A2: REST API Backend
· Due Sunday by 11:59p.m.
· Points 280
Objective
In this assignment, you will build a REST API backend for a loyalty program using Express.js and Prisma. This loyalty program will enable users to accumulate points for purchases and redeem them for free items, similar to Tim Hortons Rewards and PC Optimum. The objective is to develop the backend infrastructure for the loyalty program, which will serve as the foundation for your term project. In the term project, you and your teammates will build and deploy the frontend for this web application.
Overview
You will create a REST API that supports the following functionalities:
1. User Roles
。Regular Users: Can accumulate and redeem points, view their points balance and transaction history, and manage their account.
。 Cashiers: Can add transactions for users. The system can flag a cashier as suspicious when it detects anomalous activities.
。Managers: Responsible for verifying new user accounts and managing transactions, events, and promotions, in addition to performing cashier duties.
。 Superusers: Have full database access and all privileges, including those of managers and cashiers.
2. User Registration and Authentication
。Cashier can create an account for a User.
。 Users can log in and log out.
。 Users can update their account details and password.
。 Users must activate their account upon registration.
。 Users can reset their password if they forget it.
。 Users cannot redeem points until their student information is verified by a Manager.
。 Users can transfer their points to another user.
。 User cannot delete their accounts, to ensure accountability in case of misuse.
3. User Management
。 Managers can promote a user to a cashier role or revoke their cashier status.
。 Managers can clear a cashier who is flagged as suspicious.
。Superusers can promote a user to a manager role or demote them back to a regular user.
4. Transaction Logging and Management
。Once created, transactions cannot be deleted.
。The following types of transactions are supported:
Purchase: created by cashiers on behalf of a customer during checkout. The dollar amount spent is entered, and the customer will receive, by default, 1 point for every 25 cents spent.
Transactions created by a suspicious cashier will require verification by a manager before points are awarded.
Adjustment: created by managers to manually correct any errors (or misuse) relating to a previously made transaction.
Redemption: created by the customer themselves. Once created, a cashier will process the redemption at a rate of 1 cent per point redeemed. For example, if the customer redeems 100 points, then $1 will be taken off the subtotal of their purchase.
Transfer: created by a user to transfer points to another user.
Event: created by an event organizer to award points to guests for their participation.
。 Managers can view all transactions, for auditing purposes.
。 Users can view their past transactions, including date, transaction total, points earned or redeemed, and any promotions applied.
5. Point-Earning Events
。 Managers can create events and assign organizers to them.
。 Events include details such as start and end times, description, location, capacity, and the ability to RSVP users.
。 Managers allocate a set number of points for each event, which organizers can distribute to attendees.
。Only users who RSVP and have their attendance confirmed can receive points from the event.
。Organizers cannot also be guests at the same time, to prevent organizers from awarding points to themselves.
。Organizers can update all event details except for adding/removing organizers and deleting the event.
6. Promotions
。 Managers can create promotional periods that offer increased points per amount spent, with an optional minimum spending requirement.
。 Managers can create promotional offers, such as "buy one, get extra points." These offers are single-use for each user and must be manually applied by a cashier during checkout when the specified conditions are met.
。 Managers can monitor and adjust promotions as needed.