# CMS
Secure Content Management System with Multiple Users and Distinct Roles
___

```{div} sd-sphinx-override sd-btn sd-text-wrap lang
Change language 
```

## 1. Introduction - Project Overview


This project aims to develop a secure content management system (CMS) that enables 
different types of users (administrators, editors, and visitors) to interact with content based 
on their respective roles and permissions.

 The key objective is to implement a REST API that:

 - Manages user authentication via JWT (JSON Web Token).

 - Basic content management (CRUD operations)

 - Role-based access control (Admin, Editor, Visitor)

 Through this project, developers will gain hands-on experience with:

 #### - Access management

 #### - Backend server setup

 #### - Database implementation

 #### - Data security system design

## 2.Target Audience :

The CMS is designed for platforms that require hierarchical content management with 
distinct levels of access. This system can be used in:

 ##### Blogs

 ##### Publishing platforms

 ##### Internal corporate systems

 ### User Roles & Permissions

 1- Administrators Have full system control, including user and content management.

 2- Editors Can create and modify content.

 3- Visitors Can only view content.

 ## 3. Main Functionalities

### 3.1. User Authentication & Management

 - Simple user registration & login (email & password).

 - JWT-based authentication with role-based access control.

 - Users stored in a JSON file (instead of a full database) to save time.

 ### 3.2. Content Management (CRUD Operations)

 - Admin & Editor Can create, edit, delete, and view content.

 - Visitors Can only view content.

 - Content stored in a JSON file (instead of a database) to simplify development.

 ### 3.3. Security & Data Protection

 - JWT authentication to protect API routes.
 
 - Hashed passwords for security.

 - Basic role-based access control enforced at the API level.

 ## 4. Deliverables

 At the end of the project, the team will provide:

 1-**A functional REST API** with authentication and content management.

2- The source code with comments included.

 **3- Technical documentation** covering:

 **- System architecture**

 **- API routes**

 **- Data models**


 **4- A final report detailing:** (a short README file explaining the project)

  **-Project design**
  **-Technical choices**

 **5- A presentation pitch** summarizing the project, including:
 ##### - Key features
 ##### - Challenges encountered

 ## 5. Technical Requirements

#### 1. Language & Framework

 - Use **Node.js** with **Express** for backend development.

 #### 2. Database
 
 - Use **MongoDB** (preferably **MongoDB Atlas** for an easy online setup).

 - Utilize **Mongoose** to interact with the database.

 - simpler choice : Use **a JSON file** instead of a database to store users and content

 #### 3. Authentication & Security

 - Use **JWT (JSON Web Token)** for authentication.
 - Store JWT securely and verify user roles before accessing certain endpoints.

  **4. Content Management**
- **Administrators:** Full control (manage users and content).
- **Editors:** Can create and modify content.
- **Visitors:** Can only view content.

**-5. Deployment**
 - **Run the API locally** on your machines using-:
 - **Node.js** (for the backend)- 
 - **MongoDB** (either local or MongoDB Atlas for cloud storage).

**-6. Testing**

 Validate API requests (use **Postman** to manually test API endpoints)