fix cascading on group entities#93
Conversation
Reviewer's GuideThis PR enhances the Group entity by introducing cascade-managed one-to-many relationships for expenses and balances (with orphan removal) and updates the Postman API collection for testing. Class diagram for updated Group entity relationshipsclassDiagram
class Group {
List~GroupInvitation~ invitations
List~Expense~ expenses
List~GroupBalance~ balances
void addMember(User user, GroupRole role)
}
class GroupInvitation {
Group group
}
class Expense {
Group group
}
class GroupBalance {
Group group
}
Group "1" --o "*" GroupInvitation : cascade+orphanRemoval
Group "1" --o "*" Expense : cascade+orphanRemoval
Group "1" --o "*" GroupBalance : cascade+orphanRemoval
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Hey @oskargawr - I've reviewed your changes and they look great!
Blocking issues:
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
- JWT token detected (link)
Prompt for AI Agents
Please address the comments from this code review:
## Security Issues
### Issue 1
<location> `backend/src/main/resources/fare share.postman_collection.json:80` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 2
<location> `backend/src/main/resources/fare share.postman_collection.json:154` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 3
<location> `backend/src/main/resources/fare share.postman_collection.json:183` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 4
<location> `backend/src/main/resources/fare share.postman_collection.json:262` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 5
<location> `backend/src/main/resources/fare share.postman_collection.json:470` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 6
<location> `backend/src/main/resources/fare share.postman_collection.json:497` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 7
<location> `backend/src/main/resources/fare share.postman_collection.json:699` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 8
<location> `backend/src/main/resources/fare share.postman_collection.json:727` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 9
<location> `backend/src/main/resources/fare share.postman_collection.json:783` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 10
<location> `backend/src/main/resources/fare share.postman_collection.json:810` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 11
<location> `backend/src/main/resources/fare share.postman_collection.json:907` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 12
<location> `backend/src/main/resources/fare share.postman_collection.json:962` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 13
<location> `backend/src/main/resources/fare share.postman_collection.json:1149` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 14
<location> `backend/src/main/resources/fare share.postman_collection.json:1321` </location>
<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
*Source: gitleaks*
</issue_to_address>
### Issue 15
<location> `backend/src/main/resources/fare share.postman_collection.json:80` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 16
<location> `backend/src/main/resources/fare share.postman_collection.json:154` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 17
<location> `backend/src/main/resources/fare share.postman_collection.json:183` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 18
<location> `backend/src/main/resources/fare share.postman_collection.json:262` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 19
<location> `backend/src/main/resources/fare share.postman_collection.json:470` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 20
<location> `backend/src/main/resources/fare share.postman_collection.json:497` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 21
<location> `backend/src/main/resources/fare share.postman_collection.json:699` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 22
<location> `backend/src/main/resources/fare share.postman_collection.json:727` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 23
<location> `backend/src/main/resources/fare share.postman_collection.json:783` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 24
<location> `backend/src/main/resources/fare share.postman_collection.json:810` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 25
<location> `backend/src/main/resources/fare share.postman_collection.json:907` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 26
<location> `backend/src/main/resources/fare share.postman_collection.json:962` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 27
<location> `backend/src/main/resources/fare share.postman_collection.json:1149` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>
### Issue 28
<location> `backend/src/main/resources/fare share.postman_collection.json:1321` </location>
<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected
*Source: opengrep*
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
| { | ||
| "key": "token", | ||
| "value": "{{jwt-token-user}}", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8", |
There was a problem hiding this comment.
security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
Source: gitleaks
| "bearer": [ | ||
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0", |
There was a problem hiding this comment.
security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
Source: gitleaks
| "bearer": [ | ||
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQ5NjM5OTY1LCJleHAiOjE3NDk2NzU5NjV9.P3t30hQTB8k4NHI_eDhDtfcv-em3MiegUCyXBUbNpYs", |
There was a problem hiding this comment.
security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
Source: gitleaks
| "bearer": [ | ||
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw", |
There was a problem hiding this comment.
security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
Source: gitleaks
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIiwiaWF0IjoxNzM4MzIxNzY0LCJleHAiOjE3MzgzNTc3NjR9.GSDwpHhfiM3U-hhTXAduSLO4-xcCOxehbeBIfRVpQyA", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4Nzk5ODQxLCJleHAiOjE3NDg4MzU4NDF9.mI24XxTqb9wFo5vgsVQ-k-XSz_N90K53X1jWPiX1qro", |
There was a problem hiding this comment.
security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
Source: gitleaks
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyODQwNjkzLCJleHAiOjE3NDI4NzY2OTN9.1hmvABeAUOfbGb24kmysdYGvDdnlZGYykrTo6VrRsLA", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw", |
There was a problem hiding this comment.
security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected
Source: opengrep
| { | ||
| "key": "token", | ||
| "value": "{{jwt-token-user2}}", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw", |
There was a problem hiding this comment.
security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected
Source: opengrep
| { | ||
| "key": "token", | ||
| "value": "{{jwt-token-user2}}", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A", |
There was a problem hiding this comment.
security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected
Source: opengrep
| { | ||
| "key": "token", | ||
| "value": "{{jwt-token-user}}", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw", |
There was a problem hiding this comment.
security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected
Source: opengrep
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyNzU4NTc4LCJleHAiOjE3NDI3OTQ1Nzh9.PhCg8TqNQ8zg55a4p8ECBOsjKpOfTgkXvaDCLeHbH7M", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2IiwiaWF0IjoxNzQzMTUxMjIyLCJleHAiOjE3NDMxODcyMjJ9.Rr7QxrPaNuFHK7Hh8nSUugTX8hVoBuB4ufSgp0B5MvI", |
There was a problem hiding this comment.
security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected
Source: opengrep
Code Coverage
|
There was a problem hiding this comment.
Summary of Changes
Hello @oskargawr, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request addresses the cascading behavior on group entities by ensuring that related expenses and balances are properly removed when a group is deleted. Additionally, the Postman collection has been updated to reflect changes in authentication and API endpoints, and to include a new chat messages endpoint.
Highlights
- Cascading Configuration: Configured cascading for
ExpenseandGroupBalanceentities within theGroupentity. This ensures that when a group is deleted, all associated expenses and balances are also removed. - Postman Collection Updates: Updated the Postman collection to include authentication tokens, modify request parameters, and add a new request for retrieving chat messages.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
The pull request addresses cascading behavior on Group entities by applying CascadeType.ALL and orphanRemoval to expenses and balances. Additionally, the Postman collection resource has been updated with new tokens and minor adjustments to API endpoints and parameters. The changes look good overall, with some minor suggestions for improving the Postman collection.
| { | ||
| "key": "token", | ||
| "value": "{{jwt-token-user}}", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8", |
There was a problem hiding this comment.
It's good to see a specific JWT token being used. However, ensure that this token is regularly refreshed or updated to prevent it from becoming stale or invalid during testing.
value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8",
| "raw": "/api/v1/users/admin", | ||
| "path": [ | ||
| "api", | ||
| "v1", | ||
| "users" | ||
| "users", | ||
| "admin" |
There was a problem hiding this comment.
Changing the endpoint to /api/v1/users/admin is a good security practice, as it restricts access to admin-related information. Ensure that proper authorization checks are in place on the backend to verify the user's admin role before serving this data.
raw": "/api/v1/users/admin",
"path": [
"api",
"v1",
"users",
"admin"
| "bearer": [ | ||
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0", |
There was a problem hiding this comment.
Using a specific JWT token is good for testing purposes. However, it's crucial to ensure that this token is valid and corresponds to a user with the necessary permissions to remove group members.
value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0",
| "bearer": [ | ||
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQ5NjM5OTY1LCJleHAiOjE3NDk2NzU5NjV9.P3t30hQTB8k4NHI_eDhDtfcv-em3MiegUCyXBUbNpYs", |
There was a problem hiding this comment.
| "raw": "/api/v1/groups/1/members/2/role?role=OWNER", | ||
| "path": [ | ||
| "api", | ||
| "v1", | ||
| "groups", | ||
| "1", | ||
| "members", | ||
| "3", | ||
| "2", | ||
| "role" |
There was a problem hiding this comment.
| "raw": "/api/v1/group-invitations/accept/1", | ||
| "path": [ | ||
| "api", | ||
| "v1", | ||
| "group-invitations", | ||
| "accept", | ||
| "2" | ||
| "1" | ||
| ] |
| { | ||
| "key": "token", | ||
| "value": "{{jwt-token-user2}}", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A", |
There was a problem hiding this comment.
Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to get received group invitations.
value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A",
| { | ||
| "key": "token", | ||
| "value": "{{jwt-token-user}}", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw", |
There was a problem hiding this comment.
| { | ||
| "key": "token", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyNzU4NTc4LCJleHAiOjE3NDI3OTQ1Nzh9.PhCg8TqNQ8zg55a4p8ECBOsjKpOfTgkXvaDCLeHbH7M", | ||
| "value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2IiwiaWF0IjoxNzQzMTUxMjIyLCJleHAiOjE3NDMxODcyMjJ9.Rr7QxrPaNuFHK7Hh8nSUugTX8hVoBuB4ufSgp0B5MvI", |
There was a problem hiding this comment.
| "raw": "/api/v1/groups/2/expenses", | ||
| "path": [ | ||
| "api", | ||
| "v1", | ||
| "groups", | ||
| "1", | ||
| "2", | ||
| "expenses" | ||
| ] |
Summary by Sourcery
Fix cascading behavior on Group entity by applying CascadeType.ALL and orphanRemoval to expenses and balances and update Postman collection resource.
Bug Fixes:
Chores: