API

[moan0s]

This issue should collect all initial requirements of an API.

• POC: Get all books for example
• Document API access

[Sebastian1515]

• Compatibility to AccessControl (https://github.com/Sebastian1515/AccessControl/): HTTP Response for a request with the following ingredients: UID (RFID card number) and password. Sends an http response code or something else back whether the given card number is allowed or not.

[moan0s]

I would suggest one of the following

• Staff members can create devices that have an API token (somewhat like a password)
• New users are created for each device, there is a group that they are added to, to have a suitable permission. Then a API token is created

With this API token a device can authenticate itself (can be hard-coded to AccesControl and has a list of allowed API requests

[moan0s]

efc7d46 adds rooms which represent physical rooms, where users can be assigned to have access.
A user with (currently) any API key can make a request if access for a specific UID is allowed.

An example request looks like

[moanos@firefly src]$ curl -X GET http://localhost:8000/library/api/uid/1234/room/dbc71599-a0ce-482f-a896-6f4a7dfc17ec -H 'Authorization: Token 49b39856635dc6e5cc04365498d4ad30ea3aed78'
{"access":true}