add security (user) checks to read and update statements
For example in activityService.remove() with the activityId anyone can delete the activity (even though UI should not allow this and only shows your activities). I would like to add a check if the Activity (or other object u want to delete is yours and u have a right to do that)