maybe a new column on the editor table would be sufficient to represent all this without the need for the two new tables.
perhaps I misunderstand something and those tables would be used elsewhere?

In your middleware you mention req.user.custom_permissions which would presumably be a column on the editor table, but you don’t mention it anywhere else.

I’m also a bit confused by some repeated endpoints. For example you have PUT and DELETE routes /users/:id/roles/:roleId and separate /admin/users/:id/roles/:roleId routes.
Why is there a separate admin-only route for those operations?

Similarly /admin/users/… and /admin-panel/users/… seem to be duplicated. What am I missing?

The /edit route for your extended role doesn’t look quite right. Did you mean relationship/edit // identifier/edit?

Thank you, @mr_monkey, for the review. You were correct in suggesting that we can add a ‘permissions’ column to the current table, which would eliminate the need for two separate tables and also save time during implementation. I have added a note to the proposal, stating this. Previously, I added a note for the ‘roles’ table, and now I have also added a note for the ‘user_roles’ table, suggesting that we discuss the pros and cons of both approaches and choose the best one for our requirements.

Regarding the API URLs, I apologize for my mistake. I made changes in the document file that I will submit, but I forgot to make those changes here. I will make sure to keep them consistent.

Lastly, I mentioned ‘custom_permissions’ to explain how we plan to implement them. This was purely for explanatory purposes, and their values will come solely from the ‘permissions’ column in the database. However, I realized that this might have caused confusion, so I have since revised the wording to make it clear and consistent

I have updated the proposal based on your feedback, and I would appreciate your thoughts on the changes. Thank you for taking the time to review my work.