This is a basic authentication and CRUD API.
To begin with, a user must signup at /signup using the following details : name, email, password and role. All are strings. The user is assigned the role that is sent, provided it exists in the database. If it doesn't, user is requested to create the role by sending a post request at /role
In order to create a role, one must send the following: name, scopes[]. Each role has a list of scopes that determine whether a user has access to the resources or not. They are as follows:
- user-get
- role-get
- student-get
- student-create
- school-create
- school-get
They must be mentioned in string form in the scopes array.
Role "Admin" has all scopes.
Once the user signs up, they must sign in at /signin using email and password (both strings). A cookie is created using json web token.
The following routes are available. If user does not have access to any of these routes, they will be notified.
- /signup [POST]
- /signin [POST]
- /user [GET]
- /user/:id [GET]
- /role [POST]
- /role [GET]
- /student [POST]
- /student [GET]
- /school [POST]
- /school [GET]
The user can do a number of functions:
- get all users using /user
- get a single user using /user/:id where id is the object id of the single user targetted
- create a student using /student under their own account
- get all students in their account using /student
- create a school using /school
- get all schools using /school