Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
José Miguel Isidro edited this page Jan 8, 2023 · 1 revision

EAP: Architecture Specification and Prototype

EvUP aims to allow Student Organizations and other academic entities to have a single space to advertise and manage upcoming events whilst giving the opportunity to offer some interaction with the users. This tool would boost the popularity of these events among students and also facilitate their promotion for the organizers.

A7: Web Resources Specification

The main goal of this artifact is to describe the web application architecture to be implemented, using resources organized in modules based on their properties. It also describes operations like create, read, update and delete for each resource.

1. Overview

Module Name Module Description
M01: Authentication Web resources associated with user authentication, including the following system features: login, logout and sign-up.
M02: Profile and User Information Web resources associated with profile management and user data, including the following system features: view and edit profile, account deletion, list of events that users are organizing and attending and request to be an organizer.
M03: Events Web resources associated with events, including the following system features: view and search events, filter tags, event page, report, create, edit and cancel an event, join request and invite users to an event.
M04: User Administration Web resources associated with administration of users, including the following system features: get reports, get organizer requests, list all user types, block/unblock users, delete event, accept/deny reports and organizer requests and make a user an organizer.

2. Permissions

Abbreviation Name Description
PUB Public Unauthenticated User
USR User Authenticated User
OWN Owner User who's owner of a comment or an account.
ADM Administrator System Administrator
ATT Attendee Authenticated User who is attending events
ORG Organizer Authenticated User organizing events

3. OpenAPI Specification

OpenAPI specification in YAML format to describe the vertical prototype's web resources.

Link to the a7_openapi.yaml file in the group's repository: https://git.fe.up.pt/lbaw/lbaw2223/lbaw2252/-/blob/main/a7_openapi.yaml

openapi: 3.0.0

info:
  version: "1.0"
  title: "LBAW EVUP API"
  description: "Web Resources Specification (A7) for EVUP"

servers:
  - url: lbaw2252.lbaw.fe.up.pt
    description: Production server

externalDocs:
  description: Find more info here.
  url: https://git.fe.up.pt/lbaw/lbaw2223/lbaw2252/-/wikis/home

tags:
  - name: "M01: Authentication"
  - name: "M02: Profile and User Information"
  - name: "M04: Events"
  - name: "M05: User Administration"

paths:
  # M01: Authentication
  /login:
    get:
      operationId: R101
      summary: "R101: Login Form"
      description: "Provide form for authentication. Access: PUB"
      tags:
        - "M01: Authentication"

      responses:
        "200":
          description: "Ok. Show Login form"

    post:
      operationId: R102
      summary: "R102: Login action"
      description: "Processes the login form submission. Access: PUB"
      tags:
        - "M01: Authentication"

      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              properties:
                email:
                  type: string
                  format: email
                password:
                  type: string
                  format: password
              required:
                - email
                - password

      responses:
        "302":
          description: "Redirect after processing the login credentials."
          headers:
            Location:
              schema:
                type: string
              examples:
                302Success:
                  description: "Successful login. Redirect to homepage."
                  value: "/"
                302Failure:
                  description: "Failed login. Redirect to login form."
                  value: "/login"

  /logout:
    get:
      operationId: R103
      summary: "R103: Logout action"
      description: "Logout the current authenticated user. Access: USR"
      tags:
        - "M01: Authentication"

      responses:
        "302":
          description: "Redirect after processing logout."
          headers:
            Location:
              schema:
                type: string
              examples:
                302Success:
                  description: "Successful logout. Redirect to homepage."
                  value: "/"

  /signup:
    get:
      operationId: R104
      summary: "R104: Sign-up Form"
      description: "Provide form for new users. Access: PUB"
      tags:
        - "M01: Authentication"

      responses:
        "200":
          description: "Ok. Show sign-up form"

    post:
      operationId: R105
      summary: "R105: Sign-up action"
      description: "Processes the new user sign-up form submission. Access: PUB"
      tags:
        - "M01: Authentication"

      requestBody:
        required: true
        content:
          # since we want to upload binary files (avatar)
          multipart/form-data:
           schema:
             type: object
             properties:
               name:
                 type: string
               email:
                 type: string
               userPhoto:
                 type: string
                 format: binary
             required:
                - name
                - email
                - password

      responses:
        "302":
          description: "Redirect after processing the new user sign-up form."
          headers:
            Location:
              schema:
                type: string
              examples:
                302Success:
                  description: "Successful registration. Redirect to user profile."
                  value: "/users/{id}"
                302Failure:
                  description: "Failed registration. Redirect to sign-up form."
                  value: "/signup"

  # M02: Profile and User Information
  /user/{id}:
    get:
      operationId: R201
      summary: "R201: View your own profile"
      description: "Show the individual user profile. Access: OWN"
      tags:
        - "M02: Profile and User Information"

      parameters:
        - in: path
          name: id
          schema:
            type: integer
          required: true

      responses:
        "200":
          description: "Ok. Show user profile (UI20)"
        "404":
          description: "User not found"

  /user/{id}/public:
      get:
        operationId: R202
        summary: "R202: View public user profile"
        description: "Show the individual public user profile. Access: PUB"
        tags:
          - "M02: Profile and User Information"

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Show user profile (UI20)"
          "404":
            description: "User not found"

  /user/{id}/edit:
      get:
        operationId: R203
        summary: "R203: User profile edition form"
        description: "Provide form for user profile edition. Access: OWN"
        tags:
          - "M02: Profile and User Information"

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Show user profile edition form"
          "401":
            description: "Unauthorized. Must be authenticated"
          "403":
            description: "Forbidden. Must be owner of the profile"
          "404":
            description: "User not found"
      post:
        operationId: R204
        summary: "R204 : Edit profile action"
        description: "Processes the profile edition form. Access: OWN"
        tags:
          - "M02: Profile and User Information"

        requestBody:
          required: true
          content:
            application/x-www-form-urlencoded:
              schema:
                type: object
                properties:
                    username:
                      type: string
                    email:
                      type: string
                    name:
                      type: string
                required:
                  - username
                  - email
                  - name

        responses:
          "302":
            description: "Redirect after processing the profile edit form."
            headers:
              Location:
                schema:
                  type: string
                examples:
                  302Success:
                    description: "Successful profile edition. Redirect to profile Page."
                    value: "/user/{id}"
                  302Failure:
                    description: "Failed profile edition. Redirect to profile form."
                    value: "/user/{id}"

  /user/accept/{id}:
      put:
        operationId: R205
        summary: "R205: Accepts an invite"
        description: "Accepts an invite to an event that the user received. Access: OWN"
        tags:
          - "M02: Profile and User Information"

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Show user events organized"
          "401":
            description: "Unauthorized. Must be authenticated"
          "403":
            description: "Forbidden. Must be owner of the profile"
          "404":
            description: "Invite not found"
      
  /user/deny/{id}:
      put:
        operationId: R206
        summary: "R206: Does not accept an invite"
        description: "Does not accept an invite to an event that the user received. Access: OWN"
        tags:
          - "M02: Profile and User Information"

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Show user events organized"
          "401":
            description: "Unauthorized. Must be authenticated"
          "403":
            description: "Forbidden. Must be owner of the profile"
          "404":
            description: "Invite not found"


  # M03 : Events
  /event/{id}:
      get:
        operationId: R301
        summary: "R301: View event page"
        description: "Show the individual event page. Access: USR"
        tags:
          - "M03: Events"

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Show event page"
          "404":
            description: "Event not found"
      post:
        operationId: R302
        summary: "R302: Edit event page action"
        description: "Processes the event edit page form submission. Access: OWN"
        tags:
          - "M03: Events"

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        requestBody:
          required: true
          content:
            multipart/form-data:
              schema:
                type: object
                properties:
                  eventName:
                    type: string
                  address:
                    type: string
                  description:
                    type: string     
                  eventPhoto:
                    type: string
                    format: binary
                  startDate:
                    type: string
                    format: date
                  endDate:
                    type: string
                    format: date

        responses:
          "302":
            description: "Redirect after processing the event updated information."
            headers:
              Location:
                schema:
                  type: string
                examples:
                  302Success:
                    description: "Successful event edition. Redirect to event page."
                    value: "/event/{id}"
                  302Failure:
                    description: "Failed event edition. Redirect to edit event form."
                    value: "/event/{id}/edit"

  /event/{id}/edit:
      get:
        operationId: R303
        summary: "R303 : Event edition form"
        description: "Provide a form for event edition. Access: OWN"
        tags:
          - "M03: Events"

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "OK. Show event edition form"
          "401":
            description: "Unauthorized. Must be authenticated."
          "403":
            description: "Unauthorized. Must be the owner of the event"
          "404":
            description: "Event not found"

  /event/{id}/searchUsers:
      post:
        operationId: R304
        description: "Show Search Page given a search type and value. Access: PUB"
        tags:
          - "M03: Events"
        
        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        requestBody:
          required: true
          content:
            multipart/form-data:
              schema:
                type: object
                properties:
                  eventid:
                    type: integer
                  search:
                    type: string
        responses:
          "200":
            description: "OK."

  /event/{id}/inviteUsers:
      post:
        operationId: R305
        description: "Invite users to an event. Access: PUB"
        tags:
          - "M03: Events"
        
        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        requestBody:
          required: true
          content:
            multipart/form-data:
              schema:
                type: object
                properties:
                  eventid:
                    type: integer
                  search:
                    type: string
        responses:
          "200":
            description: "OK"

  /event/{id}/attendees:
      get:
          operationId: R306
          description: "Get attendees of an event. Access: ATT"
          tags:
            - "M03: Events"

          parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

          responses:
            "200":
              description: "OK."
    
  /event/{id}/adduser:
      get:
          operationId: R307
          description: "Get list of users not attending event. Access: ATT"
          tags:
            - "M03: Events"

          parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

          responses:
            "200":
              description: "OK."

  /event/{eventid}/adduser/{userid}:
      post:
        operationId: R308
        description: "Adds users to an event. Access: ORG"
        tags:
          - "M03: Events"
        
        parameters:
          - in: path
            name: eventid
            schema:
              type: integer
            required: true
            
        requestBody:
          required: true
          content:
            multipart/form-data:
              schema:
                type: object
                properties:
                  eventid:
                    type: integer
                  userid:
                    type: integer
        responses:
          "200":
            description: "OK."
    
  /event/{eventid}/removeuser/{userid}:
      post:
        operationId: R309
        description: "Removes users of an event. Access: ORG"
        tags:
          - "M03: Events"
        
        parameters:
          - in: path
            name: eventid
            schema:
              type: integer
            required: true
            
        requestBody:
          required: true
          content:
            multipart/form-data:
              schema:
                type: object
                properties:
                  eventid:
                    type: integer
                  userid:
                    type: integer
        responses:
          "200":
            description: "OK."
    
  /myEvents:
      get:
          operationId: R310
          description: "Get events user is attending/has attending. Access: USR"
          tags:
            - "M03: Events"

          responses:
            "200":
              description: "OK."
    
  /myEvents/organizing:
      get:
          operationId: R311
          description: "Get events user is organizing. Access: ORG"
          tags:
            - "M03: Events"

          responses:
            "200":
              description: "OK."

  /myEvents/createEvent:
      get:
        operationId: R312
        description: "Get forms to create event. Access: ORG"
        tags:
          - "M03: Events"

        responses:
          "200":
            description: "OK."
      
      post:
          operationId: R313
          description: "Leave event user is attending/has attendend. Access: ORG"
          tags:
            - "M03: Events"

          requestBody:
            required: true
            content:
              multipart/form-data:
                schema:
                  type: object
                  properties:
                    eventname:
                      type: string
                    eventadress:
                      type: string
                    public:
                      type: boolean
                    description:
                      type: string
                    startdate:
                      type: string
                    enddate:
                      type: string

          parameters:
            - in: path
              name: id
              schema:
                type: integer
              required: true

          responses:
            "200":
              description: "OK."
            "401":
              description: "Unauthorized. Must be authenticated"
            "403":
              description: "Forbidden. Must be owner of the event"
            "404":
              description: "Event not found"

  /myEvents/{id}:
      post:
        operationId: R314
        summary: "R305: "
        description: "Leave event user is attending/has attendend. Access: ORG"
        tags:
          - "M03: Events"

        requestBody:
          required: true
          content:
            multipart/form-data:
              schema:
                type: object
                properties:
                  eventid:
                    type: integer

        parameters:
          - in: path
            name: id
            schema:
              type: integer
            required: true

        responses:
          "200":
              description: "OK."
          "401":
            description: "Unauthorized. Must be authenticated"
          "403":
            description: "Forbidden. Must be attendee of the event"
          "404":
            description: "Event not found"
  # M04: User Administration

  /admin:
        get:
          operationId: R401
          summary: "R401: Administration Panel"
          description: "Administration Page. Access: ADM"
          tags:
            - "M04: User Administration"

          responses:
            "200":
              description: "Ok. Access to administration page"
            "400":
              description: "Bad request."
            "401":
              description: "Unauthorized. Not logged in"
            "403":
              description: "Forbidden. No permissions"
            "404":
              description: "Not found"


  /admin/reports/{report_id}/close:
      put:
        operationId: R402
        summary: "R402: Close a report"
        description: "Processes a report and closes it"
        tags:
          - "M04: User Administration"

        parameters:
          - in: path
            name: report_id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Report closed successfully."

  /admin/organizerRequests/{organizerRequests_id}/deny:
      put:
        operationId: R403
        summary: "R403: Denies an organizer requests"
        description: "Processes an organizer requests and denies it"
        tags:
          - "M04: User Administration"

        parameters:
          - in: path
            name: organizerRequests_id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Organizer Request denied successfully."

  /admin/organizerRequests/{organizerRequests_id}/accept:
      put:
        operationId: R404
        summary: "R404: Accepts an organizer requests"
        description: "Processes an organizer requests and accepts it"
        tags:
          - "M04: User Administration"

        parameters:
          - in: path
            name: organizerRequests_id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Organizer Request accepted successfully."

  /admin/users:
      get:
        operationId: R405
        summary: "R405: View users"
        description: "Page with information about all users. Access: ADM"
        tags:
          - "M02: Profile and User Information"
          - "M04: User Administration"

        responses:
          "200":
            description: "Ok. Show users "
          "400":
            description: "Bad request."
          "401":
            description: "Unauthorized. Not logged in"
          "403":
            description: "Forbidden. No permissions"
          "404":
            description: "Not found"

  /admin/users/search:
      get:
        operationId: R406
        summary: "R406 : User search"
        description: "Provides a page component with a list of users. Access: ADM"
        tags:
          - "M02: Profile and User Information"
          - "M04: User Administration"

        parameters:
          - in: query
            name: value
            description: "string used for full-text search"
            schema:
              type: string
            required: true

        responses:
          "200":
            description: "OK. Show a list of users that fit the query."

  /admin/users/add:
        get:
          operationId: R407
          summary: "R407: Admin Add User Form"
          description: "Administration Page to add a new user to the platform. Access: ADM"
          tags:
            - "M04: User Administration"

          responses:
            "200":
              description: "Ok. Access to administration page"
            "400":
              description: "Bad request."
            "401":
              description: "Unauthorized. Not logged in"
            "403":
              description: "Forbidden. No permissions"
            "404":
              description: "Not found"

        post:
          operationId: R408
          summary: "R408: Admin Add User Action"
          description: "Adds a new user to the platform. Access: ADM"
          tags:
            - "M04: User Administration"

          requestBody:
            required: true
            content:
              application/x-www-form-urlencoded:
                schema:
                  type: object
                  properties:
                    name:
                      type: string
                    username:
                      type: string
                    email:
                      type: string
                    password:
                      type: string
                  required:
                      - name
                      - username
                      - email
                      - password

          responses:
            "200":
              description: "Ok. Access to administration page"
            "400":
              description: "Bad request."
            "401":
              description: "Unauthorized. Not logged in"
            "403":
              description: "Forbidden. No permissions"
            "404":
              description: "Not found"

  /admin/users/{user_id}/ban:
      put:
        operationId: R409
        summary: "R409: Bans an user"
        description: "Changes User Status to 'Blocked', effectively banning him from the platform. Access: ADM"
        tags:
          - "M04: User Administration"

        parameters:
          - in: path
            name: user_id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Successfully banned user."
          "400":
            description: "Bad request."
          "401":
            description: "Unauthorized. Not logged in"
          "403":
            description: "Forbidden. No permissions"
          "404":
            description: "Not found"

  /admin/users/{user_id}/unban:
      put:
        operationId: R410
        summary: "R410: Unbans an user"
        description: "Changes User Status to 'Active', effectively unbanning him from the platform. Access: ADM"
        tags:
          - "M04: User Administration"

        parameters:
          - in: path
            name: user_id
            schema:
              type: integer
            required: true

        responses:
          "200":
            description: "Ok. Successfully unbanned user."
          "400":
            description: "Bad request."
          "401":
            description: "Unauthorized. Not logged in"
          "403":
            description: "Forbidden. No permissions"
          "404":
            description: "Not found"


A8: Vertical prototype

The vertical prototype implements the high priority high user stories and aims to validate the architecture presented.

1. Implemented Features

1.1. Implemented User Stories

User Story reference Name Priority Description
US01 Browse Events high As a User, I want to browse events, so that I can see all the current public events available
US02 View Public Event high As a User, I want to access the event page, so that I can see a complete description of it
US03 Search Events high As a User, I want to search the platform keywords, so that I can quickly find events that I am looking for
US08 Sign-in high As a Visitor, I want to authenticate into the system, so that I can access privileged information
US09 Sign-up high As a Visitor, I want to register myself into the system, so that I can authenticate myself into the system
US13 Invite Users to Public Event high As an Authenticated User, I want to invite users to public events, so that they can join me in events I’m attending
US14 Manage Events Attended / to Attend high As an Authenticated User, I want to manage my events attended / to attend, so that I can add and remove events if I need to
US15 View Profile high As an Authenticated User, I want to view my profile, so that I can access my information
US16 Edit Profile high As an Authenticated User, I want to edit my profile, so that I can change my information
US17 Logout high As an Authenticated User, I want to logout, so that I can exit my account
US18 Create Event high As an Event Organizer, I want to create events, so that I can publish it in the platform
US19 Edit Event Details high As an Event Organizer, I want to edit an event’s details, so that I can keep the attendees informed
US20 Add User to Event high As an Event Organizer, I want to add an user to a event, so that they can attend said event
US21 Manage Event Details high As an Event Organizer, I want to manage an event’s details, so that I can make any changes to the event’s title, description, date, etc
US22 Manage Event Participants high As an Event Organizer, I want to manage an event’s participants, so that I can make any changes to the participants’ list
US23 Delete Event high As an Admin, I want to delete events from the platform so they can no longer be accessed or viewed by authenticated users
US24 Browse Events high As an Admin, I want to browse events, so that I can see all the current public events available
US25 View Event Details high As an Admin, I want to see event’s details, so I can check if its content is within the website’s terms
US26 Administer User Accounts high As an Admin, I want to be able to manage all the user accounts, including searching, editing, creating and viewing them
US27 Block Users medium As an Admin, I want to be able to block user accounts, in case they are breaking the terms of service
US28 Unblock Users medium As an Admin, I want to be able to unblock user accounts, in case they were block unjustly

1.2. Implemented Web Resources

Module M01: Authentication

Web Resource Reference URL
R101: Login form GET/login
R102: Login action POST/login
R103: Logout action GET/logout
R104: Sign-up form GET/signup
R105: Sign-up action GET/signup

Module M02: Profile and User Information

Web Resource Reference URL
R201: View user profile GET/user/{id}
R202: View public user profile GET/user/{id}/public
R203: Form to user profile GET/user/{id}/edit
R204: Edit the user profile POST/user/{id}/edit
R205: Accepts an invitation to an event PUT/user/accpet/{id}
R206: Rejects an invitation to an event PUT/user/accept/{id}

Module M03: Events

Web Resource Reference URL
R301: View event page GET/event/{id}
R302: Edit event page action POST/event/{id}
R303: Event edition form GET/event/{id}/edit
R304: Show Search Page given a search type and value POST/event/{id}/searchUsers
R305: Invite users to an event POST/event/{id}/inviteUsers
R306: Get attendees of an event GET/event/{id}/attendees
R307: Get list of users not attending event GET/event/{id}/adduser
R308: Adds users to an event POST/event/{eventid}/adduser/{userid}
R309: Removes users of an event POST/event/{eventid}/removeuser/{userid}
R310: Get events user is attending GET/myEvents
R311: Get events user is organizing GET/myEvents/organizing
R312: Get forms to create event GET/myEvents/createEvent
R313: Leave event user is attending POST/myEvents/createEvent
R314: Leave event user is attending POST/myEvents/{id}

Module M04: User Administration

Web Resource Reference URL
R401: Administration panel GET/admin
R402: Close a report PUT/admin/reports/{report_id}/close
R403: Denies an organizer requests POST/admin/organizerRequests/{organizerRequests_id}/deny
R404: Accepts an organizer requests POST/admin/organizerRequests/{organizerRequests_id}/accept
R406: View users GET/admin/users
R405: User search GET/admin/users/search
R407: Admin Add User Form GET/admin/users/add
R408: Admin Add User Action POST/admin/users/add
R409: Bans an user PUT/admin/users/{user_id}/ban
R410: Unbans an user PUT/admin/users/{user_id}/unban

2. Prototype

The prototype is available at:

  • lbaw2252.lbaw.fe.up.pt

Credentials:

The code is available at:


Revision history

Changes made to the first submission:

  • Added A7 and A8
  • Editor for the first submission: Sara Moreira Reis
  • Last Changed: 24/11/2022

GROUP2223

Clone this wiki locally