GitLab

In this merge request, I implemented the "My Projects" functionality on the backend, allowing users (students, professors, and institutions) to view and create extension projects they are involved in. This implementation follows the acceptance criteria outlined in the user story and related test cases.

However, it's important to note that a secure authentication mechanism has not been implemented at this stage. Currently, any user with access to the userId parameter could potentially view or modify project information without proper verification. In a production environment, this poses a significant security risk. The current implementation lacks proper protection to ensure that only authenticated and authorized users can access or manage their projects.

Looking ahead, it will be necessary to address this issue by implementing a secure authentication and authorization mechanism, such as JWT (JSON Web Token), to ensure that users can only access their own data and perform actions they are authorized for. This will help prevent unauthorized access and provide a more secure user experience.

While this implementation meets the functional requirements, revisiting and securing these routes in the future will be essential to guarantee the integrity and safety of user data.