README


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

README for Effi membership register
=============================================================================

This will become a web-based membership register for the Effi
association.

The current goal is an MVP version that can be demoed at the fall
general meeting. There will be a running demo site, with some dummy
data. It will support the following use cases:

* Admin can create new members via the API.
* Admin can list all members via the API.
* Admin can search for members (name, email) via the API.
* Admin can view a member's information via the API.
* Admin can update a member's information via the API.
* Admin can set a member's password via the API.
* A member can access the API, but only sees their own information.
* A member can log in via a web browser and see their own information.

Authentication will be handled by Qvisqve. Any member can
authenticate. Data will be stored in Muck, including authentication
information. A custom facade application will provide the API. A
custom application will provide a server-side rendered front-end.

The front-end application uses the facade API to access all data.

Facade API
-----------------------------------------------------------------------------

The facade will have an API like this:

* `GET /search` &mdash; search for members
* `GET /memb` &mdash; get specific member
* `POST /memb` &mdash; add a member
* `PUT /memb` &mdash; update a member
* `DELETE /memb` &mdash; remove a member

All operations require an access token from Qvisqve. The Muck header
conventions are used for metadata.

A member's information looks like:

    {
        "fullname": "James Bond",
        "email": "007@example.com",
        "member-number": "7",
        "hometown": "London"
    }

(This is known to be insufficient. It's for demo purposes only, for
now. It will change.)


Resource types in Muck
=============================================================================

* `subject` represents a human being whose information is stored in
  the system
    * contains nothing that isn't needed for authentication
* `password` stores the subject's password
   * references `subject` resource id
   * contains a salted, scrypt'd password
* `member` contains all non-authentication information about an Effi
  member
   * references `subject` resource id
   * contains full name, membership number, home town, email address

Authentication
-----------------------------------------------------------------------------

For the demo I will create users manually. Later on, Qvisqve will need
to store subjects in Muck.

For the demo, Muck will be changed to allow a user with the super scope
be able to set the owner of a resource. This is necessary so that admin
can create resources for members, but members can see them.