This project is designed to test potential hires for structure and Django understanding. It has several flaws the candidate should identify and fix.
To begin follow steps in the getting started section. After initial setup, create a new git branch for your work. Then tackle each section marked as a ticket in order. To consider a ticket complete you will need replicate, resolve the complaint, and write meaningful unit tests for your solution. Comment & add documentation where necessary
Once complete, submit a pull request to merge your improvements & fixes to the master
branch.
- Install Requirements
a. Create a python3 virtual environment
b. activate it
c. Install requirementspip install -r requirements.txt
- Create a postgres database called
hotdogger
a. psql
b.CREATE DATABASE hotdogger;
- Run migrations
python manage.py migrate
- Install fixtures
python manage.py loaddata vendors/fixtures/data.json
- Create a super user
python manage.py createsuperuser
- Start the instance
python manage.py runserver
- Visit http://localhost:8000/accounts/signup/
Note: users/employees need to be added to an employer/vendor. You can create a view to do this or do so in the django admin at /admin/
.
Hotdogger utilizes Django REST Swagger for its API docs. In debug mode, this documentation is available at /api-docs/
.
Hotdogger uses the standard testing library for both DRF and Django.
Coverage reports can be generated by running coverage run manage.py test
. To view the coverage report coverage report -m
.
QA witnessed a regression in test coverage. Please confirm regress and update and/or create unit tests where necessary. For this ticket do not worry about failing tests. Just add tests where necessary to achieve 100% test coverage. Broken test will be resolved later. This is just a warmup ;)
The CEO of Hotdogger Inc was browsing the site while not logged in. He was able to view the vendor list without being authenticated. Needless to say, this is a major problem. Investigate all endpoints and implement security measures. Then prove with unit tests that this is no longer a problem.
Bonus points if you can ensure most hotdogger urls are protected.
Hint:
from django.urls import get_resolver
urls = set(v[1] for k,v in get_resolver(None).reverse_dict.items())
Some of the urls in this url set will need to be available for non-authenticated users. So those urls should be whitelisted.
It appears vendors are able to see their competitor's product offering. Often, this is a major competitive advantage for a vendor. This represents a breach of trust. Ensure vendors can only see their own offerings. This applies to BOTH /vendors/items/ and the API.
Hot dog options not yet available are showing up in the vendor items list view. Make sure that only available products are displayed.
Our clients are starting to notice a lag in response times in the vendor item listing. Investigate. If possible improve page queries WITHOUT the aid of caching.
Some clients have 100s of product offerings. Limit the number of offerings to 20 items per page. Utilize features of django's ListView feature to achieve this. There's a prebuilt template partial you will need to include for pagination navigation in the `templates' dir.