Decouple HTTP logic from User and Permission Resources.

[Marak]

Before a public release we should completely decouple the User and Permission resources from any HTTP specific logic.

The User and Permission resources should be part of a unified front / repository with other re-usable resources.

There is no reason this refactor should break any downstream dependencies.

Medium priority.

[indexzero]

+1 to decoupling, but why separate the resources and the routes into different repos? It's all pure Javascript and this set of resources works well together to create an identify service (users, permissions, and orgs). Logically grouping resources together in this fashion makes the parts easier to digest.

I do however, think we should be able to disable the routes when attaching as a plugin. Often you don't want any, or some of the routes, but still want app.resources.User

[Marak]

Reference: cli-users issue #5

https://github.com/flatiron/http-users/blob/master/lib/http-users/user/core.js#L38
https://github.com/flatiron/cli-users/blob/master/lib/properties.js

Duplication of schema definitions across interfaces will cause mismatched schemas.