-
Notifications
You must be signed in to change notification settings - Fork 0
Backend roadmap
Luke Deen Taylor edited this page Nov 8, 2019
·
3 revisions
- Scaffold basic models
- User
- EquipmentType
- EquipmentItem
- Request
Here we will begin creating API endpoints for users of the front-end app to interact with the system.
- Users can view information about inventory. This information can be publicly available even to unauthenticated users.
- API endpoint for listing equipment. Users should be able to see how many of a given item are available and limit their search by some parameters.
- Users can specify a “category” to search by
- Users can specify a “timeframe” to search by, and the app will compile availability data from the requests
- API endpoint for listing equipment. Users should be able to see how many of a given item are available and limit their search by some parameters.
- Authenticated users can make equipment requests
-
POSTendpoint for submitting an equipment request - The back-end can validate that the requested equipment is available
- The back-end can record which user made the request. requires progress on III
-
Develop a system by which the API can record and verify the identity of a user making an API request. Explore using Token Authentication with Django Rest Framework since tokens are easy to work with on the front end and the back end.
After an authentication system is in place, begin securing API endpoints. Make sure only authenticated admin users can make API calls to admin endpoints, and that users can't modify other users' requests, etc. Store information in request records about which user made the request (this information can come from parsing JWT to prevent impersonation attacks, etc).