ProcessorsMediaResource
=======================

Introduction
------------
Processors Media Resource.

Hosts the API for app-store related processor media and interactions:

- Listing app-store categories and visible publishers.
- Managing processor reviews (add, update, delete, list).
- Managing review comments (add, update, delete, list).

All endpoints are under the base path ``/processormedia``.

All endpoints require a valid session via the ``x-session-token`` header.

Permission and ownership notes:

- Access to reviews/comments is guarded through access to the underlying processor.
- Delete operations for reviews/comments require ownership checks on the target entity.
- Some IDs received as query parameters are URL-decoded server-side before use.

Common Models
-------------
- AppCategoryViewModel: id, category, count
- ReviewViewModel: id, processorId, userId, vote, date, title, comment
- ListReviewsViewModel: reviews, avgVote, numberOfOneStarVotes, numberOfTwoStarVotes, numberOfThreeStarVotes, numberOfFourStarVotes, numberOfFiveStarVotes, alreadyVoted
- CommentDetailViewModel: commentId, reviewId, userId, date, text
- CommentListViewModel: commentId, reviewId, userId, date, text
- PublisherFilterViewModel: publisher, nickName, appCount

APIs
----

GET /processormedia/categories/get
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Returns the list of all application categories available in the app store.
- HTTP Verb: GET
- Headers: x-session-token
- Query params: none
- Body: none
- Success:
	- 200 OK, body: array of AppCategoryViewModel
- Return codes:
	- 200 OK
	- 401 Unauthorized (invalid session)

POST /processormedia/reviews/add
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Adds a new review for a processor.
- HTTP Verb: POST
- Headers: x-session-token
- Query params: none
- Body: ReviewViewModel
	- processorId (string, required)
	- vote (float, required, valid range 0.0 to 5.0)
	- title (string, optional)
	- comment (string, optional)
- Success:
	- 200 OK
- Notes:
	- One review per processor per user is enforced (already voted -> rejected).
	- Caller must be allowed to access the processor.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid payload, vote out of range, missing/invalid processor, or already voted)
	- 401 Unauthorized (invalid session)
	- 403 Forbidden (user cannot access processor)

POST /processormedia/reviews/update
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Updates an existing review.
- HTTP Verb: POST
- Headers: x-session-token
- Query params: none
- Body: ReviewViewModel
	- id (string, required) — review ID to update
	- processorId (string, required)
	- vote (float, required, valid range 0.0 to 5.0)
	- title (string, optional)
	- comment (string, optional)
- Success:
	- 200 OK
- Notes:
	- The endpoint validates vote range, then updates the repository entry.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid payload, invalid vote, or update failed)
	- 401 Unauthorized (invalid session)

DELETE /processormedia/reviews/delete
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Deletes a review by processor/review ID and removes all comments associated with that review.
- HTTP Verb: DELETE
- Headers: x-session-token
- Query params:
	- processorId (string, required) — processor ID (URL-decoded server-side)
	- reviewId (string, required) — review ID (URL-decoded server-side)
- Body: none
- Success:
	- 200 OK
- Notes:
	- Caller must be the owner of the review.
	- After successful review deletion, child comments are deleted.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid processor/review or delete count is zero)
	- 401 Unauthorized (invalid session or user is not review owner)

GET /processormedia/reviews/getlist
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Returns paginated reviews for a processor plus aggregate rating statistics.
- HTTP Verb: GET
- Headers: x-session-token
- Query params:
	- processorName (string, required) — processor name
	- page (integer, optional) — page index, default 0
	- itemsperpage (integer, optional) — items per page, default 4
- Body: none
- Success:
	- 200 OK, body: ListReviewsViewModel
- Notes:
	- ``alreadyVoted`` is set for the current user.
	- If no reviews exist, returns an empty ``ListReviewsViewModel``.
	- Pagination is applied after computing full statistics.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid processor)
	- 401 Unauthorized (invalid session)
	- 403 Forbidden (user cannot access processor)

POST /processormedia/comments/add
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Adds a comment to an existing review.
- HTTP Verb: POST
- Headers: x-session-token
- Query params: none
- Body: CommentDetailViewModel
	- reviewId (string, required)
	- text (string, required)
- Success:
	- 200 OK
- Notes:
	- The endpoint resolves review -> processor and enforces processor access permissions.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid payload, missing/invalid review, or missing processor)
	- 401 Unauthorized (invalid session)
	- 403 Forbidden (user cannot access processor)

POST /processormedia/comments/update
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Updates an existing comment.
- HTTP Verb: POST
- Headers: x-session-token
- Query params: none
- Body: CommentDetailViewModel
	- commentId (string, required)
	- reviewId (string, required)
	- text (string, required)
- Success:
	- 200 OK
- Notes:
	- The updated comment entity always uses the caller as userId and the current timestamp.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid payload or update failed)
	- 401 Unauthorized (invalid session)

DELETE /processormedia/comments/delete
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Deletes one comment from a review.
- HTTP Verb: DELETE
- Headers: x-session-token
- Query params:
	- reviewId (string, required) — parent review ID (URL-decoded server-side)
	- commentId (string, required) — comment ID (URL-decoded server-side)
- Body: none
- Success:
	- 200 OK
- Notes:
	- Caller must be the owner of the comment.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid review/comment or delete count is zero)
	- 401 Unauthorized (invalid session or user is not comment owner)

GET /processormedia/comments/getlist
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Returns all comments associated with a review.
- HTTP Verb: GET
- Headers: x-session-token
- Query params:
	- reviewId (string, required)
- Body: none
- Success:
	- 200 OK, body: array of CommentListViewModel
- Notes:
	- If there are no comments, returns an empty ``CommentListViewModel`` object.
	- Access to comments is validated through the review's processor.
- Return codes:
	- 200 OK
	- 400 Bad Request (invalid review or missing processor)
	- 401 Unauthorized (invalid session)
	- 403 Forbidden (user cannot access processor)

GET /processormedia/publisher/getlist
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Description: Returns visible publishers in the marketplace with the number of visible apps per publisher.
- HTTP Verb: GET
- Headers: x-session-token
- Query params: none
- Body: none
- Success:
	- 200 OK, body: array of PublisherFilterViewModel
- Notes:
	- Includes only deployed processors that are shown in store.
	- For non-public processors, entries are included only if the caller is owner or has sharing permissions.
	- ``nickName`` is taken from the publisher's public nickname, then falls back to name, then to user ID.
- Return codes:
	- 200 OK
	- 401 Unauthorized (invalid session)
	- 500 Internal Server Error (unable to load deployed processors)