这个PostgreSQL的Web应用程序算是Database System这门课里面比较坑的一个作业了。Start code提供的Web框架是基于Python编写的，Database要求用PostgreSQL。由于Python没有比较好用的PostgreSQL的lib，很多底层的DB操作都得自己实现。相比PHP+MySQL的传统架构复杂了不少。
This assignment is about the programming of database interaction code within an application, building on the car-sharing database scenario introduced in Assignments 1 and 2. The objectives are to gain practical experience interacting with a relational database using an Application Programming Interface (API) and transaction programming, and to understand the importance and application of basic security measures. There are also opportunities to use more advanced database
pplication programming techniques, such as stored procedures, triggers, indexes and access control privileges. We also included an optional extension regarding a suitable interface design.
This is a group assignment for teams of about 3 members, and it is assumed that you will continue in your Assignment 2 group. You should inform your tutor as soon as possible if you wish to change groups.
Please also keep an eye on the discussion forum and further announcements in Piazza.
In this assignment your task is to implement the functions required to support the database interactions of an online car-sharing system, hosted on the School’s PostgreSQL server. You will be provided with a reference schema for PostgreSQL, as well as some example data. We will also provide a complete user interface written in Python, for which you need to write the appropriate database interaction functions using the Python DB-API introduced in Week 8. In writing these functions you should consider the following issues, which will be taken into account during marking:
Your code should make best use of the database to correctly retrieve and update data. In particular, you should avoid writing client-side code for operations, such as joins, that could be better done within the database.
You should assume that multiple clients will be running concurrently on the same database, so your functions should make suitable use of transactions. You should consider where to commit or roll back these transactions, and what to do if a transaction fails. D/HD students should also select appropriate isolation levels for their transactions.
Multi-tier architectures increase the scope for nefarious users to gain unintended access to query or modify your database. You should take steps to limit this by preventing SQL Injection attacks, and limiting the privileges available to the client to specific operations on tables, views and stored procedures.
Network traffic can be reduced (and cross-client portability increased) by wrapping complex database operations into stored procedures that are run within the database rather than in the client. You should make use of these where appropriate.
At the login screen, members can log in with their email address (or optionally their nickname) and password. Your interface should verify those values against the data stored in your database. When a valid user/password combination is entered, members shall be directed to the member home screen.
On the home screen, the user should be greeted with their full name, and see the following details:
- The member’s membership plan and since when he is a member.
- If selected, the name of his home bay.
- Number of bookings made by user (from the statistical information stored for each member).
A user should be able to use this page to make a booking of a car for a specific period. In making
the booking the application must:
- Check availability (basic availability plus no clashes with other bookings).
- Create a new booking entry.
- Keep the member’s ‘number of booking’ statistics up-to-date.
- Estimate the cost of the booking according to the member’s plan.
If successful, details are shown in the Booking Details screen.
For a given booking, specified by its booking ID number, this screen should display:
- Car details (name, registration)
- The car bay where the car is located
- Booked period
- Time and date of when the booking was made
This screen should list all the member’s bookings. Each item in the list should include:
- the car’s name and registration
- the reserved date
- the duration of the booking
The bookings should be in reverse chronological order (most recent first) according to the reserved date. A user can choose to see further details of a booking in the Booking Details screen.
This screen allows the user to search for car bays. By default , this screen should show the home bay as selected by the member (if a home bay was selected by the member). Search attributes include:
- car bay name
- part of the address such as city or suburb name
All matching bays should be shown with the following attributes:
- carbay name
- number of cars parked there
- optionally: link to a map using the carbay’s URL
- optionally: whether any car there is available at the current time
The screen should show details of a carbay and all its cars, with the following attributes:
- all details about a carbay including name, address, description, gps location, walkscore
- car names and regos
- optional: whether each car it is available at the current time (i.e. it is not currently booked)
Note that there could be more than one car at any given car bay.
This page should give all the details of a particular car, including:
- car name
- car model and year
- car category, capacity and transmission type
Also, the details should include a list of which hours the car is available for the current day, taking
account of any existing bookings.
Proficiency in core skills and application of more advanced skills can be demonstrated through implementation of extensions to the core functionality. Students wishing to attain a D/HD mark for this assignment should implement at least one extension that demonstrates research and application of skills or techniques beyond those covered in the core brief, such as indexes, triggers, views, or recursive/analytical SQL. You should consult your tutor for guidance on what would be an appropriate extension for your group, and what the criteria will be for marking them. Below are a few suggestions for possible extensions. Depending upon the scope you may wish to do one large extension or a couple of smaller ones.
Suggest and create indexes which make your most frequent queries and transactions faster. A common task handled by the database is checking whether a car is available for a given period. To reduce the burden of this operation, an reservation table can be written to record which hours are reserved for any booked cars. Availability checks can then perform a query on this table. Support this by:
- Adding this reservation table
- Write a query to populate this table for the existing bookings
- Write triggers for the Booking table to make corresponding updates to the reservation table.
Each month a new invoice is generated by the company for each member to calculate the costs owed and due to the member. This needs to include the plan fees and booking costs for any booked cars. Write a stored procedure to populate the invoice data for a specific member for a given month, and support this with functionality for a member to view a list of all their invoices and the specific details for a particular invoice.
Analyse the user interface of the given skeleton code with regard to
- its usability on a mobile device such as a smartphone,
- finding an available cars close to the current position,
- an efficient way to extend a currently active booking.
Which parts of the user interface would you want to change to support these usability criterions? Design an alternative interface that supports those functions better, and explain how the database access part is affected by your changes (such as which kinds of queries would either needed to be changed or added). You submission for this extension should include:
- a textual discussion of your usability analysis with regard to above’s criteria,
- a wireframe of your planned revised site layout,
- a mockup of your new interface design, and
- a discussion of which parts of the database-related code would be affected by your design.
Please submit your solution in the ‘Assignment’ section of the unit e-learning site by the deadline, including the following items:
Client Source Code: For most groups this will be a modified version of the database.py, but if more substantial changes have been made you should provide a zip file containing each of the files you have changed, along with a short Changelog.txt file clearly summarising your group’s contributions to each file;
Database Schema DDL: If you have done any extensions that modify the database you should include all such additions (ALTER TABLE statements, views, server-side stored procedures, functions, triggers, indexes or grant statements for PostgreSQL which your created as plain text file with .sql file suffix). You should ensure that this file runs on a clean version of the original schema on the PostgreSQL 9.5 database without errors.