Effireg - the Effi membership register
=============================================================================
This will become a web-based membership register for the Effi
association.
The current goal is an MVP version that can be demoed at the fall
general meeting. There will be a running demo site, with some dummy
data. It will support the following use cases:
* Admin can create new members via the API.
* Admin can list all members via the API.
* Admin can search for members (name, email) via the API.
* Admin can view a member's information via the API.
* Admin can update a member's information via the API.
* Admin can set a member's password via the API.
* A member can access the API, but only sees their own information.
* A member can log in via a web browser and see their own information.
Authentication will be handled by Qvisqve. Any member can
authenticate. Data will be stored in Muck, including authentication
information. A custom facade application will provide the API. A
custom application will provide a server-side rendered front-end.
The front-end application uses the facade API to access all data.
Architecture and documentation
-----------------------------------------------------------------------------
See the website for architecture and other
documentation.
Facade API
-----------------------------------------------------------------------------
The facade will have an API like this:
* `GET /search` — search for members
* `GET /memb` — get specific member
* `POST /memb` — add a member
* `PUT /memb` — update a member
* `DELETE /memb` — remove a member
All operations require an access token from Qvisqve. The Muck header
conventions are used for metadata.
A member's information looks like:
{
"fullname": "James Bond",
"email": "007@example.com",
"member-number": "7",
"hometown": "London"
}
(This is known to be insufficient. It's for demo purposes only, for
now. It will change.)
Resource types in Muck
=============================================================================
* `subject` represents a human being whose information is stored in
the system
* contains nothing that isn't needed for authentication
* `password` stores the subject's password
* references `subject` resource id
* contains a salted, scrypt'd password
* `member` contains all non-authentication information about an Effi
member
* references `subject` resource id
* contains full name, membership number, home town, email address
Authentication
-----------------------------------------------------------------------------
For the demo I will create users manually. Later on, Qvisqve will need
to store subjects in Muck.
For the demo, Muck will be changed to allow a user with the super scope
be able to set the owner of a resource. This is necessary so that admin
can create resources for members, but members can see them.
Legalese
=============================================================================
While effi-reg itself is under the AGPL3+ license, a copy of which is
included as `COPYING` in the source code of this program, this license
does NOT apply to clients of the HTTP API it provides.
Copyright 2018-2019 Lars Wirzenius
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .