Skip to content

Sprint 3 Deliverables

Jump to bottom
Andy Chhuon edited this page Mar 26, 2023 · 5 revisions

Task Breakdown

4. As an employer, I would like to add and manage postings to the system

With an employer account, you should be able to add/edit/delete job postings

  • Implement add/edit/delete page
  • Implement add/edit/delete actions
  • Ensure changes are reflected in database

5. As a student, I can apply to an employer's posting and get informed for an interview

With a student account, you can use the apply button, upload your documents and submit an application to an available job posting.

  • Implement apply button
    • Ensure uploaded files are added to database
  • Implement user alerts when selected for an interview

6. As a user, I want to have a page where I can see my notifications

You should be able to see the notification received on its designated page

  • Create a notification center design and get it approved.
  • Implement design in HTML/CSS
  • Add and update implemented design to website as a page in react

7. As a user, I should only be able to login if my credentials are correct

As a user, you can only log in if the correct email and password is inputted.

  • Ensure you can access your information only if log in information is correct
    • Use jwt tokens to keep track of user credentials

The following excel sheet contains user stories, tasks, story points and assignees: https://docs.google.com/spreadsheets/d/1NGPd3LcKOMYtZxiCZYADp3lOLxzcUDway6bnKDDc1b8/edit?usp=sharing

User stories points and risks

  1. As an employer, I would like to add and manage postings to the system (3 story points see meeting minutes)

  • Risks: There exists a risk of having unwanted actors capable to editing job postings. It is important that only the recruiter who created the job can manage this same posting. (high risk)

  • Countermeasures: Implement authentication measures, using JWT tokens. On login, each user is given a JWT token in which the id is stored. In order to call the edit posting API endpoint, the user must authenticate with their JWT token. The controller will only allow editing of the posting if the ID inside of the JWT token corresponds to the ID of the recruiter that created the job.

  1. As a student, I can apply to an employer's posting and get informed for an interview (8 story points see meeting minutes)

  • Risks: There exists a risk that the user will not receive the notification or will not see it. (low risk)

  • Countermeasures: Implement email alerts as back up to ensure user sees alert.

  1. As a user, I want to have a page where I can see my notifications (8 story points see meeting minutes)

  • Risks: There exists a risk that the user will not be notified as soon as the interviews are sent. (low risk)

  • Countermeasures: Information about the user, which is stored as context in our React app, contains an array of notifications. This way, since information is reloaded regularly, the user will be able to see the notification almost instantly.

  1. As a user, I should only be able to login if my credentials are correct (5 story points see meeting minutes)

  • Risks: There exists a risk of exposing user's passwords in case of a data breach. (high risk)

  • Countermeasures: Upon sign up, the passwords are encrypted using BCrypt and only the hashed password is stored in the database. With BCrypt, a new salt is generated every time a password is encrypted. This way, even if the database is accessed by an unwanted user, it is impossible to find the password corresponding to each account.

Home

Sprint 1

Sprint 2

Sprint 3

Sprint 4

Clone this wiki locally