Reviews Workflow
Route → Controller → Template → Model interactions
| Route | Controller | View (EJS) | Model & Queries | ||||
|---|---|---|---|---|---|---|---|
| R | GET /event/:id/review | → | displayReviews | → | review.ejs render | → | Event.find Attendance.checkAttended Review.getAll |
| C | POST /event/:id/review | → | createReview (gated) | → | redirect to review | → | Review.add (validates event ended + user attended) |
| U | POST /:reviewId/update | → | updateReview | → | redirect to review | → | Review.update (owner-scoped by userID) |
| D | POST /:reviewId/delete | → | deleteReview | → | redirect to review | → | Review.delete (owner-scoped) |
Key enforcement: Users must be marked attended AND event must have ended to submit/edit reviews.
Ownership: updateReview and deleteReview scope queries to logged-in userID to prevent cross-user edits.
Ownership: updateReview and deleteReview scope queries to logged-in userID to prevent cross-user edits.
Attendance Workflow
Route → Controller → Template → Model interactions
| Route | Controller | View (EJS) | Model & Queries | ||||
|---|---|---|---|---|---|---|---|
| R | GET /event/attendance?id | → | showAttendancePage | → | eventAttendance.ejs render | → | Event.find RSVP.getByEvent Attendance.getByEvent |
| C | POST /event/attendance | → | updateAttendance (organizer-only) | → | redirect to attendance | → | Attendance.upsert (create or update) |
| U | POST /event/attendance | → | updateAttendance (organizer-only) | → | redirect to attendance | → | Attendance.upsert (update toggle state) |
Access control: Only event creator/organizer can view and modify attendance records.
Data integrity: Attendance list is built from RSVP records; creator marks attendances as present/absent.
Metric calculation: attendanceRate = (attended count / total RSVP count) × 100.
Data integrity: Attendance list is built from RSVP records; creator marks attendances as present/absent.
Metric calculation: attendanceRate = (attended count / total RSVP count) × 100.