95 lines
4.5 KiB
Markdown
95 lines
4.5 KiB
Markdown
# Students Backend
|
|
|
|
## Purpose
|
|
|
|
`students` is the per-organization student roster. It is a generic-CRUD slice assembled from
|
|
the shared factories; the backend is the source of truth for student records.
|
|
|
|
## Slice Files (by layer)
|
|
|
|
- Route: `src/routes/students.ts` — `createCrudRouter(controller, { permission: 'students' })`.
|
|
- Controller: `src/api/controllers/students.controller.ts` — `createCrudController(service, { csvFields })`.
|
|
- Service (BLL): `src/services/students.ts` — `createCrudService(DbApi, { notFoundCode: 'studentsNotFound' })`.
|
|
- Repository (DAL): `src/db/api/students.ts` (`StudentsDBApi`) — entity-specific
|
|
`create`/`bulkImport`/`update`/`findBy`/`findAll`; `remove`/`deleteByIds`/`findAllAutocomplete`
|
|
delegate to `db/api/shared/repository.ts`.
|
|
- Model: `src/db/models/students.ts`.
|
|
- Shared used: CRUD factories (`services/shared/crud-service.ts`,
|
|
`api/controllers/shared/crud-controller.ts`, `api/http/crud-router.ts`), repository helpers
|
|
(`db/api/shared/repository.ts`), `shared/constants/pagination.ts` (`resolvePagination`),
|
|
`db/api/file.ts` (`replaceRelationFiles` for the photo relation).
|
|
|
|
## API
|
|
|
|
The standard generic-CRUD surface (all under `/api/students`, JWT + `${METHOD}_STUDENTS`
|
|
permission, all `200`) — see `backend-architecture.md` "Module authoring" / the planned
|
|
`shared-crud-factories.md` for the shared contract:
|
|
|
|
- `POST /` — body `{ data }`, returns `true`.
|
|
- `POST /bulk-import` — multipart CSV file, returns `true`.
|
|
- `PUT /:id` — body `{ data, id }` (the service reads the id from the **body**, not the path
|
|
param), returns `true`.
|
|
- `DELETE /:id` — returns `true`.
|
|
- `POST /deleteByIds` — body `{ data: string[] }`, returns `true`.
|
|
- `GET /` — query filters, returns `{ rows, count }`; `?filetype=csv` streams a CSV of `csvFields`.
|
|
- `GET /count` — returns `{ rows: [], count }`.
|
|
- `GET /autocomplete` — `?query&limit&offset`, returns `[{ id, label }]` where `label` is
|
|
`student_number`.
|
|
- `GET /:id` — returns the record with eager associations (see Data Contract).
|
|
|
|
`csvFields`: `id`, `student_number`, `first_name`, `last_name`, `email`, `phone`, `address`,
|
|
`date_of_birth`, `enrollment_date`.
|
|
|
|
## Access Rules
|
|
|
|
- JWT required; the whole router is guarded by `checkCrudPermissions('students')`, deriving
|
|
`READ_STUDENTS` / `CREATE_STUDENTS` / `UPDATE_STUDENTS` / `DELETE_STUDENTS` per HTTP method.
|
|
- Access is granted by role permission or per-user `custom_permissions` (see `permissions.md`).
|
|
|
|
## Tenant Scope
|
|
|
|
- `findAll` scopes `where.organizationId` to `currentUser.organizationId`; a `globalAccess`
|
|
role clears the org filter (sees all tenants).
|
|
- `create` assigns the organization from `currentUser.organizationId`; `update` only reassigns
|
|
organization for `globalAccess` users (otherwise it stays the caller's org).
|
|
|
|
## Data Contract
|
|
|
|
Model columns (`paranoid`, soft-delete via `deletedAt`):
|
|
|
|
- `id` (UUID PK), `student_number`, `first_name`, `last_name`, `email`, `phone`, `address`
|
|
(all TEXT, nullable).
|
|
- `gender` — ENUM `male` | `female` | `other` | `prefer_not_to_say`.
|
|
- `status` — ENUM `prospect` | `enrolled` | `inactive` | `graduated` | `transferred`.
|
|
- `date_of_birth`, `enrollment_date` — DATE.
|
|
- `importHash` (unique), `campusId`, `organizationId`, `createdById`, `updatedById`, timestamps.
|
|
|
|
Associations: `belongsTo` organization, campus, createdBy/updatedBy (users); `hasMany`
|
|
`guardians_student`, `class_enrollments_student`, `attendance_records_student`,
|
|
`invoices_student`, `assessment_results_student`; `hasMany` file as `photo` (scoped relation).
|
|
`findBy`/`GET /:id` eager-load all of these in a single `Promise.all`.
|
|
|
|
List filters (`StudentsFilter`): `id`, `student_number`, `first_name`, `last_name`, `email`,
|
|
`phone`, `address`, `date_of_birthRange`, `enrollment_dateRange`, `gender`, `status`, `campus`
|
|
(id or name, `|`-separated), `organization`, `createdAtRange`, plus `field`/`sort` ordering and
|
|
`limit`/`page` pagination.
|
|
|
|
## Behavior / Notes
|
|
|
|
- `create`/`bulkImport`/`update` manage the `photo` file relation via
|
|
`FileDBApi.replaceRelationFiles`.
|
|
- `bulkImport` offsets `createdAt` per row by `BULK_IMPORT_TIMESTAMP_STEP_MS` to preserve order.
|
|
- List pagination uses the shared `resolvePagination` defaults (page size 10, capped at 100).
|
|
- Note: `StudentsFilter` accepts an `active` flag the model has no column for; it is currently
|
|
inert (kept for source accuracy).
|
|
|
|
## Tests
|
|
|
|
None yet.
|
|
|
|
## Related
|
|
|
|
- Generic-CRUD contract: `backend-architecture.md`; related slices: `guardians`,
|
|
`class_enrollments`, `attendance_records`, `invoices`, `assessment_results`, `campuses`,
|
|
`file.md`, `permissions.md`.
|