Implementation Plan - bounswe/bounswe2026group9 GitHub Wiki

MVP Milestone (Due: April 7)

Goal: Deliver a working end-to-end flow with core event discovery and management features, deployed API, basic tests, and all required milestone documentation (D1-D7).

1. Project Management & Elicitation (Non-Implementation)

  • Conduct initial Stakeholder/Customer Meetings to elicit requirements.
  • Finalize Software Requirements Specification (SRS) - [Deliverable D1]
  • Create UML Diagrams (Use Case, Sequence, Class) - [Deliverable D2]
  • Design Scenarios and UI Mockups - [Deliverable D3]
  • Establish Communication Plan & Responsibility Assignment Matrix (RAM) - [Deliverable D4]

2. Authentication & User Management

  • User registration (username, email, password, date of birth) with terms acceptance.
  • Login / logout with token-based auth (JWT).
    • Access token: short-lived (15–30 minutes), used for API authorization.
    • Refresh token: long-lived (7–10 days), stored securely (httpOnly cookie).
    • Token refresh endpoint and rotation mechanism.
  • Role distinction enforced: Guest vs. Registered User.

3. Event Creation & Lifecycle (Core)

  • Create event with mandatory fields (title, description, category, start/end time, single location, visibility).
  • Image handling: Max 10 images, max 20MB/file, JPEG/PNG/WebP, auto-resize to 2048px via Supabase Storage.
  • Save as draft, edit, and publish with backend validation.
  • Cancel event (mark CANCELLED) and Delete event (only host, before start).
  • Auto-mark as ENDED via scheduled job or DB trigger.

4. Venue Metadata & Category Management

  • Optional metadata: price, language, health requirements.
  • Accessibility features: wheelchair access, accessible restroom, elevator, seating, sign language, quiet-friendly.
  • Predefined category catalog (seeded in DB) + custom category requests (pendingApproval=true).

5. Event Discovery (Basic)

  • Map view (pins) and List view (cards) with toggle.
  • Text search: Free-text search over event title and description.
  • Basic filtering (category, date window) and sorting (start time).
  • Default map area (hardcoded fallback).

6. Access Control & Detail Pages

  • Full detail view for public events. Limited preview for guests/private events.
  • Private event flow: Backend-enforced. Only host and invited users can view details. UI displays "Request Access" for unauthorized users.
  • 18+ age restriction enforcement against user's dateOfBirth.

7. Social Interaction & Attendance

  • Bookmark / Interested: Does not count toward capacity. Triggers notifications.
  • Going: Firm commitment, counts toward capacity limit. Enforces "Full / Sold Out" state.
  • Post comments on event pages and Rate host (score submission).
  • Host profile page implementation.

8. Notifications

  • In-app notifications to bookmarked/going users on event update/cancellation.
  • Notification list view with mark-as-read.

9. DevOps, Deployment & Pre-release (Non-Implementation)

  • Fully Dockerized deployment (Backend connected to DB, Frontend consuming API).
  • Configure CI pipeline (lint + test on push) for backend. Manuel testing, edge-case control for web and mobile Automated Android APK build via GitHub Actions.
  • Publish Pre-release version (0.1.0-alpha) - [Deliverable D5]

10. Testing & Finalization (Non-Implementation)

  • Write unit tests for core API logic and integration tests for critical flows.
  • Draft Preliminary README (setup instructions, API summary, architecture overview).
  • Compile Milestone Review Report and Individual Contributions - [Deliverable D6 & D7]

Final Milestone (~May 14)

Goal: Complete the feature set with advanced discovery, multi-location support, admin tools, full non-functional compliance, comprehensive testing, and final project documentation.

11. Advanced Discovery & Itinerary

  • GPS-based location (with permission prompt) and user-configurable default map area.
  • More advanced detialed Quick filters (e.g. start-end time)
  • Multi-Location: Host adds ordered locations (reorderable). Map displays numbered pins with a route line.
  • Time-based itinerary segments and required equipment listing.

12. Admin, Moderation & Reporting

  • Admin dashboard to review reported events/profiles.
  • Approve/reject custom categories.
  • User management: Suspend (temporary) or Ban users (prevents write operations).
  • Global rate limiting on event creation (default: 5 events / 7 days).

13. Fixes & Changes according to Customer Observation Notes

  • We will take very comprehensive notes during the MVP milestone demo from customer reactions, suggestions, words.
  • We will use these notes to take the project further.

14. Non-Functional & Compliance

  • Ensure HTTPS across all communications.
  • Performance optimization (Search response < 2s with 10k events).
  • W3C validity, WCAG 2.1 AA compliance, and OWASP top-10 security checks.
  • Error and key-action logging implementation.

15. Comprehensive Testing & NFR Checks (Non-Implementation)

  • Create unit and integration tests for mobile and web. Integrate it with CI pipeline.
  • Execute End-to-End Test Scenarios:
    • Happy path (register to notification).
    • Report to Moderation flow.
    • Capacity enforcement blocking.
    • Strict private event URL bypass prevention.
  • Performance/load testing against NFR thresholds.

16. Final Documentation & Handover (Non-Implementation)

  • Finalize Requirements Document based on feedback.
  • Final Architecture Document (Component diagram, updated DB schema).
  • Complete API Documentation (Swagger/OpenAPI).
  • Write User Guide and Deployment Guide.
  • Prepare final Team Presentation demonstrating the complete software lifecycle.