This API provides endpoints for user authentication and event management in an event platform. The application supports features like login, event creation, event viewing, and event booking.
The application uses roles, where each role has a specific set of allowed operations. In this example, by default, two roles are created:
- ROLE_USER: This role is granted the
BOOK_EVENToperation, allowing users to book events. - ROLE_ADMIN: This role is granted the
ADD_EVENT,UPDATE_EVENT, andDELETE_EVENToperations, allowing admins to create, update, and delete events.
Each role's permissions are enforced through the use of Spring Security, ensuring that only users with the appropriate roles can perform certain actions.
Description: Authenticates a user using basic authentication (username and password encoded in Base64).
Request:
- Authorization header with the format
Basic <base64-encoded-username:password>
Response:
- 200 OK: Returns a
LoginResultDTOwith authentication details. - 400 BAD REQUEST: If the
Authorizationheader is missing or malformed. - 401 UNAUTHORIZED: If authentication fails.
Description: Retrieves a list of all events.
Request:
- Method:
GET - URL:
/api/events - Headers:
- Authorization: Requires a valid JWT token in the
Authorizationheader.
- Authorization: Requires a valid JWT token in the
Response:
- 200 OK: Returns a list of
EventDTOobjects representing all the events. - 204 NO CONTENT: If no events are available.
Example Request:
GET /api/events
Authorization: Bearer <jwt-token>Description: Creates a new event. Only users with the ADD_EVENT permission can access this endpoint.
Request:
- Method:
POST - URL:
/api/events - Headers:
- Authorization: Requires a valid JWT token in the
Authorizationheader.
- Authorization: Requires a valid JWT token in the
Request Body:
- The body of the request should contain an
Eventobject with the following fields:title(string): The title of the event.description(string): A description of the event.location(string): The location where the event will take place.dateTime(string): The date and time of the event in ISO 8601 format (e.g.,2024-12-20T18:00:00).
Response:
- 201 CREATED: If the event is successfully created, the response will contain the created
EventDTOobject. - 403 FORBIDDEN: If the user does not have the
ADD_EVENTpermission.
Example Request:
POST /api/events
Authorization: Bearer <jwt-token>
{
"title": "New Event",
"description": "Description of the new event",
"location": "New Location",
"dateTime": "2024-12-20T18:00:00"
}Description: Retrieves the details of a specific event by its ID.
Request:
- Method:
GET - URL:
/api/events/{id}- Path Parameter:
id(the ID of the event).
- Path Parameter:
- Headers:
- Authorization: Requires a valid JWT token in the
Authorizationheader.
- Authorization: Requires a valid JWT token in the
Response:
- 200 OK: Returns the
EventDTOobject of the requested event. - 404 NOT FOUND: If the event with the specified ID does not exist.
Example Request:
GET /api/events/1
Authorization: Bearer <jwt-token>Description: Deletes a specific event by its ID. Only users with the DELETE_EVENT permission can access this endpoint.
Request:
- Method:
DELETE - URL:
/api/events/{id}- Path Parameter:
id(the ID of the event to be deleted).
- Path Parameter:
- Headers:
- Authorization: Requires a valid JWT token in the
Authorizationheader.
- Authorization: Requires a valid JWT token in the
Response:
- 204 NO CONTENT: If the event is successfully deleted.
- 404 NOT FOUND: If the event with the specified ID does not exist.
- 403 FORBIDDEN: If the user does not have the
DELETE_EVENTpermission.
Example Request:
DELETE /api/events/1
Authorization: Bearer <jwt-token>Description: Updates an existing event by its ID. Only users with the UPDATE_EVENT permission can access this endpoint.
Request:
- Method:
PUT - URL:
/api/events/{id}- Path Parameter:
id(the ID of the event to be updated).
- Path Parameter:
- Headers:
- Authorization: Requires a valid JWT token in the
Authorizationheader.
- Authorization: Requires a valid JWT token in the
- Body: The body of the request should contain an
Eventobject with the updated details:title(string): The updated title of the event.description(string): The updated description of the event.location(string): The updated location of the event.dateTime(string): The updated date and time of the event in ISO 8601 format (e.g.,2024-12-20T18:00:00).
Response:
- 200 OK: Returns the updated
EventDTOobject. - 404 NOT FOUND: If the event with the specified ID does not exist.
- 403 FORBIDDEN: If the user does not have the
UPDATE_EVENTpermission.
Example Request:
PUT /api/events/1
Authorization: Bearer <jwt-token>
{
"title": "Updated Event Title",
"description": "Updated description of the event",
"location": "Updated Location",
"dateTime": "2024-12-22T15:00:00"
}Description: Books an event for the authenticated user. Only users with the BOOK_EVENT permission can access this endpoint.
Request:
- Method:
POST - URL:
/api/events/book/{eventId}- Path Parameter:
eventId(the ID of the event to be booked).
- Path Parameter:
- Headers:
- Authorization: Requires a valid JWT token in the
Authorizationheader.
- Authorization: Requires a valid JWT token in the
Response:
- 200 OK: If the event is successfully booked, returns a confirmation message.
- 404 NOT FOUND: If the event with the specified ID does not exist.
- 403 FORBIDDEN: If the user does not have the
BOOK_EVENTpermission.
Example Request:
POST /api/events/book/1
Authorization: Bearer <jwt-token>