ubclaunchpad / bounce Goto Github PK

Users should be able to view and edit their account info

Members should have roles that we can use to determine their permissions within the app.

Roles

Owner

• read club
• update club
• delete club
• create memberships with any role
• read all memberships
• delete memberships of all members except other owners

Admin

• read club
• update club
• read all memberships
• create memberships with member role
• delete memberships with member role

Member

• read club
• read all memberships
• delete their own membership

Memberships

DB Table

Example JSON

{
    "user_id": 1,
    "club_id": 1,
    "position": "VP Marketing",
    "role": "admin"
}

See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

For reference https://files.slack.com/files-pri/T061Q8S7J-FAXSPQK3R/screen_shot_2018-05-26_at_12.27.51_pm.png

Using @victorwu95's form for creating a club, we should collect the data from the form and send it to the backend (POST to /clubs)

Be able to edit information about an existing club on the front-end and submit the data to the back end.

See https://files.slack.com/files-pri/T061Q8S7J-FAXSPQK3R/screen_shot_2018-05-26_at_12.27.51_pm.png for basic wire frame

See Angel's design here: https://www.figma.com/file/J5H98x6IAk5YVNdfOrpsZ68q/Clubs-app-sketch-file?node-id=0%3A1
We should have

When the user is signed in:

• MyClubs link
• Explore link
• A dropdown link to the user's profile and settings (just use the default small-logo.png as the user's profile pic) if the user is signed in. This dropdown should contain
  • Settings links to the edit account page
  • My Clubs link when the user is signed in (note that we don't really have a MyClubsPage, so this link can be dead for now)
  • Sign Out link

When the user is not signed in:

• Sign In link

would suggest using less

We should be able to use this endpoint to

• Create a club (POST)
• Get a club (GET)

Add an update handler on the /clubs endpoint.

• cleaner / less code needed
• can use babel transpiler to convert es6 to javascript for older browsers

The new membership associates an existing user with an existing club.

1. Create an insert method in bounce/db/membership.py for inserting new users into the DB (see bounce/db/user.py as an example)
2. Create a Membership resource in bounce/server/resource/membership.py that specifies all the information required for creating a new membership.
3. Create a post method for a Memberships endpoint in bounce/server/api/memberships.py (see users.py as an example).

We're only setting the Access-Control-Allow-Origin header on our successful responses, but we should be setting it on all responses, otherwise the client in the browser will raise an error when receiving non-200-level responses.

Currently anyone with access to the API can CRUD clubs, but only people who own a club should be able to do that. This fix should involve making a user an owner of a club when creating a club and making sure that the owner is authenticated before serving delete or update requests on a club.

For security reasons we should only be serving requests over HTTPS.

We need to do this so avoid making the user log in every time the page is closed/refreshed.

This will be a GET request to /clubs/search

• The search endpoint should allow for optional query and page parameters. page defaults to 1 when it's not specified in the request and it marks the offset in the results that you should return results from. You should expect the client to make mistakes and specify an offset that is too large (for example, there is one search result and they specify an offset of 20), in which case you should return a 400 (bad request)). If query isn't specified, just return the top N most recently created clubs.
• Decide on a page size N and LIMIT queries to size N results.

Example response format:

{
    'results': [ { ... } , ...], # results
    'result_count': result_count, 
    'page': page, 
    'total_pages': total_pages
}

also add the --upgrade flag in the makefile when calling make requirements and make test-requirements

Take a look at https://github.com/facebook/create-react-app for help
Recommend using Yarn instead of NPM

currently in the docker file using python:3 pulls in 3.7 which breaks alot of packages and libraries

The following occurs when i try to create a new user

[2018-08-11 21:52:43 +0000] [7] [ERROR] An error occurred during the handling of a POST request to LoginEndpoint                                                                                              
Traceback (most recent call last):                                                                     
  File "/usr/local/lib/python3.6/site-packages/jose/jws.py", line 163, in _sign_header_and_claims      
    key = jwk.construct(key_data, algorithm)                                                           
  File "/usr/local/lib/python3.6/site-packages/jose/jwk.py", line 61, in construct                     
    return key_class(key_data, algorithm)                                                              
  File "/usr/local/lib/python3.6/site-packages/jose/jwk.py", line 101, in __init__                     
    raise JWKError('Expecting a string- or bytes-formatted key.')                                      
jose.exceptions.JWKError: Expecting a string- or bytes-formatted key.                                  
                                                                                                       
During handling of the above exception, another exception occurred:                                    
                                                                                                       
Traceback (most recent call last):                                                                     
  File "/opt/bounce/bounce/server/api/__init__.py", line 117, in handle_request                        
    request, *args, **kwargs)                                                                          
  File "/opt/bounce/bounce/server/resource/__init__.py", line 109, in wrapper                          
    result = await coro(endpoint, request, *args, **kwargs)                                            
  File "/opt/bounce/bounce/server/api/auth.py", line 32, in post                                       
    token = util.create_jwt(user_row.identifier, self.server.config.secret)                            
  File "/opt/bounce/bounce/server/api/util.py", line 125, in create_jwt                                
    algorithm='HS256')                                                                                 
  File "/usr/local/lib/python3.6/site-packages/jose/jwt.py", line 61, in encode                        
    return jws.sign(claims, key, headers=headers, algorithm=algorithm)                                 
  File "/usr/local/lib/python3.6/site-packages/jose/jws.py", line 46, in sign                          
    signed_output = _sign_header_and_claims(encoded_header, encoded_payload, algorithm, key)           
  File "/usr/local/lib/python3.6/site-packages/jose/jws.py", line 166, in _sign_header_and_claims      
    raise JWSError(e)                                                                                  
jose.exceptions.JWSError: Expecting a string- or bytes-formatted key.                                  
[2018-08-11 21:52:43 +0000] - (sanic.access)[INFO][1:7]: POST http://localhost:8080/auth/login  500 33 
[2018-08-11 21:52:48 +0000] [7] [INFO] KeepAlive Timeout. Closing connection.                          

Users should be able to:

• Create profiles
• View their profiles
• Edit their profiles