4.5 KiB
Students Backend
Purpose
students is the per-organization student roster. It is a generic-CRUD slice assembled from
the shared factories; the backend is the source of truth for student records.
Slice Files (by layer)
- Route:
src/routes/students.ts—createCrudRouter(controller, { permission: 'students' }). - Controller:
src/api/controllers/students.controller.ts—createCrudController(service, { csvFields }). - Service (BLL):
src/services/students.ts—createCrudService(DbApi, { notFoundCode: 'studentsNotFound' }). - Repository (DAL):
src/db/api/students.ts(StudentsDBApi) — entity-specificcreate/bulkImport/update/findBy/findAll;remove/deleteByIds/findAllAutocompletedelegate todb/api/shared/repository.ts. - Model:
src/db/models/students.ts. - Shared used: CRUD factories (
services/shared/crud-service.ts,api/controllers/shared/crud-controller.ts,api/http/crud-router.ts), repository helpers (db/api/shared/repository.ts),shared/constants/pagination.ts(resolvePagination),db/api/file.ts(replaceRelationFilesfor the photo relation).
API
The standard generic-CRUD surface (all under /api/students, JWT + ${METHOD}_STUDENTS
permission, all 200) — see backend-architecture.md "Module authoring" / the planned
shared-crud-factories.md for the shared contract:
POST /— body{ data }, returnstrue.POST /bulk-import— multipart CSV file, returnstrue.PUT /:id— body{ data, id }(the service reads the id from the body, not the path param), returnstrue.DELETE /:id— returnstrue.POST /deleteByIds— body{ data: string[] }, returnstrue.GET /— query filters, returns{ rows, count };?filetype=csvstreams a CSV ofcsvFields.GET /count— returns{ rows: [], count }.GET /autocomplete—?query&limit&offset, returns[{ id, label }]wherelabelisstudent_number.GET /:id— returns the record with eager associations (see Data Contract).
csvFields: id, student_number, first_name, last_name, email, phone, address,
date_of_birth, enrollment_date.
Access Rules
- JWT required; the whole router is guarded by
checkCrudPermissions('students'), derivingREAD_STUDENTS/CREATE_STUDENTS/UPDATE_STUDENTS/DELETE_STUDENTSper HTTP method. - Access is granted by role permission or per-user
custom_permissions(seepermissions.md).
Tenant Scope
findAllscopeswhere.organizationIdtocurrentUser.organizationId; aglobalAccessrole clears the org filter (sees all tenants).createassigns the organization fromcurrentUser.organizationId;updateonly reassigns organization forglobalAccessusers (otherwise it stays the caller's org).
Data Contract
Model columns (paranoid, soft-delete via deletedAt):
id(UUID PK),student_number,first_name,last_name,email,phone,address(all TEXT, nullable).gender— ENUMmale|female|other|prefer_not_to_say.status— ENUMprospect|enrolled|inactive|graduated|transferred.date_of_birth,enrollment_date— DATE.importHash(unique),campusId,organizationId,createdById,updatedById, timestamps.
Associations: belongsTo organization, campus, createdBy/updatedBy (users); hasMany
guardians_student, class_enrollments_student, attendance_records_student,
invoices_student, assessment_results_student; hasMany file as photo (scoped relation).
findBy/GET /:id eager-load all of these in a single Promise.all.
List filters (StudentsFilter): id, student_number, first_name, last_name, email,
phone, address, date_of_birthRange, enrollment_dateRange, gender, status, campus
(id or name, |-separated), organization, createdAtRange, plus field/sort ordering and
limit/page pagination.
Behavior / Notes
create/bulkImport/updatemanage thephotofile relation viaFileDBApi.replaceRelationFiles.bulkImportoffsetscreatedAtper row byBULK_IMPORT_TIMESTAMP_STEP_MSto preserve order.- List pagination uses the shared
resolvePaginationdefaults (page size 10, capped at 100). - Note:
StudentsFilteraccepts anactiveflag the model has no column for; it is currently inert (kept for source accuracy).
Tests
None yet.
Related
- Generic-CRUD contract:
backend-architecture.md; related slices:guardians,class_enrollments,attendance_records,invoices,assessment_results,campuses,file.md,permissions.md.