From 3cc08876371f657466be1e5a02cffeb33391e139 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 13 Nov 2018 10:49:14 +0200 Subject: Add: initial commit --- README | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 README (limited to 'README') diff --git a/README b/README new file mode 100644 index 0000000..6fae203 --- /dev/null +++ b/README @@ -0,0 +1,76 @@ +README for Effi membership register +============================================================================= + +This will become a web-based membership register for the Effi +association. + +The current goal is an MVP version that can be demoed at the fall +general meeting. There will be a running demo site, with some dummy +data. It will support the following use cases: + +* Admin can create new members via the API. +* Admin can list all members via the API. +* Admin can search for members (name, email) via the API. +* Admin can view a member's information via the API. +* Admin can update a member's information via the API. +* Admin can set a member's password via the API. +* A member can access the API, but only sees their own information. +* A member can log in via a web browser and see their own information. + +Authentication will be handled by Qvisqve. Any member can +authenticate. Data will be stored in Muck, including authentication +information. A custom facade application will provide the API. A +custom application will provide a server-side rendered front-end. + +The front-end application uses the facade API to access all data. + +Facade API +----------------------------------------------------------------------------- + +The facade will have an API like this: + +* `GET /search` — search for members +* `GET /memb` — get specific member +* `POST /memb` — add a member +* `PUT /memb` — update a member +* `DELETE /memb` — remove a member + +All operations require an access token from Qvisqve. The Muck header +conventions are used for metadata. + +A member's information looks like: + + { + "fullname": "James Bond", + "email": "007@example.com", + "member-number": "7", + "hometown": "London" + } + +(This is known to be insufficient. It's for demo purposes only, for +now. It will change.) + + +Resource types in Muck +============================================================================= + +* `subject` represents a human being whose information is stored in + the system + * contains nothing that isn't needed for authentication +* `password` stores the subject's password + * references `subject` resource id + * contains a salted, scrypt'd password +* `member` contains all non-authentication information about an Effi + member + * references `subject` resource id + * contains full name, membership number, home town, email address + +Authentication +----------------------------------------------------------------------------- + +For the demo I will create users manually. Later on, Qvisqve will need +to store subjects in Muck. + +For the demo, Muck will be changed to allow a user with the super scope +be able to set the owner of a resource. This is necessary so that admin +can create resources for members, but members can see them. -- cgit v1.2.1