About Documentit!
This a Javascript implemented document management api with access levels, roles and priviledges. Each document defines access rights and which roles can access it. The documents also specify the date it was published. Users are categorized by roles.
Run the App on POSTMAN
.
- Authentication
- It uses JWT for authentication.
- It generates a token and returns to the client.
- It verifies the token on every request to authenticated endpoints.
- Users
- It allows users to be created.
- It generates an initial Administrative user to handle admin rights
- It sets a newly created user's role to
user
by default. - It allows only the created user to edit, and update their information.
- All registered users can be retrieved by the admin user.
- Roles
- It ensures that users have a role.
- It ensures users roles could be
admin
orregular
. - It ensures new roles can be created, updated and deleted by an admin user.
- It returns all roles to an admin user.
- Documents
- It allows new documents to be created/saved by users.
- It allows created documents to be edited and updated
- It ensures all documents have an access defined (default access of which is
public
). - It allows only admin users to retrieve all documents regardless of the document access level.
- It ensures ONLY private and public access documents to be retrieved by its owners, along with documents with role access of the user.
- It ensures only authenticated users can delete, edit and update documents they own.
- It allows admin to delete any document regardless of the document access level.
HTTP Verb | Endpoint | Functionality |
---|---|---|
POST | /users/login | Logs a user in and returns a token which should be subsequently used to access authenticated endpoints. request parameters include email and password |
POST | /users/logout | Logs a user out |
POST | /users/ | Creates a new user. Required attributes are firstName , lastName , email , password . If a role is not specified, a defualt role of regular is created |
GET | /users/ | Fetch all registered users (admin privilege required) |
GET | /users/:id | Fetch a user by specific id (admin privilege required). parameter: id of the particular user as url query |
PUT | /users/:id | Update a specific user (by id) attributes. parameter: id of the particular user as url query |
DELETE | /users/:id | Delete a specific user by id. (admin privilege required). parameter: id of the particular user as url query |
POST | /documents/ | Creates a new document instance. Required attributes are title , content and access . If an access is NOT specified, the document is marked public by default |
GET | /documents/ | Fetch all documents (returns all documents based on each document access right and the requesters role) |
GET | /documents/:id | Fectch a specific document by it's id. parameter: id of the particular document as url query |
PUT | /documents/:id | Update specific document attributes by it's id. parameter: id of the particular document as url query |
DELETE | /documents/:id | Delete a specific document by it's id. parameter: id of the particular document as url query |
GET | /users/:id/documents | Find all documents belonging to the specified user. parameter: id of the particular user as url query to get the correponding documents belonging to that user |
POST | /roles/ | Create a new role (admin privilege required) |
GET | /roles/ | Fetches all roles (admin privilege required ) |
GET | /roles/:id | Find a role by id (admin privilege required ). parameter: id of the particular role as url query |
PUT | /roles/:id | Update role attributes (admin privilege required ). parameter: id of the particular role as url query |
DELETE | /delete/:id | Delete role (admin privilege required ). parameter: id of the particular role as url query |
GET | /search/documents/?q={doctitle} | Search for documents that have the specified query |
GET | /search/users/?q={username} | Search for users that have the specified query |
Endpoints for role API
- Endpoint: GET:
/roles
- Requires: Authentication and Admin Access Level
- Status:
200: OK
- Body
(application/json)
[
{
"id": 1,
"title": "admin",
"createdAt": "2017-03-03T13:28:22.003Z",
"updatedAt": "2017-03-03T13:28:22.003Z"
}
{
"id": 3,
"title": "regular",
"createdAt": "2017-03-03T13:28:22.003Z",
"updatedAt": "2017-03-03T13:28:22.003Z"
}
]
- Endpoint: POST:
/roles
- Requires: Authentication and Admin Access Level
- Body
(application/json)
{ "title": "supervisor" }
- Status:
201: Created
- Body
(application/json)
"role": {
"id": 3,
"title": "supervisor",
"updatedAt": "2017-03-07T15:57:29.019Z",
"createdAt": "2017-03-07T15:57:29.019Z"
}
- Endpoint: DELETE:
/roles/:id
- Requires: Authentication and Admin Access Level
- Status:
200: OK
- Body
(application/json)
{
"success": true,
"message": "role deleted successfully"
}
Endpoint for Users API.
- Endpoint: POST:
/users
- Body
(application/json)
{
"username": "uniqueuser",
"firstname": "First Name",
"lastname": "Last Name",
"email": "[email protected]",
"password": "password"
}
- Status:
201: Created
- Body
(application/json)
{
"success": true,
"message": "uniqueuser created",
"RoleId": 2,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjIxLCJyb2xlSWQiOjIsImlhdCI6MTQ5MTM4NjgzMCwiZXhwIjoxNDkxODE4ODMwfQ.BIvpw2RgNBiPsO2xYOlGdrV2aGeDdeTlET0wD8KUYY0",
}
- Endpoint: GET:
/users
- Requires: Authentication and Admin access.
- Status:
200: OK
- Body
(application/json)
[
{
"id": 1,
"username": "super",
"firstname": "Sydnie",
"lastname": "Mitchell"
},
{
"id": 2,
"username": "cook",
"firstname": "Louisa",
"lastname": "Murazik"
}
]
- Endpoint: GET:
/users/:id
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
{
"id": 1,
"username": "super",
"firstname": "Sydnie",
"lastname": "Mitchell"
}
- Endpoint: PUT:
/users/:id
- Requires: Authentication and Admin/Owner Access Level
- Body
(application/json)
{
"username": "editeduser",
"firstname": "Edited User",
"lastname": "Edited User",
"email": "[email protected]",
"password": "password"
}
- Status:
200: OK
- Body
(application/json)
{
"id": 9,
"username": "edited",
"firstname": "editeduser",
"lastname": "user",
"email": "[email protected]",
"createdAt": "2017-03-07T16:56:09.880Z",
"updatedAt": "2017-03-07T17:30:07.385Z"
}
- Endpoint: DELETE:
/user/:id
- Requires: Authentication and Super Admin Access Level
- Status:
200: OK
- Body
(application/json)
{
"success": true,
"message": "User deleted"
}
- Endpoint: POST:
users/login
- Requires: Authentication of User or Admin to gain token for access.
- Body
(application/json)
{
"email": "[email protected]",
"password": "test"
}
- Status
200: OK
- Body
(application/json)
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjIyLCJyb2xlSWQiOjIsImlhdCI6MTQ5MTM4NzAxNiwiZXhwIjoxNDkxNTU5ODE2fQ._XvH1XxnUCgcZbGj-svsuPkpcmpAo4vHL3Mv_Pdzj8g",
"expiresIn": "2 days"
}
- Endpoint: POST:
users/logout
- Requires: Authentication of User or Admin to delete token from localStorage.
- Body
(application/json)
- Status
200: OK
- Body
(application/json)
{
"success": true,
"message": "User logged out successfully"
}
Endpoint for Documents.
- Create document
- Get all documents
- Get single document
- Edit document
- Delete document
- Search Documents
- Find User Documents
- Endpoint: POST:
/documents
- Body
(application/json)
{
"title": "readmi",
"content": "this is a demo dare to ask for the impossible.",
"access": "public",
"OwnerId": 2
}
- Status:
201: Created
- Body
(application/json)
{
"success": true,
"message": "Document successfully created",
"document": {
"id": 8,
"title": "readmi",
"content": "this is a demo dare to ask for the impossible.",
"access": "public",
"OwnerId": 2,
"updatedAt": "2017-03-07T18:20:20.929Z",
"createdAt": "2017-03-07T18:20:20.929Z"
}
}
- Endpoint: GET:
/documents
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
{
"success": true,
"results": [
{
"id": 1,
"title": "Integrated regional info-mediaries",
"content": "Voluptas et nostrum assumenda ea velit facere molestiae reprehenderit atque. Optio laboriosam harum. Aut ut nemo tenetur. Architecto praesentium aut at. Corrupti totam quo.",
"OwnerId": 3,
"access": "public",
"createdAt": "2017-03-06T12:02:27.902Z"
},
{
"id": 2,
"title": "we worship forever",
"content": "Reiciendis voluptate error voluptatem possimus dolores provident neque aut nemo. Ab in quia ut quos ipsum veritatis consequatur alias. Quae aut facilis.",
"OwnerId": 5,
"access": "public",
"createdAt": "2017-03-06T12:02:27.902Z"
}
]
}
- Endpoint: GET:
/documents/:id
- Requires: Authentication, Admin or user Access for public documents, Admin/Owner access for private documents, admin/role access for role documents
- Status:
200: OK
- Body
(application/json)
{
"success": true,
"message": "Document found",
"document": {
"id": 6,
"title": "Enhanced client-driven focus group",
"content": "Placeat aspernatur dolores corporis. Ipsum similique maiores quisquam ratione vel.",
"OwnerId": 3,
"access": "public",
"createdAt": "2017-03-06T12:02:27.902Z",
"updatedAt": "2017-03-06T12:02:27.902Z"
}
}
- Endpoint: PUT:
/documents/:id
- Requires: Authentication and Super Admin/Owner Access Level
- Body
(application/json)
{
"title": "readmi",
"content": "this is a demo dareasdfasdfsfaf to ask for the impossible.",
"access": "private"
}
- Status:
200: OK
- Body
(application/json)
{
"id": 6,
"title": "readmi",
"content": "this is a demo dareasdfasdfsfaf to ask for the impossible.",
"access": "private",
"OwnerId": 3,
"createdAt": "2017-03-06T12:02:27.902Z",
"updatedAt": "2017-03-07T18:40:19.108Z"
}
- Endpoint: DELETE:
/documents/:id
- Requires: Authentication and Admin Access Level or Owner access level
- Status:
200: OK
- Body
(application/json)
{
"success": true,
"message": "Document has been successfully deleted"
}
- Endpoint: GET:
/documents/?query=searchQuery
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
{
"success": true,
"results": [{
"id": 1,
"title": "Integrated regional info-mediaries",
"content": "Voluptas et nostrum assumenda ea velit facere molestiae reprehenderit atque. Optio laboriosam harum. Aut ut nemo tenetur. Architecto praesentium aut at. Corrupti totam quo.",
"OwnerId": 3,
"access": "public",
"createdAt": "2017-03-06T12:02:27.902Z"
},
{
"id": 2,
"title": "we worship forever",
"content": "Reiciendis voluptate error voluptatem possimus dolores provident neque aut nemo. Ab in quia ut quos ipsum veritatis consequatur alias. Quae aut facilis.",
"OwnerId": 7,
"access": "public",
"createdAt": "2017-03-06T12:02:27.902Z"
}]
}
- Endpoint: GET:
/users/:UserId/documents/
. e.g/users/2/documents
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
[
{
"id": 1,
"title": "Integrated regional info-mediaries",
"content": "Voluptas et nostrum assumenda ea velit facere molestiae reprehenderit atque. Optio laboriosam harum. Aut ut nemo tenetur. Architecto praesentium aut at. Corrupti totam quo.",
"OwnerId": 2,
"access": "public",
"createdAt": "2017-03-06T12:02:27.902Z"
},
{
"id": 2,
"title": "we worship forever",
"content": "Reiciendis voluptate error voluptatem possimus dolores provident neque aut nemo. Ab in quia ut quos ipsum veritatis consequatur alias. Quae aut facilis.",
"OwnerId": 2,
"access": "public",
"createdAt": "2017-03-06T12:02:27.902Z"
}
]
- Fork this repository to your GitHub account
- Clone the forked repository
- Create your feature branch
- Commit your changes
- Push to the remote branch
- Open a Pull Request
Technologies Used in the development of this api include the following
- node.js - evented I/O for the backend
- babel-cli - Babel Command line interface
- babel-core - Babel Core for javascript transpiling
- babel-loader - Adds Babel support to Webpack
- babel-preset-es2015 - Babel preset for ES2015
- babel-preset-react - Add JSX support to Babel
- babel-preset-react-hmre - Hot reloading preset for Babel
- babel-register - Register Babel to transpile our Mocha tests]
- eslint - Lints JavaScript
- expect - Assertion library for use with Mocha
- express - Serves development and production builds]
- mocha - JavaScript testing library
- npm-run-all - Display results of multiple commands on single command line
- webpack - Bundler with plugin system and integrated development server
- webpack-dev-middleware - Adds middleware support to webpack
- webpack-hot-middleware - Adds hot reloading to webpack
© Akunna Nwosu