The CMPT276 SFU Staff Rating System is a secure (legally unsafe) CRUD web application that allows SFU students to evaluate professors and teaching staff. It ensures data integrity through a custom-built server-side validation engine (also known as a single static Java class that uses basic regular expressions and does not always work).
| Method | Endpoint | Description | Expected Response |
|---|---|---|---|
| GET | / |
Retrieves all staff ratings from the database. | 200 OK (index.html) |
| GET | /view/{id} |
Fetches detailed information for a specific staff ID. | 200 OK (view.html) |
| GET | /edit/{id} |
Loads the edit form populated with existing staff data. | 200 OK (edit.html) |
| POST | /add |
Validates and persists a new staff rating. | 302 Redirect (Home) |
| POST | /edit/{id} |
Updates an existing staff rating after re-validation. | 302 Redirect (View) |
| POST | /delete/{id} |
Removes a specific staff rating from the system. | 302 Redirect (Home) |
Rating.javacontains all attributes associated with a rating object. The following is an object-oriented design of the model:RatingController.javahandles all the HTTP requests sent from users, encapsulating them intoRatingand fetching them to view endpoints.
public class Rating {
private Integer staffID;
private String staffName;
private String staffEmail;
private RoleType staffRoleType;
private Integer ratingClarity;
private Integer ratingKnowledge;
private Integer ratingNiceness;
private String comment;
}Watchdog.javadefines the validation methods that ensure secure and consistent data entry across the system. This is the most complicated validation system there is, state-of-the-art, written by a C++ competitive programmer who learned Java for the first time. It does not work, unsurprisingly.Watchdogchecks for special characters fetched from the input fields, and returnsFALSEupon detection. This is to ensure that users are not injecting the application with bogus data and potentially dangerous HTML tags that execute commands.
public class Watchdog {
public static boolean isValidEmail(String email);
public static boolean isValidRating(Integer rating);
public static boolean isValidString(String str);
public static boolean isValidRoleType(String roleType);
public static boolean isValidRatingInput(
String staffName,
String staffEmail,
String staffRoleType,
String comment,
Integer ratingClarity,
Integer ratingKnowledge,
Integer ratingNiceness
);
}- Elements overlap or misalign on smaller screens.
- Text and buttons may overflow their containers.
- Overall layout not optimized for touch interaction.
- No proper UX feedback when an error occurs.
- Server redirects instead of showing an error message.
- Missing dedicated error page or error state handling.
- Certain invalid or malformed data still passes validation. Such data can disrupt the UI's visual formatting.
- Does not affect backend or database integrity.