a7

A7: High-level architecture. Privileges. Web resources specification

Our product is a social network that allows users to create new relationships, making it easier to share moments with friends, and connecting people in a fun way.

The architecture of the web application to develop is here documented, indicating the catalogue of resources and the properties of each resource, including: references to the graphical interfaces, and the format of JSON responses.

1. Overview

Name	Description
M01: Authentication	Web resources associated with user authentication, includes the following system features: login/logout, registration, credential recovery.
M02: Individual Profile	Web resources associated with the user's personal information, which includes the following system features: view profile, edit profile, profiles, read profile timeline
M03: Friends	Web resources associated with friend management, which includes the following system features: add friend/remove friend, create friend group/add friend to group, check friend requests, create group of friends, add friends to group of friends
M04: Content	Web resources associated with posts and comments, which includes the following system features: create/edit/delete post, create/edit/delete comment, search content, appraise posts/comments, create comment rules, report content
M05: Messages	Web resources associated with messages, which includes the following system features: send/receive message, read message history
M06: Notifications	Web resources associated with notifications which includes the following system features: view notifications, open notifications
M07: Administration	Web resources associated with admin moderation, which includes the following system features: ban users, check reported content, Remove content, create annoucements
M08: Static Pages	Web resources associated with static pages

2. Permissions

Code	Name	Description
PUB	Public	All users
USR	User	Authenticated users (Already logged in)
ADM	Admin	Signed in Administrators
OWN	Owner	Users that are owners of the information
FRD	Friend	Users that are friends with the referred user
PVW	Post Viewer	Users that are allowed to view the specified post (or post of the specified comment) (friend, owner, admin, or just public post)

3. Modules

3.1 Module M01: Authentication

Endpoints of Module Authentication

• R101: Login Form [/login]
• R102: Login Action [/login]
• R103: Logout Action [/logout]
• R104: Register Form [/register]
• R105: Register Action [/register]
• R106: Password Recovery Form [/password/reset]
• R107: Password Recovery Action [/password/email]
• R108: Password Update Form [/password/reset/{token}]
• R109: Password Update Action [/password/reset]

R101: Login Form

URL	/login
Description	Page with a form to login to a user account.
Method	GET
Parameters	?email: string	Username
	?remember_me: boolean	Remember me
	?message: string	Error message
UI	UI11
Submit	R102
Permissions	PUB

R102: Login Action

URL	/login
Description	This web resource logs the user into the system. Redirects to the user profile page on success and the login form on failure
Method	POST
Request Body	+email: string	Username
	+password: string	Password
	+remember_me: boolean	Remember me
Redirects	R412	Success
	R101	Error
Permissions	PUB

R103: Logout Action

URL	/logout
Description	This web resource logs out the authenticated user
Method	POST
Redirects	R101	Success
Permissions	USR

R104: Register Form

URL	/register
Description	Page with a form to register a new user account.
Method	GET
Parameters	?name: string	Name
	?email: string	Email
	?message: string	Error message
UI	UI10
Submit	R105
Permissions	PUB

R105: Register Action

URL	/register
Description	Web resource that registers a new user.
Method	POST
Request Body	+name: string	Name
	+email: string	Email
	+password: string	Password
	+password_confirmation: string	Confirmed Password
Redirects	R411	Success
	R104	Error
Permissions	PUB

R106: Password recovery Form

URL	/password/reset
Description	Page with a form to request a token to reset the password.
Method	GET
Parameters	?message: string	Error message
UI	N/A
Submit	R107
Permissions	PUB

R107: Password recovery Action

URL	/password/email
Description	Web resource that sends a reset password link to the specified email.
Method	POST
Request Body	+email: string	Email
Redirects	R106	Success
	R106	Error
Permissions	PUB

R108: Password Update Form

URL	/password/reset/{token}
Description	Page with a form to pick a new password.
Method	GET
Parameters	+token: string	Password recovery token
	?email: string	Account email
	?message: string	Error message
Submit	R109
Permissions	PUB

R109: Password Update Action

URL	/password/reset
Description	Web resource that updates an account password.
Method	POST
Request Body	+token: string	Password recovery token
	+email: string	Email
	+password: string	New Password
	+password_confirmation: string	Confirmed New Password
Redirects	R412	Success
	R108	Error
Permissions	PUB

3.2 Module M02: Individual Profile

Endpoints of Individual Profile

• R201: View Profile [/users/{id}]
• R202: Edit Profile API [/api/user/info]
• R203: Edit email API [/api/user/email]
• R204: Edit password API [/api/user/password]
• R205: Delete User Account Action [/user]

R201: View Profile

URL	/users/{id}
Description	Shows the user individual profile page
Method	GET
Parameters	+id: integer	user primary key
AJAX Calls	R202, R203, R204, R302, R303, R305, R404, R406, R408, R409, R410
UI	UI08
Returns	404 Not Found	Error. No user with the specified primary key exists.
Permissions	PUB, OWN, FRD

R202: Edit Profile API

URL	/api/user/info
Description	Web resource that changes public user profile info based on the input received.
Method	PUT
Request Body	+name: string	Name
	?birthday: date	Birth date
	?location: string	Location
	?picture: file	Picture
	?banner: file	Banner
Response Body	JSON202
Returns	200 OK	The profile was edited successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be logged in.
Permissions	USR

R203: Edit Email API

URL	/api/user/email
Description	Web resource that changes user email based on the input received.
Method	PUT
Request Body	+curr_password_mail: string	Current password
	+new_email: string	New email
Returns	200 OK	The email was edited successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	401 Unauthorized	Error. Unauthorized request: Invalid password.
	403 Forbidden	Error. Forbidden request: You need to be logged in.
Permissions	USR

R204: Edit Password API

URL	/api/user/password
Description	Web resource that changes user password based on the input received.
Method	PUT
Request Body	+curr_password_pass: string	Old password
	+new_password: string	New password
	+new_password_confirmation: string	New password confirmation
Returns	200 OK	The password was edited successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	401 Unauthorized	Error. Unauthorized request: Invalid password.
	403 Forbidden	Error. Forbidden request: You need to be logged in.
Permissions	USR

R205: Delete User Account Action

URL	/user
Description	Web resource that deletes user account
Method	DELETE
Redirects	R101	Success
	R201	Error.
	R803	Error. Forbidden request: You need to be logged in.
Permissions	USR

3.3 Module M03: Friends

Endpoints of Friends

• R301: View Friend List [/users/{id}/friends]
• R302: View Friend Request List [/friends/requests]
• R303: Send Friend Request API [/api/friends/requests]
• R304: Respond Friend Request API [/api/friends/requests/{id}]
• R305: Unfriend User API [/api/friends/{id}]
• R306: Create Group of Friends API [/api/friends/groups]
• R307: Add friend to Group of friends API [/api/friends/groups/{id}/{f_id} ]
• R308: Remove friend from group of friends API [/api/friends/groups/{id}/{f_id}]
• R309: Delete Group of friends API [/api/friends/groups/{id}]
• R310: Rename Group of friends API [/api/friends/groups/{id}]

R301: View User Friend List

URL	/users/{id}/friends
Description	Shows the user friend list
Method	GET
Parameters	+id: integer	user primary key
AJAX Calls	R305, R306, R307, R308, R309, R310
UI	UI04
Returns	200 OK	The web page was successfully retrieved.
	404 Not Found	Error. No user with the specified primary key exists.
Permissions	PUB, OWN

R302: View Friend Request List

URL	/friends/requests
Description	Shows the user friend request list
Method	GET
AJAX Calls	R304
UI	UI05
Permissions	USR

R303: Send Friend Request API

URL	/api/friends/requests/
Description	Web resource that sends a friend request to another user
Method	POST
Request Body	+id: integer	Other user's id
Returns	200 OK	The friend request was created successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged in.
Permissions	USR

R304: Respond Friend Request API

URL	/api/friends/requests/{id}
Description	Web resource that responds to a friend request from another user
Method	POST
Parameters	+id: integer	Other user's id
Request Body	+accept: bool	Was the request accepted
Returns	200 OK	The friend request response was created successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged in.
	404 Not Found	Error. You have not received a friend request from that user.
Permissions	USR

R305: Unfriend User API

URL	/api/friends/{id}
Description	Web resource that deletes a friend from user
Method	DELETE
Parameters	+id: integer	Friend id
Returns	200 OK	The user was unfriended successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged in.
	404 Not Found	Error. No friend with the specified primary key exists.
Permissions	FRD

R306: Create Group of Friends API

URL	/api/friends/groups
Description	Web resource that creates a group of friends
Method	POST
Request Body	+name: string	Name of the group
Returns	200 OK	The group of friends was created successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged in.
Permissions	USR

R307: Add friend to Group of friends API

URL	/api/friends/groups/{id}/{f_id}
Description	Web resource that adds friend to group of friends
Method	PUT
Parameters	+id : integer	Group of friends id
	+friend_id : integer	Friend id
Returns	200 OK	The friend was added sucessfully to the group
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Friends with the user.
	403 Forbidden	Error. Forbidden request: You need to be the owner of the group.
	404 Not Found	Error. No group of friends with the specified primary key exists.
	404 Not Found	Error. No user with the specified primary key exists.
Permissions	OWN and FRD

R308: Remove friend from group of friends API

URL	/api/friends/groups/{id}/{f_id}
Description	Web resource that removes a group of friends
Method	DELETE
Parameters	+id : integer	Group of friends id
	+f_id : integer	Friend id
Returns	200 OK	The friend was removed sucessfully from the group
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the owner of the group.
	404 Not Found	Error. Such user does not belong to the specified group.
Permissions	OWN

R309: Delete Group of friends API

URL	/api/friends/groups/{id}
Description	This web resource removes a group of friends from the system.
Method	DELETE
Parameters	+id : integer	Group of friends id
Returns	200 OK	The group of friends was deleted successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the group of friends owner.
	404 Not Found	Error. No group of friends with the specified primary key exists.
Permissions	OWN

R310: Rename Group of friends API

URL	/api/friends/groups/{id}
Description	This web resource removes a group of friends from the system.
Method	PUT
Parameters	+id : integer	Group of friends id
Request Body	+name : string	New name
Returns	200 OK	The group of friends was deleted successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the group of friends owner.
	404 Not Found	Error. No group of friends with the specified primary key exists.
Permissions	OWN

3.4 Module M04: Content

Endpoints of Content

• R401: View Post [/post/{id}]
• R402: Add Post API [/api/post]
• R403: Add Comment API [/api/post/{id}/comment]
• R404: Edit Post API [/api/post/{id}]
• R405: Edit Comment API [/api/post/{id}/comment]
• R406: Delete Post API [/api/post/{id}]
• R407: Delete Comment API [/api/post/{id}/comment/{comment_id}]
• R408: Add Appraisal API [/api/content/{id}/appraisal]
• R409: Delete Appraisal API [/api/content/{id}/appraisal]
• R410: Report Content API [/api/content/{id}/report]
• R411: View Hot Page [/hot]
• R412: View Feed [/feed]
• R413: View Search [/search]
• R414: Search API [/api/search]

R401: View Post

URL	/post/{id}
Description	Shows the post page
Method	GET
Parameters	+id: integer	post primary key
AJAX Calls	R403, R404, R405, R406, R407, R408, R409, R410
UI	UI07
Returns	403 Forbidden	Error. Forbidden request: You don't have permission to view the post.
	404 Not Found	Error. No user with the specified primary key exists.
Permissions	PVW

R402: Add Post API

URL	/api/post
Description	Web resource that creates a new post based on the input received.
Method	POST
Request Body	+content: string	Post content
	+private: bool	Make post private
	?image: file	Image
	?rule: string	Rule JSON
Response Body	JSON402
Returns	200 OK	The post was created successfully.
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged-in.
Permissions	USR

R403: Add Comment API

URL	/api/post/{id}/comment
Description	Web resource that creates a new comment on a post based on the input received.
Method	POST
Parameters	+id: integer	post id
Request Body	+content: string	Comment content
Response Body	JSON403
Returns	200 OK	The comment was created successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged-in.
	403 Forbidden	Error. Forbidden request: You don't have permission to view the post.
	404 Not Found	Error. No post with the specified primary key exists.
Permissions	USR and PVW

R404: Edit Post API

URL	/api/post/{id}
Description	Web resource that edits a post based on the input received.
Method	PUT
Parameters	+id: integer	post id
Response Body	JSON402
Request Body	+content: string	New content
Returns	200 OK	The post was edited successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the post owner.
	404 Not Found	Error. No post with the specified primary key exists.
Permissions	OWN

R405: Edit Comment API

URL	/api/post/{post_id}/comment/{comment_id}
Description	Web resource that changes content based on the input received.
Method	PUT
Parameters	+post_id: integer	post id
	+comment_id: integer	comment id
Response Body	JSON403
Request Body	+content: string	New Content
Returns	200 OK	The comment was edited successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the comment owner.
	403 Forbidden	Error. Forbidden request: You don't have permission to view the post.
	404 Not Found	Error. No comment with the specified primary key belongs to the specified post.
Permissions	OWN and PVW

R406: Delete Post API

URL	/api/post/{id}
Description	This web resource removes the post from the system.
Method	DELETE
Parameters	+id: integer	post id
Response Body	JSON402
Returns	200 OK	The post was deleted successfully.
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the post owner or admin.
	404 Not Found	Error. No post with the specified primary key exists.
Permissions	OWN or ADM

R407: Delete Comment Action API

URL	/api/post/{post_id}/comment/{comment_id}
Description	This web resource removes the content from the system.
Method	DELETE
Parameters	+post_id: integer	post id
	+comment_id: integer	comment id
Response Body	JSON403
Returns	200 OK	The comment was deleted successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the post owner.
	404 Not Found	Error. No comment with the specified primary key belongs to the specified post.
Permissions	OWN or ADM

R408: Add Appraisal API

URL	/api/content/{id}/appraisal
Description	Web resource that creates a new appraisal in a content.
Method	POST
Parameters	+id: integer	content id
Request Body	+positive: boolean	Positive
Returns	200 OK	The content was appraised successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged-in.
	403 Forbidden	Error. Forbidden request: You don't have permission to view the post.
	404 Not Found	Error. No content with the specified primary key exists.
Permissions	USR and PVW

R409: Delete Appraisal API

URL	/api/content/{id}/appraisal
Description	Web resource that deletes an appraisal in a content.
Method	DELETE
Parameters	+id: integer	content id
Returns	200 OK	The appraisal was deleted successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged-in.
Permissions	USR

R410: Report Content API

URL	/api/content/{id}/report
Description	Web resource that reports a content.
Method	POST
Parameters	+id: integer	content id
Response Body	JSON410
Returns	200 OK	The content was reported successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be Logged-in.
	403 Forbidden	Error. Forbidden request: You don't have permission to view the post.
	404 Not Found	Error. No content with the specified primary key exists.
Permissions	USR and PVW

R411: View Hot Page

URL	/hot
Description	Shows the hot page (recent popular posts)
Method	GET
AJAX Calls	R402, R404, R406, R408, R409, R410
UI	UI01
Permissions	PUB

R412: View Feed

URL	/hot
Description	Shows the feed page (recent friend posts)
Method	GET
AJAX Calls	R402, R404, R406, R408, R409, R410
UI	UI01
Permissions	USR

R413: View Search

URL	/search
Description	Shows the search page
Method	GET
Parameters	?keywords: string	Query
	?users: boolean	Whether to search for users or not
	?posts: boolean	Whether to search for posts or not
AJAX Calls	R404, R406, R408, R409, R410, R413
UI	UI09
Permissions	PUB

R414: Search API

URL	/api/search
Description	Web resource that retrieves search results, based on the given query.
Method	GET
Parameters	+keywords: string	Query
	+users: boolean	Whether to search for users or not
	+posts: boolean	Whether to search for posts or not
	+userOffset: integer	User offset (number of posts to skip, for pagination)
	+postOffset: integer	Post offset (number of users to skip, for pagination)
	+limit: integer	Limit of posts to retrieve
Response Body	JSON414
Returns	200 OK	The search results were retrieved successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
Permissions	PUB

3.5 Module M05: Messages

Endpoints of Messages

• R501: Messages Page [/messages]
• R502: General Message History API [/api/messages/]
• R503: User Message History API [/api/messages/{id}]
• R504: Send Message API [/api/messages/{id}]
• R505: Delete Message API [/api/messages/{id}]
• R506: See Conversation API [/api/messages/{id}/seen]

R501: Messages Page

URL	/messages
Description	Shows the user's messages
Method	GET
AJAX Calls	R502, R503, R504, R505
UI	UI06
Permissions	USR

R502: General Message History API

URL	/api/messages/
Description	Web resource that returns a user's general message history, returning every latest message with any user.
Method	GET
Response Body	JSON501
Returns	200 OK	The message history was retrieved successfully
	403 Forbidden	Error. Forbidden request: You need to be logged-in.
Permissions	USR

R503: User Message History API

URL	/api/messages/{id}
Description	Web resource that returns a user's message history with another user
Method	GET
Parameters	+id: integer	Friend's ID
Response Body	JSON502
Returns	200 OK	The chat messages were retrieved successfully
	403 Forbidden	Error. Forbidden request: You need to be logged in.
	404 Not Found	Error. No user with the specified primary key exists.
Permissions	USR

R504: Send Message API

URL	/api/messages/{id}
Description	Web resource that sends a message to another user
Method	POST
Parameters	+id: integer	Friend's ID
Request Body	+message: string	Content of message
Response Body	JSON504
Returns	200 OK	The message was sent successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be friends with the user.
	404 Not Found	Error. No user with the specified primary key exists.
Permissions	FRD

R505: Delete Message API

URL	/api/messages/{id}
Description	Web resource that deletes a message sent to another user.
Method	DELETE
Parameters	+id: integer	Message's ID
Response Body	JSON504
Returns	200 OK	The message was deleted successfully.
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the message sender.
	404 Not Found	Error. No message with the specified primary key exists.
Permissions	OWN

R506: See Conversation API

URL	/api/messages/{id}/seen
Description	Web resource that marks all unseen messages of a conversation as seen.
Method	POST
Parameters	+id: integer	Conversation's other user's ID
Returns	200 OK	The conversation was marked as seen successfully.
	400 Bad Request	Error. Error message is specified via a HTTP header.
Permissions	USR

3.6 Module M06: Notifications

Endpoints of Notifications

• R601: Set Notification as Seen API [/api/notifications/{id}]

R601: Set Notification as Seen API

URL	/api/notifications/{id}
Description	Web resource that marks a notification as seen
Method	DELETE
Parameters	+id: integer	notification id
Returns	200 OK	The notification was successfully cleared.
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need to be the notification owner.
	404 Not Found	Error. No notification with the specified primary key exists.
Permissions	OWN

3.7 Module M07: Administration

Endpoints of Administration

• R701: View Admin Home Page [/admin]
• R702: View Announcement Page [/admin/announcements]
• R703: Add Announcement API [/api/admin/announcements]
• R704: Delete Announcement API [/api/admin/announcements/{id}]
• R705: View Reported Posts Page [/admin/reports]
• R706: Clear post reports API [/api/admin/reports/{id}]
• R707: View Users Page [/admin/users]
• R708: Ban User API [/api/users/{id}/ban]
• R709: Unban User API [/api/users/{id}/unban]

R701: View Admin Home Page

URL	/admin
Description	Shows the admin dashboard
Method	GET
UI	N/A
Redirects	R702
Permissions	ADM

R702: View Announcement Page

URL	/admin/announcement
Description	Shows the announcement page
Method	GET
Parameters	?offset: integer	Page number (for pagination)
AJAX Calls	R703, R704
UI	UI03
Permissions	ADM

R703: Add Announcement API

URL	/api/admin/announcement
Description	Web resource that creates a new announcement based on the input received.
Method	POST
Request Body	+content: string	Content
	+duration_num: integer	Announcement Duration (in specified unit)
	+duration_unit: [Hours | Days | Weeks | Months]	Duration unit
Response Body	JSON703
Returns	200 OK	The announcement was created successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need Admin permission.
Permissions	ADM

R704: Delete Announcement API

URL	/api/admin/announcement/{id}
Description	This web resource removes the announcement from the system.
Method	DELETE
Parameters	+id: integer	announcement id
Response Body	JSON703
Returns	200 OK	The announcement was deleted successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need Admin permission.
	404 Not Found	Error. No announcement with the specified primary key exists.
Permissions	ADM

R705: View Reported Posts Page

URL	/admin/reports
Description	Shows the reported posts/comments administration page
Method	GET
Parameters	?offset: integer	Page number (for pagination)
AJAX Calls	R406, R407, R706, R708
UI	UI03
Permissions	ADM

R706: Clear post reports API

URL	/api/admin/reports/{id}
Description	Web resource that clears a content's reports.
Method	DELETE
Parameters	+id: integer	content id
Returns	200 OK	The content was cleared successfully.
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need Admin permission.
	404 Not Found	Error. No post with the specified primary key exists.
Permissions	ADM

R707: View Users Page

URL	/admin/users
Description	Shows the users administration page
Method	GET
Parameters	?query: string	Query
	?banned: boolean	Request only banned users
	?offset: integer	Page number (for pagination)
AJAX Calls	R708, R709
UI	UI03
Permissions	ADM

R708: Ban User API

URL	/api/users/{id}/ban
Description	Web resource that bans a user
Method	PUT
Parameters	+id: integer	user id
Request Body	?reason: string	Reason for ban
Returns	200 OK	The user was banned successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need Admin permission.
	404 Not Found	Error. No user with the specified primary key exists.
Permissions	ADM

R709: Unban User API

URL	/api/users/{id}/unban
Description	Web resource that unbans a user
Method	PUT
Parameters	+id: integer	user id
Returns	200 OK	The user was unbanned successfully
	400 Bad Request	Error. Error message is specified via a HTTP header.
	403 Forbidden	Error. Forbidden request: You need Admin permission.
	404 Not Found	Error. No user with the specified primary key is banned.
Permissions	ADM

3.8 Module M08: Static Pages

Endpoints of Administration

• R801: Landing Page [/]
• R802: About Page [/about]
• R803: 403 Page [/403]
• R804: 404 Page [/404]

R801: Landing Page

URL	/
Description	Landing page
Method	GET
UI	N/A
Redirects	R411	In case the user is logged in, redirect to news feed
	R101	If the user is not authenticated, redirect to login form
Permissions	PUB

R802: About Page

URL	/about
Description	Get About page
Method	GET
UI	UI02
Permissions	PUB

R803: 403 Page

URL	/403
Description	Get 403 (forbidden) page
Method	GET
UI	N/A
Permissions	PUB

R804: 404 Page

URL	/404
Description	Get 404 (not found) page
Method	GET
UI	N/A
Permissions	PUB

4. JSON/XML Types

JSON or XML responses that will be used by the web resources.

JSON

{
    "content_id":72,
    "author_id":1,
    "content":"poiujjopjk",
    "content_date":"2020-05-14 02:27:05",
    "likes":0,
    "dislikes":0,
    "post_id":72,
    "private":false,
    "comments":0,
    "content_date_short":"02:27",
    "is_liked":false,
    "is_disliked":false,
    "post": {
        "post_id":72,
        "private":false,
        "comments":0
    },
    "author": {
        "user_id": 1,
        "location": "Helkijn",
        "name":"Rinah Aguilar",
        "birthday":"1971-04-21",
        "avatar":"http://localhost:8000/storage/default_avatar.png",
        "banner":"http://localhost:8000/storage/default_banner.png",
        "birthday_short":"Apr 21",
        "url":"http://localhost:8000/users/1-RinahAguilar"
    }
}

JSON202: Edit Profile: {user}

{
    "user_id":2,
    "location":"California",
    "name":"Dale Diaz",
    "birthday":"1990-11-16",
    "avatar":"storage/default_avatar.png",
    "banner":"storage/default_banner.png",
    "birthday_short":"Nov 16"
}

JSON402: Add/Edit/Delete Post: {post}

This JSON is returned after adding/editing/deleting a post

{
    "post_id": "3",
    "private": "0",
    "comments": "0",
    "content": {
        "content_id": "2",
        "author_id": "2",
        "content": "After 53h of watching valorant streams, I finally got a key. The closed beta ended 1 hour ago.",
        "content_date": "2020-03-23  18:00:29",
        "content_date_short": "Mar 23",
        "likes": "0",
        "dislikes": "0"
    }
}

JSON403: Add/Edit/Delete Comment: {comment}

This JSON is returned after adding/editing/deleting a comment

{
    "comment_id": "6",
    "post_id": "3",
    "content": {
        "content_id": "6",
        "author_id": "2",
        "content": "It's ok, i like being sad :)",
        "content_date": "2020-03-24 20:07:22",
        "content_date_short": "Mar 24",
        "likes": "0",
        "dislikes": "0"
    }
}

JSON410: Add Report: {report}

This JSON is returned when adding a content report

{
    "content_id": "3",
    "reporter_id": "1",
    "date_of_report": "2020-03-24 19:10:25"
}

JSON414: Search posts/users {post/user}[]

This JSON is returned when searching for posts and users with certain keywords

[
    {
        "user_id": "1",
        "name": "Pedro Moás",
        "location": "Porto - PT",
        "birthday": "2000-06-29"
    },
    {
        "user_id": "2",
        "name": "John Guy",
        "location": "Texas - USA",
        "birthday": "1978-06-07"
    },
    {
        "post_id": "3",
        "author_id": "2",
        "content": "After 53h of watching valorant streams, I finally got a key. The closed beta ended 1 hour ago.",
        "content_date": "2020-03-23  18:00:29",
        "likes": "0",
        "dislikes": "998",
        "private": "false",
        "comments": "1"
    }
]

JSON501: Messages Page: {latest_message}[]

This JSON is returned when looking at the message page that shows the conversations with all users

[
    {
        "user_id": "1",
        "name": "Pedro Moás",
        "latest_message": {
            "date_sent": "2020-04-11 18:00:29",
            "was_sent": "true",
            "seen": "true",
            "content": "Just got a Valorant key lmao"
        }
    },
    {
        "user_id": "2",
        "name": "Daniel Brandão",
        "latest_message": {
            "date_sent": "2020-04-12 18:00:29",
            "was_sent": "false",
            "seen": "false",
            "content": "Ok gamer, see you tomorrow"
        }
    }
]

JSON502: General Message History: {message}[]

This JSON is returned when looking at the message history of a conversation

[
    {
        "date_sent": "2020-04-12 16:00:29",
        "was_sent": "false",
        "seen": "true",
        "content": "Nice game! :3"
    },
    {
        "date_sent": "2020-04-12 17:00:29",
        "was_sent": "true",
        "seen": "true",
        "content": "Yeah, going to sleep now"
    },
    {
        "date_sent": "2020-04-12 18:00:29",
        "was_sent": "false",
        "seen": "false",
        "content": "Ok gamer, see you tomorrow"
    }
]

JSON504: Send/Delete Message: {message}

This JSON is returned after sending or deleting a message from a conversation

{
    "sender_id": "2",
    "receiver_id": "3",
    "date_sent": "12/04/2020",
    "content": "Ok gamer, see you tomorrow",
    "seen": "false"
}

JSON703: Add/Delete announcement: {announcement}

This JSON is returned after adding or deleting an announcement

{
    "name": "Admin Man",
    "announcement_id": "12",
    "author_id": "6",
    "date_of_creation": "2019-12-31",
    "duration_secs": "6000",
    "content": "New Year's announcement! I have a feeling 2020's going to be great!",
    "time_left": "2 hours"
}

Revision history

• 16/04/2020 - First Submission: Created Artifact 7
• 17/04/2020 - Revision 1: Mostly formatting issues fixed. Added request body to register and login forms.
• 23/04/2020 - Revision 2: Added clear reports resource. Added admin home page resource.
• 26/04/2020 - Revision 3: Added extra password recovery resources.
• 10/05/2020 - Revision 4: Removed parameters from profile management resources, updated permissions.
• 10/05/2020 - Revision 5: Added hot page (public page with most popular recent posts).
• 11/05/2020 - Revision 6: Added 403 page.
• 03/06/2020 - Revision 7: Added "seen" API and removed notifications page.

---

GROUP2046, 16/04/2020

• Alexandre Carqueja, [email protected]
• Daniel Brandão, [email protected] (Editor)
• Henrique Santos, [email protected]
• Pedro Moás, [email protected]