Document Management System, complete with roles and privileges. Each document defines access rights; the document defines which roles can access it. Also, each document specifies the date it was published.

The following features make up the Document Management System API:

• It uses JSON Web Token (JWT) for authentication.
• It generates a token upon successul login / account creation and returns it to the client.
• It verifies the token to ensures a user is authenticated to access some endpoints.

• It allows users to be created.
• It allows users to login and obtain a token
• It allows authenticated users to retrieve and edit their information only.
• All users can be retrieved, modified and deleted by the admin user.

• It ensures that users have roles.
• It ensures user roles could be admin or regular, or as created by the admin .
• It ensures roles can be created, retrieved, updated and deleted by an admin user.
• A non-admin user cannot create, retrieve, modify, or delete roles.

• It allows new documents to be created by authenticated users.
• It ensures all documents have access roles defined as public or private.
• It allows admin users to create, retrieve, modify, and delete documents.
• It allows the admin user to retrieve all documents.
• It allows private and public access documents to be retrieved by its owners.
• It ensures users can delete, edit and update documents that they own.
• It allows users to retrieve all documents they own.
• It allows users to set a type for any document they create.

• It allows documents to be defined based on types. Eg. Note, Report etc.
• It allows users to add types to any document they create.
• It allows users to create and retrieve types.
• It allows only admin user to modify and delete types

• It allows users to search public documents that belong to other users (as well as documents that belong to the user).
• It allows admin to retrieve all documents that matches search term, be it public or private.

• [React] - A javascript library for building user interfaces
• [Redux] - A predictable state container for JavaScript apps.
• [Enzyme] - A JavaScript Testing utility for React
• [Materialize] - great UI boilerplate for modern web apps
• node.js - evented I/O for the backend
• Express - fast node.js network app framework
• [Webpack] - the streaming build system
• [Sequelize] - Sequelize is a promise-based ORM for Node.js and io.js.
• [JWT] - To authenticate routes
• [Postgresql and Sequelize ORM]

Document Mnagement System requires Node.js v4+ to run.

Install the dependencies and devDependencies and start the server.

$ cd docMan
$ npm install -d
$ node app
$ Create Postgresql database and run migrations npm run db:setup.
$ Start the express server npm start.
$ Run test npm test.

Create a Postman environment and set url and token variables or download and import a production environment from this

The API has routes, each dedicated to a single task that uses HTTP response codes to indicate API status and errors.

Users are assigned a token when signup or signin. This token is needed for subsequent HTTP requests to the API for authentication and can be attached as values to the header's x-acess-token or authorization key. API requests made without authentication will fail with the status code 401: Unauthorized Access.

• Roles
  • Get roles
• Users
  • Create user
  • Get user
• Documents
  • Get All documents
  • Create document
  • Get document
  • Edit document
  • Delete document
• Search
  • Search Documents
  • [Search Users] (#search-users)

Endpoint for Roles API.

• Endpoint: GET: /api/roles
• Requires: Authentication

• Status: 200: OK
• Body (application/json)

[
  {
    "id": 1,
    "title": "Admin",
    "createdAt": "2016-12-06T06:44:54.792Z",
    "updatedAt": "2016-12-06T06:44:54.792Z"
  }, {
    "id": 2,
    "title": "Registered",
    "createdAt": "2016-12-06T06:44:54.792Z",
    "updatedAt": "2016-12-06T06:44:54.792Z"
  }
]

Endpoint for Users API.

• Endpoint: POST: api/users
• Body (application/json)

{
  "username": "uniqueuser",
  "fullNames": "Unique User",
  "email": "[email protected]",
  "RoleId": 1,
  "password": "password"
}

• Status: 201: Created
• Body (application/json)

{
  "user": {
    "id": 141,
    "username": "uniqueuser",
    "fullNames": "Unique User",
    "email": "[email protected]",
    "RoleId": 1,
    "createdAt": "2017-02-19T17:34:19.992Z",
    "updatedAt": "2017-02-19T17:34:19.992Z"
  },
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySWQiOjE0MSwiUm9sZUlkIjoxLCJpYXQiOjE0ODc1MjU2NjAsImV4cCI6MTQ4NzY5ODQ2MH0.ddCQXZB2_woJ32xZNHqPBhNXfjBRg6T3ZsSmF8GCplA",
  "expiresIn": "2 days"
}

• Endpoint: GET: api/users
• Requires: Authentication, Admin Role

• Status: 200: OK
• Body (application/json)

[{
  "id": 140,
  "username": "uyi2",
  "fullNames": "wuyi2AH",
  "email": "[email protected]",
  "RoleId": 1,
  "password": "$2a$08$ErbiyXkXAXsGXLoG2VOIIucUwzaCXGJz.d5YKkL/0SQIM3xhdbib2",
  "createdAt": "2017-02-17T19:41:30.837Z",
  "updatedAt": "2017-02-17T19:41:30.837Z"
},
{
  "id": 141,
  "username": "uniqueuser",
  "fullNames": "Unique User",
  "email": "[email protected]",
  "RoleId": 1,
  "password": "$2a$08$eggCuipNKnau7CJcxGVaUeEssqo5OjbQedfV1.gGNT2GNTyloD6MS",
  "createdAt": "2017-02-19T17:34:19.992Z",
  "updatedAt": "2017-02-19T17:34:19.992Z"
}]

Endpoint for document API.

• Endpoint: GET: /api/documents
• Requires: Authentication, Admin Role

• Status: 200: OK
• Body (application/json)

[{
    "id": 45,
    "title": "Another new document",
    "content": "Test Epic things like lorem etc",
    "permission": "Public",
    "OwnerId": 29,
    "createdAt": "2017-02-17T17:40:45.146Z",
    "updatedAt": "2017-02-17T17:40:45.146Z"
  },
  {
    "id": 44,
    "title": "New Title",
    "content": "The unique content of a document does not lie in the presence of the word unique",
    "permission": "1",
    "OwnerId": 1,
    "createdAt": "2017-02-06T22:55:43.747Z",
    "updatedAt": "2017-02-06T22:55:43.747Z"
  }]

• Endpoint: POST: /api/documents
• Requires: Authentication
• Body (application/json)

{
  "title": "Just a Title",
  "content": "This placeholder should not always be a lorem generated document",
  "OwnerId": 1,
  "permission": "private"
}

• Status: 201: Created
• Body (application/json)

{
  "id": 1,
  "title": "Just a Title",
  "content": "This placeholder should not always be a lorem ipsum generated document",
  "OwnerId": 1,
  "permission": "private",
  "createdAt": "2017-02-05T05:51:51.217Z",
  "updatedAt": "2016-02-05T05:51:51.217Z"
}

• Endpoint: GET: /api/documents/:id
• Requires: Authentication

• Status: 200: OK
• Body (application/json)

{
  "id": 1,
  "title": "Just a Title",
  "content": "This placeholder should not always be a lorem ipsum generated document",
  "OwnerId": 1,
  "permission": "private",
  "createdAt": "2017-02-05T05:51:51.217Z",
  "updatedAt": "2016-02-05T05:51:51.217Z"
}

• Endpoint: PUT: /api/documents/:id
• Requires: Authentication
• Body (application/json):

{
  "title": "Updated Title",
}

• Status: 200: OK
• Body (application/json)

  {
    "id": 1,
    "title": "Updated Title",
    "content": "This placeholder should not always be a lorem ipsum generated document",
    "OwnerId": 1,
    "permission": "private",
    "createdAt": "2017-02-05T05:51:51.217Z",
    "updatedAt": "2016-02-05T05:51:51.217Z"
  }

• Endpoint: DELETE: /api/documents/:id
• Requires: Authentication

• Status: 200: OK
• Body (application/json)

{
  "message": "Deleted Document with id:42"
}

• Endpoint: GET: /search/documents/:term
• Requires: Authentication

• Status: 200: OK
• Body (application/json)

[{
    "id": 45,
    "title": "Another new document",
    "content": "Test Epic things like lorem etc",
    "permission": "Public",
    "OwnerId": 29,
    "createdAt": "2017-02-17T17:40:45.146Z",
    "updatedAt": "2017-02-17T17:40:45.146Z"
  },
  {
    "id": 44,
    "title": "New Title",
    "content": "The unique content of a document does not lie in the presence of the word unique",
    "permission": "1",
    "OwnerId": 1,
    "createdAt": "2017-02-06T22:55:43.747Z",
    "updatedAt": "2017-02-06T22:55:43.747Z"
  }]

• Endpoint: GET: /search/users/:term
• Requires: Authentication, Admin Role

• Status: 200: OK
• Body (application/json)

[{
  "id": 140,
  "username": "uyi2",
  "fullNames": "wuyi2AH",
  "email": "[email protected]",
  "RoleId": 1,
  "password": "$2a$08$ErbiyXkXAXsGXLoG2VOIIucUwzaCXGJz.d5YKkL/0SQIM3xhdbib2",
  "createdAt": "2017-02-17T19:41:30.837Z",
  "updatedAt": "2017-02-17T19:41:30.837Z"
},
{
  "id": 141,
  "username": "uniqueuser",
  "fullNames": "Unique User",
  "email": "[email protected]",
  "RoleId": 1,
  "password": "$2a$08$eggCuipNKnau7CJcxGVaUeEssqo5OjbQedfV1.gGNT2GNTyloD6MS",
  "createdAt": "2017-02-19T17:34:19.992Z",
  "updatedAt": "2017-02-19T17:34:19.992Z"
}]

The limitations to the Document Management System API are as follows:

• Users can only create plain textual documents and retrieve same when needed.
• Users cannot share documents with people, but can make document public to make it available to other users.
• Users cannot delete their accounts unless via the action of an admin of the system.
• Users login and obtain a token which is verified on every request, but users cannot logout (nullify the token), however tokens become invalid when it expires (after 1 day).

Contributors are welcome to further enhance the features of this API by contributing to its development. The following guidelines should guide you in contributing to this project: