summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2018-11-13 10:49:14 +0200
committerLars Wirzenius <liw@liw.fi>2018-11-13 10:49:14 +0200
commit3cc08876371f657466be1e5a02cffeb33391e139 (patch)
treeb3289a2dfcdd275e0f733a85f7017d0a5d9dbdd7 /README
downloadeffi-reg-3cc08876371f657466be1e5a02cffeb33391e139.tar.gz
Add: initial commit
Diffstat (limited to 'README')
-rw-r--r--README76
1 files changed, 76 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..6fae203
--- /dev/null
+++ b/README
@@ -0,0 +1,76 @@
+README for Effi membership register
+=============================================================================
+
+This will become a web-based membership register for the Effi
+association.
+
+The current goal is an MVP version that can be demoed at the fall
+general meeting. There will be a running demo site, with some dummy
+data. It will support the following use cases:
+
+* Admin can create new members via the API.
+* Admin can list all members via the API.
+* Admin can search for members (name, email) via the API.
+* Admin can view a member's information via the API.
+* Admin can update a member's information via the API.
+* Admin can set a member's password via the API.
+* A member can access the API, but only sees their own information.
+* A member can log in via a web browser and see their own information.
+
+Authentication will be handled by Qvisqve. Any member can
+authenticate. Data will be stored in Muck, including authentication
+information. A custom facade application will provide the API. A
+custom application will provide a server-side rendered front-end.
+
+The front-end application uses the facade API to access all data.
+
+Facade API
+-----------------------------------------------------------------------------
+
+The facade will have an API like this:
+
+* `GET /search` &mdash; search for members
+* `GET /memb` &mdash; get specific member
+* `POST /memb` &mdash; add a member
+* `PUT /memb` &mdash; update a member
+* `DELETE /memb` &mdash; remove a member
+
+All operations require an access token from Qvisqve. The Muck header
+conventions are used for metadata.
+
+A member's information looks like:
+
+ {
+ "fullname": "James Bond",
+ "email": "007@example.com",
+ "member-number": "7",
+ "hometown": "London"
+ }
+
+(This is known to be insufficient. It's for demo purposes only, for
+now. It will change.)
+
+
+Resource types in Muck
+=============================================================================
+
+* `subject` represents a human being whose information is stored in
+ the system
+ * contains nothing that isn't needed for authentication
+* `password` stores the subject's password
+ * references `subject` resource id
+ * contains a salted, scrypt'd password
+* `member` contains all non-authentication information about an Effi
+ member
+ * references `subject` resource id
+ * contains full name, membership number, home town, email address
+
+Authentication
+-----------------------------------------------------------------------------
+
+For the demo I will create users manually. Later on, Qvisqve will need
+to store subjects in Muck.
+
+For the demo, Muck will be changed to allow a user with the super scope
+be able to set the owner of a resource. This is necessary so that admin
+can create resources for members, but members can see them.