Ski Instructor API - Spring 2025

Backend Exam Assignments Spring 2025

This document is an exam assignment for Datamatiker students. After submission, the code in the main branch must no longer be changed.

Practicalities

Allowed resources: written materials, personal computers, laptops, extra monitors, and internet resources. Headphones and listening to music are allowed.
Prohibited: communication with anyone (social media, forums, emails, SMS, chatrooms, etc.).
Do not store solutions on external networks or drives/hosts like Facebook, OneDrive, Google Drive, etc. Do not share your code on GitHub until the end of the exam.
Duration: 5 hours.

Hand in on Wiseflow

Upload a document (.txt or .pdf) with:

A zip file containing your project, including the README.md file.
A link to your GitHub repository (from the browser address bar). Push solutions only at the end of the exam.

Background

The Ski Lesson Booking API is a backend system for an e-commerce platform where tourists can browse and book ski lessons. The system manages tourist profiles, ski lessons, lesson schedules, and exposes REST endpoints via Javalin. Persistence uses JPA/Hibernate, includes DTOs, REST testing, external API integration (for ski lesson instructions), and JWT-based authentication.

Non-Functional Requirements

Category	Requirement
Architecture & Technology	Build with Java, Javalin, JPA/Hibernate.
Data Persistence	Entities and DAOs must use JPA annotations.
DTO Usage	All REST communication must use DTOs.
API Design	Expose REST endpoints (`GET`, `POST`, `PUT`, `DELETE`) following standard conventions.
Error Handling and Validation	Exceptions returned as JSON with meaningful messages and HTTP status codes.
External Integration	Consume external API for ski lesson instructions based on level.
Testing	Test all REST endpoints using JUnit and Rest Assured.
Security	Implement JWT authentication and role-based access control.
Documentation	Include a clear `README.md` with progress and design decisions.
Maintainability	Modular code with clear separation between Controller, DAO, DTO, Entity, and Routes.
Reliability	Unit and integration tests for critical business logic.

Suggested Enum Values and Example Data

SkiLesson Levels

Enum Value	Description
BEGINNER	For first-time skiers
INTERMEDIATE	For skiers with some experience
ADVANCED	For experienced skiers

Example Tourists

ID	Firstname	Lastname	Email	Phone
1	Emma	Nielsen	emma@example.com	12345678
2	Jonas	Madsen	jonas@example.com	87654321
3	Freja	Lund	freja@example.com	11223344

Example SkiLessons

ID	Name	Start Time	End Time	Location (Lat,Lon)	Level	Price
1	Beginner Basics	2025-12-10 09:00	2025-12-10 11:00	55.6761,12.5683	BEGINNER	300
2	Intermediate Carving	2025-12-10 12:00	2025-12-10 14:00	55.6761,12.5683	INTERMEDIATE	400
3	Advanced Off-Piste	2025-12-11 09:00	2025-12-11 13:00	55.6761,12.5683	ADVANCED	600

Relationships

Each Tourist can book multiple SkiLessons.
Each SkiLesson can have multiple Tourists enrolled.

User Stories

US-1: As a system administrator

I want to configure the database and JPA entities
so that the system can persist ski lessons and tourist data.

Acceptance Criteria

Entities: Tourist and SkiLesson.
Relationships: Many-to-many between tourists and lessons.
Initialize sample data via a Populator class.

US-2: As a developer

I want to implement DAOs for tourists and ski lessons
so that I can manage persistence consistently.

Acceptance Criteria

SkiLessonDAO and TouristDAO implement CRUD operations using a generic IDAO interface.
Use DTOs for all input/output.
Add methods to manage bookings (link/unlink tourists to lessons).

US-3: As a REST API consumer

I want REST endpoints for tourists and ski lessons
so that I can create, read, update, delete, and book lessons.

Acceptance Criteria

Method	Route	Description
GET	/skilessons	Get all ski lessons
GET	/skilessons/{id}	Get lesson by ID, including enrolled tourists
POST	/skilessons	Create a lesson
PUT	/skilessons/{id}	Update lesson
DELETE	/skilessons/{id}	Delete lesson
GET	/tourists	Get all tourists
GET	/tourists/{id}	Get tourist by ID, including booked lessons
POST	/tourists	Create a tourist
PUT	/tourists/{id}	Update tourist
DELETE	/tourists/{id}	Delete tourist
PUT	/bookings/{touristId}/{lessonId}	Book a tourist onto a lesson
DELETE	/bookings/{touristId}/{lessonId}	Cancel a tourist’s booking

US-4: As a user

I want to filter ski lessons by level
so that I can view lessons for beginners, intermediates, or advanced skiers.

Acceptance Criteria

Endpoint filters lessons by level.
Include total duration or price summary per lesson.

US-5: As a system integrator

I want to enrich ski lesson data with external instructions
so that tourists receive guidance for each level.

Acceptance Criteria

Fetch data from https://apiprovider.cphbusinessapps.dk/api/v1/skilesson/{level}.
Add instructions to lesson responses.
Provide a summary endpoint with total duration per lesson.

US-6: As a tester

I want automated tests for REST endpoints
so that the API is verified and regressions are avoided.

Acceptance Criteria

Each endpoint is tested using JUnit and Rest Assured.
Tests verify JSON responses, status codes, and data integrity.

US-7: As a secure API consumer

I want JWT-based authentication and role-based authorization
so that only authorized users can create, update, or delete lessons and tourists.

Acceptance Criteria

POST /login returns JWT token.
Protected endpoints require token and admin role for modification.
Unauthorized access returns 401 Unauthorized.

Guiding Grading Criteria

Dimension	Points	Consider
REST design & correctness	25	Endpoints, Controller, DTOs, status codes
Data model & JPA mapping	25	Entities, relations, cascading, annotations
External API integration	15	Fetching and including lesson instructions
Security (JWT + roles)	10	Enforce roles and adjust tests
Testing	15	Coverage, success/failure paths, isolation
Error handling & validation	5	JSON exceptions, input validation
Code quality & README	5	Clarity, modularity, how-to-run instructions
Total	100