Link to Hosted Website: http://moviejazz.azurewebsites.net/
(Enable Mixed Context near the URL bar, you need to enable "unsafe scripts" in order to see font awesome icons. This is especially important since the cart icon in the navigation bar is a font awesome icon.)
We created an admin account automatically as the server starts, some requests are restricted only to admins. This will be mentioned in the later as well.
admin username: admin
admin password: admin
For every newly registered user, the default membership is normal.
-
/main/theaters: refers to all theaters
- GET: list all theaters information to the template, including name, address, city, state, postal code, and a button to see all tickets each sells. Anyone can do this even without any authentification. Code sent: 200.
Example:
- POST: Create a new theater, save it into the database using the theater model JSON in the request body, respond with a 201 code and a copy of the new theater model encoded as a json object. Only the administrator and the seller can do it. It may return Database error or KeyError messages.
- Sample input:
{
"name": "regal",
"street_number": 123,
"street_name": "University way",
"city": "Seattle",
"state": "WA",
"post_code": "98105"
} - Sample output:
{
"id": 2,
"name": "regal",
"street_number": 123,
"street_name": "University way",
"city": "Seattle",
"state": "WA",
"post_code": "98105"
}
- GET: list all theaters information to the template, including name, address, city, state, postal code, and a button to see all tickets each sells. Anyone can do this even without any authentification. Code sent: 200.
-
/main/theaters/{theater_id}: refers to a specific theater
-
GET: Respond with information of the specific theater as a json object with a status of 200. It will return Database error if bugs happen. Anyone can do this even without any authentification.
- Sample input:
{
"name": "Regal Theaters",
"street_number": "1234",
"street_name": "Brooklyn Avenue",
"city": "Seattle",
"state": "WA",
"post_code": "98105"
}
- Sample input:
-
PATCH: modify information of the specific theater using the JSON object in the request body, save new changed into the database, respond with a 201 and a copy of the newly updated theater encoded as a json objet. Only the administrator and the seller can do it. It will return Database Error or KeyError messages when bugs happen.
- Sample input:
{
"name": "amc",
"street_number": 133,
"street_name": "University of Washington way",
"city": "Seattl",
}
- Sample input:
-
Sample output:
{
"id": 1
"name": "amc",
"street_number": 133,
"street_name": "University of Washington way",
"city": "Seattl",
} -
DELETE: delete the specified channel in the database according to the parameter in the url and respond with a HttpResponse with 'deleted' if succeed. It may also return Database error message if there are errors in the code. Only the administrator and seller are authorized to do this.
-
Sample output:
"Deleted"
-
-
/main/theaters/{theater_id}/movies: refers to all movie played in the theater
-
theaters/{int:theater_id}/movies/{movie_id}/tickets: refers to all tickets of a movie in a specified theater
- GET: List the ticket information, including show time, movie type, price, seats left. code sent: 200. Anyone can do this without any authentification
Example:
- POST: post new tickets to the database according to the two parameters in the url and returns a json object if succeed. Only the administrator can do this. Code sent: 201
- Sample input:
{
"time": "2019-04-18T18:53:12Z",
"price": 9.16,
"movie_type": "RE",
"amount": 60,
} - Sample output:
{ "id": 7,
"movie_id": 2,
"time": "2019-04-18T18:53:12Z",
"theater_id": 3,
"price": "9.16",
"amount": 60,
"movie_type": "RE"
} - DElETE: delete tickets of a specific movie in a specified theater and return with a plain http response"Ticket Deleted" if succeed. code sent: 201. Only the administrator can do this
- GET: List the ticket information, including show time, movie type, price, seats left. code sent: 200. Anyone can do this without any authentification
-
/main/transactions: refers to all tickets transactions of the currentuser in the Database
- GET: Renders a list of all tickets transactions that the current user made before. Code sent, the user has to login to complete this operation.
Example:
- POST: Create a new transaction model, save it into the database using the transaction model JSON in the request body, respond with a 201 code and a copy of the new transaction encoded as a json objet. Only the administrator can do this action. It will return Database error message or KeyError message if something goes wrong.
- Sample input:
{
"user": 1,
"ticket": 1,
"quantity": 3,
"offer": 1,
} - Sample output:
{
"id": 2,
"user": 1,
"ticket": 1,
"quantity": 3,
"offer": 1,
"total_price": 12.88,
"date": "2019-04-18T18:53:12Z"
} - DELETE: delete the specified ticket transaction in the database according to the JSON object in the request body. Respond witha Http Response with 'delete' if succeed. It will return Database error message if there are errors in the code. Only the administrator can handle this action.
- Sample input:
{
"id": 1
} - Sample output:
"transaction Deleted"
- GET: Renders a list of all tickets transactions that the current user made before. Code sent, the user has to login to complete this operation.
Example:
-
/movies: refers to all movies in the Database
- GET: List all movies and their related information, including name, short description, and runtime. Anyone can do this even without any authentification. Code snet: 200
Example:
- POST: Create a new movie, save it into the database using the movie model JSON in the request body, respond with a 201 code and a copy of the new movie encoded as a json object. Only the administrator can do it. It may return Database error message if something goes wrong.
- Sample input:
[
{
"name": "Avengers:endgame",
"description": "This is Avengers",
"runtime": 120,
"url" : "https://cdn.images.express.co.uk/img/dynamic/36/590x/AVENGERS-ENDGAME-1135772.webp?r=1559583547239" (This is the Image URL)
},
... (This Post Method Takes in a List of JSON Objects)
] - Sample output:
[
{
"id": 3 "name": "Avengers:endgame",
"description": "This is Avengers",
"runtime": 120,
}
...
]
- GET: List all movies and their related information, including name, short description, and runtime. Anyone can do this even without any authentification. Code snet: 200
-
/movies/{movie_id}: refers to a specific movie
-
GET: Display information for a specified movie, including its name, runtime, and a review button if the user wants to rate it. Anyone can do this even without any authentification. code sent: 200
Example:
-
PATCH: modify information of the specific movie using the JSON object in the request body, save new changed into the database, respond with a 201 and a copy of the newly updated movie encoded as a json objet. Only the administrator can do it. It will return Database Error or KeyError messages when bugs happen.
-
Sample input:
: {
"name": "Lion King",
"description": "This is lions",
} -
Sample output:
: {
"id": 2, "name": "Lion King",
"description": "This is lions",
} -
DELETE: delete the specified movie in the database according to the parameter in the url. Respond with a Http Response with 'This movie was deleted' if succeed. It will return Database error message if there are errors in the code. Only the administrator can handle this action.
-
Sample output:
: "Movie deleted"
-
-
movies/raw: refer all movies data in a json Response (This is our publicly facing endpoint)
-
movies/search: a user can search a movie in the database
- GET: renders a search bar where user can type the movie he wants. code sent: 200. Anyone can do this without authentification.
Example:
- POST: based on the query the user submits, finds all movies names that contains all leters of the user input and renders all movies. code sent: 200. Anyone can do this without any authentification.
Example:
- GET: renders a search bar where user can type the movie he wants. code sent: 200. Anyone can do this without authentification.
Example:
-
movies/{movie_id}/review: allows the user to rate the movie specified in the url.
- GET: renders a review form, where the user can rate the movie from terrible to excellent, and write his comments.
Example:
- POST: Create a new review model and save it in the database based on what the user fill in the review-form. It will return a plain HttpResponse"Thanks for rating" if succeeds. code sent: 201. The user has to login to do this operation.
- GET: renders a review form, where the user can rate the movie from terrible to excellent, and write his comments.
Example:
-
/users: refers to all users in the Database
-
/offers: refers to all offers in the database
-
GET: Respond with a list of all of the offers in the database with a status of 200. It will return Database error message if bugs happen. Anyone can do this even without any authentification. Example:
-
POST: Create a new offer, save it into the database using the offer model JSON in the request body, respond with a 201 code and a copy of the new offer encoded as a json object. Only the administrator can do it. It may return Database error message if something goes wrong.
-
Sample input:
{
"offer_name": "30% off",
"offer_perc": 0.70,
"description": "this is an offer"
} -
Sample output:
{
"id": 2,
"offer_name": "30% off",
"offer_perc": 0.70,
"description": "this is an offer"
}
-
-
/offers/{offer_id}: refers to a specific offer
- GET: Respond with information of the specific offer as a json object with a status of 200. It will return Database error if bugs happen. Anyone can do this even without any authentification.
- PATCH: modify information of the specific offer using the JSON object in the request body, save new changed into the database, respond with a 201 and a copy of the newly updated offer encoded as a json objet. Only the administrator can do it. It will return Database Error or KeyError messages when bugs happen.
- Sample input:
: {
"offer_name": "30% off",
"description": "this is an offer"
} - Sample output:
: {
"id": 3,
"offer_name": "30% off",
"description": "this is an offer"
} - DELETE: delete the specified offer in the database according to parameter in the url. Respond with a Http Response with 'This offer was deleted' if succeed. It will return Database error message if there are errors in the code. Only the administrator can handle this action.
- Sample output:
: "Offer deleted"
-
contact/: refers to a contact form
- GET: renders a form, where the user can fill their first name, last name, email, the question and choose which type of question they want to ask. Anyone can do this even without any authentification. code sent: 200.
Example:
- POST: Post the question the users asked into the data. If succeeds, the system will respond with a HttpResponse 'Thank you for posting questions.' code sent: 201.
Example:
- GET: renders a form, where the user can fill their first name, last name, email, the question and choose which type of question they want to ask. Anyone can do this even without any authentification. code sent: 200.
-
contact/questions/: list out all asked questions
-
contact/answer/{question_id}/: a form that can provide the answer to a specified question
- GET: renders a form, where the administrator can answer the question specified in the url. code sent: 200. Only the administrator can do this. code sent: 200
- Post: The new answer will be stored in the database. If succeeds, the system will reply with HttpResponse: 'Thank you for answering'. code sent: 201. Only the administrator can do this.
- GET: renders a form, where the administrator can answer the question specified in the url. code sent: 200. Only the administrator can do this. code sent: 200
-
auth/signin/l: signin form
- GET: renders a signin form, where the user needs to fill his username and password. code sent; 200. Anyone can do this without any authentification.
Example:
- POST: If the filled username exists in the database and the password matches. the server will allow the user to login and redirect to the homepage.
- GET: renders a signin form, where the user needs to fill his username and password. code sent; 200. Anyone can do this without any authentification.
-
auth/register: register form
-
GET: renders a registration form, where the user needs to fill his username, password, password comfirmation, fist name, last name, and email to sign up a new account. code sent: 200. Anyone can do this without any authentification.
Example:
-
POST: Post the new user data to the database if the user fills all data appropriately and redirect to the signin form. code sent: 201. Anyone can do this without any authentification.
-
user/: list all profile data of the current loggin user
-
user/memberships: list all membership options
-
'user/memberships/purchase/int:theType': allows user to buy a specified membership based on the url
-
user/transactions: refers to all membership transaction of the current user
-
cart/
-
cart/<int: cart_id>
-
cart/offers/<int: off_id>
-
cart/checkout: refers to the tickets checkout page
- GET: renders a checkout form when the user plans to pay for all items in his cart. The users neess to fill name_on_card, billing_address, card_number and csv code to finish this purchase. code sent: 200. The user has to be authenticated to do this operation.
Example:
- POST: creates a new ticket transaction mode and save it into the database if the user fills all information appropriately. code sent: 200. The user has to be authenticated to do this. It will then redirect to the /transactions nedpoint.
- GET: renders a checkout form when the user plans to pay for all items in his cart. The users neess to fill name_on_card, billing_address, card_number and csv code to finish this purchase. code sent: 200. The user has to be authenticated to do this operation.
Example: