README for Effi membership register ============================================================================= This will become a web-based membership register for the Effi association. The current goal is an MVP version that can be demoed at the fall general meeting. There will be a running demo site, with some dummy data. It will support the following use cases: * Admin can create new members via the API. * Admin can list all members via the API. * Admin can search for members (name, email) via the API. * Admin can view a member's information via the API. * Admin can update a member's information via the API. * Admin can set a member's password via the API. * A member can access the API, but only sees their own information. * A member can log in via a web browser and see their own information. Authentication will be handled by Qvisqve. Any member can authenticate. Data will be stored in Muck, including authentication information. A custom facade application will provide the API. A custom application will provide a server-side rendered front-end. The front-end application uses the facade API to access all data. Facade API ----------------------------------------------------------------------------- The facade will have an API like this: * `GET /search` — search for members * `GET /memb` — get specific member * `POST /memb` — add a member * `PUT /memb` — update a member * `DELETE /memb` — remove a member All operations require an access token from Qvisqve. The Muck header conventions are used for metadata. A member's information looks like: { "fullname": "James Bond", "email": "007@example.com", "member-number": "7", "hometown": "London" } (This is known to be insufficient. It's for demo purposes only, for now. It will change.) Resource types in Muck ============================================================================= * `subject` represents a human being whose information is stored in the system * contains nothing that isn't needed for authentication * `password` stores the subject's password * references `subject` resource id * contains a salted, scrypt'd password * `member` contains all non-authentication information about an Effi member * references `subject` resource id * contains full name, membership number, home town, email address Authentication ----------------------------------------------------------------------------- For the demo I will create users manually. Later on, Qvisqve will need to store subjects in Muck. For the demo, Muck will be changed to allow a user with the super scope be able to set the owner of a resource. This is necessary so that admin can create resources for members, but members can see them.