diff --git a/TFRS.pyproj b/TFRS.pyproj
index df7593267..1ded79fa6 100644
--- a/TFRS.pyproj
+++ b/TFRS.pyproj
@@ -38,6 +38,8 @@
     <Compile Include="server\fakedata.py" />
     <Compile Include="server\migrations\0001_initial.py" />
     <Compile Include="server\migrations\0002_auto_20170214_1526.py" />
+    <Compile Include="server\migrations\0003_auto_20170421_1327.py" />
+    <Compile Include="server\migrations\0004_auto_20170427_1726.py" />
     <Compile Include="server\migrations\__init__.py" />
     <Compile Include="server\models\Attachment.py" />
     <Compile Include="server\models\AttachmentViewModel.py" />
@@ -59,6 +61,7 @@
     <Compile Include="server\models\Notification.py" />
     <Compile Include="server\models\NotificationEvent.py" />
     <Compile Include="server\models\NotificationViewModel.py" />
+    <Compile Include="server\models\Offer.py" />
     <Compile Include="server\models\Permission.py" />
     <Compile Include="server\models\PermissionViewModel.py" />
     <Compile Include="server\models\Role.py" />
@@ -74,6 +77,8 @@
     <Compile Include="server\models\UserViewModel.py" />
     <Compile Include="server\models\__init__.py" />
     <Compile Include="server\serializers.py" />
+    <Compile Include="server\test_api_complex.py" />
+    <Compile Include="server\test_api_custom.py" />
     <Compile Include="server\test_api_simple.py" />
     <Compile Include="server\views.py" />
     <Compile Include="server\views_custom.py" />
diff --git a/obj/Debug/CoreCompileInputs.cache b/obj/Debug/CoreCompileInputs.cache
new file mode 100644
index 000000000..183303f60
--- /dev/null
+++ b/obj/Debug/CoreCompileInputs.cache
@@ -0,0 +1 @@
+0705011114a8a8421dcf9aa7491bf0250495cbf7
diff --git a/server/admin.py b/server/admin.py
index f2eaaecec..c9e288221 100644
--- a/server/admin.py
+++ b/server/admin.py
@@ -23,7 +23,6 @@
 from .models.Attachment import Attachment
 from .models.AttachmentViewModel import AttachmentViewModel
 from .models.Audit import Audit
-from .models.CompliancePeriod import CompliancePeriod
 from .models.Contact import Contact
 from .models.CreditTrade import CreditTrade
 from .models.CreditTradeLogEntry import CreditTradeLogEntry
@@ -40,6 +39,7 @@
 from .models.Notification import Notification
 from .models.NotificationEvent import NotificationEvent
 from .models.NotificationViewModel import NotificationViewModel
+from .models.Offer import Offer
 from .models.Permission import Permission
 from .models.PermissionViewModel import PermissionViewModel
 from .models.Role import Role
@@ -59,7 +59,6 @@
 admin.site.register(Attachment)
 admin.site.register(AttachmentViewModel)
 admin.site.register(Audit)
-admin.site.register(CompliancePeriod)
 admin.site.register(Contact)
 admin.site.register(CreditTrade)
 admin.site.register(CreditTradeLogEntry)
@@ -76,6 +75,7 @@
 admin.site.register(Notification)
 admin.site.register(NotificationEvent)
 admin.site.register(NotificationViewModel)
+admin.site.register(Offer)
 admin.site.register(Permission)
 admin.site.register(PermissionViewModel)
 admin.site.register(Role)
diff --git a/server/fakedata.py b/server/fakedata.py
index 268071c18..d2215786d 100644
--- a/server/fakedata.py
+++ b/server/fakedata.py
@@ -85,19 +85,6 @@ def AuditTestDataUpdate():
   }
 
 
-def CompliancePeriodTestDataCreate():
-  return {
-    'periodName':'Initial',
-    'isActive':True,
-  }
-
-def CompliancePeriodTestDataUpdate():
-  return {
-    'periodName':'Changed',
-    'isActive':False,
-  }
-
-
 def ContactTestDataCreate():
   return {
     'givenName':'Initial',
@@ -362,6 +349,25 @@ def NotificationViewModelTestDataUpdate():
   }
 
 
+def OfferTestDataCreate():
+  return {
+    'status':'Initial',
+    'buyOrSell':'Initial',
+    'numberOfCredits':1,
+    'numberOfViews':1,
+    'note':'Initial',
+  }
+
+def OfferTestDataUpdate():
+  return {
+    'status':'Changed',
+    'buyOrSell':'Changed',
+    'numberOfCredits':0,
+    'numberOfViews':0,
+    'note':'Changed',
+  }
+
+
 def PermissionTestDataCreate():
   return {
     'code':'Initial',
diff --git a/server/migrations/0004_auto_20170427_1726.py b/server/migrations/0004_auto_20170427_1726.py
new file mode 100644
index 000000000..3ea2656a3
--- /dev/null
+++ b/server/migrations/0004_auto_20170427_1726.py
@@ -0,0 +1,304 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('server', '0003_auto_20170421_1327'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Offer',
+            fields=[
+                ('id', models.AutoField(verbose_name='ID', primary_key=True, serialize=False, auto_created=True)),
+                ('status', models.CharField(max_length=255)),
+                ('buyOrSell', models.CharField(max_length=255)),
+                ('numberOfCredits', models.IntegerField()),
+                ('numberOfViews', models.IntegerField()),
+                ('datePosted', models.DateField(null=True, blank=True)),
+                ('note', models.CharField(max_length=255)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='credittrade',
+            name='compliancePeriod',
+        ),
+        migrations.RemoveField(
+            model_name='credittrade',
+            name='fuelSupplier',
+        ),
+        migrations.RemoveField(
+            model_name='credittrade',
+            name='fuelSupplierBalanceAtTransactionTime',
+        ),
+        migrations.RemoveField(
+            model_name='credittrade',
+            name='fuelSupplierLastUpdatedBy',
+        ),
+        migrations.RemoveField(
+            model_name='credittrade',
+            name='partnerLastUpdatedBy',
+        ),
+        migrations.RemoveField(
+            model_name='credittrade',
+            name='transactionPartnerFuelSupplier',
+        ),
+        migrations.RemoveField(
+            model_name='credittradelogentry',
+            name='newCompliancePeriod',
+        ),
+        migrations.AddField(
+            model_name='credittrade',
+            name='fuelSupplierBalanceBeforeTransaction',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AddField(
+            model_name='credittrade',
+            name='initiator',
+            field=models.ForeignKey(related_name='CreditTradeinitiator', null=True, to='server.FuelSupplier', blank=True),
+        ),
+        migrations.AddField(
+            model_name='credittrade',
+            name='initiatorLastUpdateBy',
+            field=models.ForeignKey(related_name='CreditTradeinitiatorLastUpdateBy', null=True, to='server.User', blank=True),
+        ),
+        migrations.AddField(
+            model_name='credittrade',
+            name='respondent',
+            field=models.ForeignKey(related_name='CreditTraderespondent', null=True, to='server.FuelSupplier', blank=True),
+        ),
+        migrations.AddField(
+            model_name='credittrade',
+            name='respondentLastUpdatedBy',
+            field=models.ForeignKey(related_name='CreditTraderespondentLastUpdatedBy', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='audit',
+            name='appCreateTimestamp',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='audit',
+            name='appLastUpdateTimestamp',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittrade',
+            name='approvedRejectedBy',
+            field=models.ForeignKey(related_name='CreditTradeapprovedRejectedBy', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittrade',
+            name='attachments',
+            field=models.ManyToManyField(to='server.Attachment', blank=True, related_name='CreditTradeattachments'),
+        ),
+        migrations.AlterField(
+            model_name='credittrade',
+            name='cancelledBy',
+            field=models.ForeignKey(related_name='CreditTradecancelledBy', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittrade',
+            name='history',
+            field=models.ManyToManyField(to='server.History', blank=True, related_name='CreditTradehistory'),
+        ),
+        migrations.AlterField(
+            model_name='credittrade',
+            name='notes',
+            field=models.ManyToManyField(to='server.Note', blank=True, related_name='CreditTradenotes'),
+        ),
+        migrations.AlterField(
+            model_name='credittrade',
+            name='reviewedRejectedBy',
+            field=models.ForeignKey(related_name='CreditTradereviewedRejectedBy', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittrade',
+            name='tradeExecutionDate',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittradelogentry',
+            name='creditTrade',
+            field=models.ForeignKey(related_name='CreditTradeLogEntrycreditTrade', null=True, to='server.CreditTrade', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittradelogentry',
+            name='logEntryTime',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittradelogentry',
+            name='newTradeExecutionDate',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='credittradelogentry',
+            name='user',
+            field=models.ForeignKey(related_name='CreditTradeLogEntryuser', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='currentuserviewmodel',
+            name='groupMemberships',
+            field=models.ManyToManyField(to='server.GroupMembership', blank=True, related_name='CurrentUserViewModelgroupMemberships'),
+        ),
+        migrations.AlterField(
+            model_name='currentuserviewmodel',
+            name='userRoles',
+            field=models.ManyToManyField(to='server.UserRole', blank=True, related_name='CurrentUserViewModeluserRoles'),
+        ),
+        migrations.AlterField(
+            model_name='fuelsupplier',
+            name='attachments',
+            field=models.ManyToManyField(to='server.Attachment', blank=True, related_name='FuelSupplierattachments'),
+        ),
+        migrations.AlterField(
+            model_name='fuelsupplier',
+            name='contacts',
+            field=models.ManyToManyField(to='server.Contact', blank=True, related_name='FuelSuppliercontacts'),
+        ),
+        migrations.AlterField(
+            model_name='fuelsupplier',
+            name='dateCreated',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='fuelsupplier',
+            name='history',
+            field=models.ManyToManyField(to='server.History', blank=True, related_name='FuelSupplierhistory'),
+        ),
+        migrations.AlterField(
+            model_name='fuelsupplier',
+            name='notes',
+            field=models.ManyToManyField(to='server.Note', blank=True, related_name='FuelSuppliernotes'),
+        ),
+        migrations.AlterField(
+            model_name='fuelsupplier',
+            name='primaryContact',
+            field=models.ForeignKey(related_name='FuelSupplierprimaryContact', null=True, to='server.Contact', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='groupmembership',
+            name='group',
+            field=models.ForeignKey(related_name='GroupMembershipgroup', null=True, to='server.Group', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='groupmembership',
+            name='user',
+            field=models.ForeignKey(related_name='GroupMembershipuser', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='historyviewmodel',
+            name='lastUpdateTimestamp',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='notification',
+            name='event',
+            field=models.ForeignKey(related_name='Notificationevent', null=True, to='server.NotificationEvent', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='notification',
+            name='user',
+            field=models.ForeignKey(related_name='Notificationuser', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='notificationevent',
+            name='creditTrade',
+            field=models.ForeignKey(related_name='NotificationEventcreditTrade', null=True, to='server.CreditTrade', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='notificationevent',
+            name='eventTime',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='rolepermission',
+            name='permission',
+            field=models.ForeignKey(related_name='RolePermissionpermission', null=True, to='server.Permission', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='rolepermission',
+            name='role',
+            field=models.ForeignKey(related_name='RolePermissionrole', null=True, to='server.Role', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='fuelSupplier',
+            field=models.ForeignKey(related_name='UserfuelSupplier', null=True, to='server.FuelSupplier', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userdetailsviewmodel',
+            name='permissions',
+            field=models.ManyToManyField(to='server.PermissionViewModel', blank=True, related_name='UserDetailsViewModelpermissions'),
+        ),
+        migrations.AlterField(
+            model_name='userfavourite',
+            name='User',
+            field=models.ForeignKey(related_name='UserFavouriteUser', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userrole',
+            name='effectiveDate',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userrole',
+            name='expiryDate',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userrole',
+            name='role',
+            field=models.ForeignKey(related_name='UserRolerole', null=True, to='server.Role', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userrole',
+            name='user',
+            field=models.ForeignKey(related_name='UserRoleuser', null=True, to='server.User', blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userroleviewmodel',
+            name='effectiveDate',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userroleviewmodel',
+            name='expiryDate',
+            field=models.DateField(null=True, blank=True),
+        ),
+        migrations.AlterField(
+            model_name='userviewmodel',
+            name='groupMemberships',
+            field=models.ManyToManyField(to='server.GroupMembership', blank=True, related_name='UserViewModelgroupMemberships'),
+        ),
+        migrations.AlterField(
+            model_name='userviewmodel',
+            name='userRoles',
+            field=models.ManyToManyField(to='server.UserRole', blank=True, related_name='UserViewModeluserRoles'),
+        ),
+        migrations.AddField(
+            model_name='offer',
+            name='fuelSupplier',
+            field=models.ForeignKey(related_name='OfferfuelSupplier', null=True, to='server.FuelSupplier', blank=True),
+        ),
+        migrations.AddField(
+            model_name='offer',
+            name='history',
+            field=models.ManyToManyField(to='server.History', blank=True, related_name='Offerhistory'),
+        ),
+        migrations.AddField(
+            model_name='credittrade',
+            name='offer',
+            field=models.ForeignKey(related_name='CreditTradeoffer', null=True, to='server.Offer', blank=True),
+        ),
+        migrations.AddField(
+            model_name='notificationevent',
+            name='offer',
+            field=models.ForeignKey(related_name='NotificationEventoffer', null=True, to='server.Offer', blank=True),
+        ),
+    ]
diff --git a/server/models/Audit.py b/server/models/Audit.py
index 1dcf839a8..8fb5b1e94 100644
--- a/server/models/Audit.py
+++ b/server/models/Audit.py
@@ -26,11 +26,11 @@
 
 
 class Audit(models.Model):	    
-    appCreateTimestamp = models.DateField()   
+    appCreateTimestamp = models.DateField(blank=True, null=True)   
     appCreateUserid = models.CharField(max_length=255)   
     appCreateUserGuid = models.CharField(max_length=255)   
     appCreateUserDirectory = models.CharField(max_length=255)   
-    appLastUpdateTimestamp = models.DateField()   
+    appLastUpdateTimestamp = models.DateField(blank=True, null=True)   
     appLastUpdateUserid = models.CharField(max_length=255)   
     appLastUpdateUserGuid = models.CharField(max_length=255)   
     appLastUpdateUserDirectory = models.CharField(max_length=255)   
diff --git a/server/models/CreditTrade.py b/server/models/CreditTrade.py
index 1ae702faf..0fb8b101a 100644
--- a/server/models/CreditTrade.py
+++ b/server/models/CreditTrade.py
@@ -24,8 +24,8 @@
 from django.db import models
 from django.utils import timezone
 from .FuelSupplier import FuelSupplier
-from .CompliancePeriod import CompliancePeriod
 from .User import User
+from .Offer import Offer
 from .Note import Note
 from .Attachment import Attachment
 from .History import History
@@ -33,19 +33,19 @@
 
 class CreditTrade(models.Model):	    
     status = models.CharField(max_length=255)   
-    fuelSupplier = models.ForeignKey('FuelSupplier', on_delete=models.CASCADE,related_name='CreditTradefuelSupplier')   
-    transactionPartnerFuelSupplier = models.ForeignKey('FuelSupplier', on_delete=models.CASCADE,related_name='CreditTradetransactionPartnerFuelSupplier')   
-    compliancePeriod = models.ForeignKey('CompliancePeriod', on_delete=models.CASCADE,related_name='CreditTradecompliancePeriod')   
-    fuelSupplierLastUpdatedBy = models.ForeignKey('User', on_delete=models.CASCADE,related_name='CreditTradefuelSupplierLastUpdatedBy')   
-    partnerLastUpdatedBy = models.ForeignKey('User', on_delete=models.CASCADE,related_name='CreditTradepartnerLastUpdatedBy')   
-    reviewedRejectedBy = models.ForeignKey('User', on_delete=models.CASCADE,related_name='CreditTradereviewedRejectedBy')   
-    approvedRejectedBy = models.ForeignKey('User', on_delete=models.CASCADE,related_name='CreditTradeapprovedRejectedBy')   
-    cancelledBy = models.ForeignKey('User', on_delete=models.CASCADE,related_name='CreditTradecancelledBy')   
-    tradeExecutionDate = models.DateField()   
+    initiator = models.ForeignKey('FuelSupplier', blank=True, null=True, related_name='CreditTradeinitiator')   
+    respondent = models.ForeignKey('FuelSupplier', blank=True, null=True, related_name='CreditTraderespondent')   
+    initiatorLastUpdateBy = models.ForeignKey('User', blank=True, null=True, related_name='CreditTradeinitiatorLastUpdateBy')   
+    respondentLastUpdatedBy = models.ForeignKey('User', blank=True, null=True, related_name='CreditTraderespondentLastUpdatedBy')   
+    reviewedRejectedBy = models.ForeignKey('User', blank=True, null=True, related_name='CreditTradereviewedRejectedBy')   
+    approvedRejectedBy = models.ForeignKey('User', blank=True, null=True, related_name='CreditTradeapprovedRejectedBy')   
+    cancelledBy = models.ForeignKey('User', blank=True, null=True, related_name='CreditTradecancelledBy')   
+    tradeExecutionDate = models.DateField(blank=True, null=True)   
     transactionType = models.CharField(max_length=255)   
     numberOfCredits = models.IntegerField()   
     fairMarketValuePrice = models.CharField(max_length=255)   
-    fuelSupplierBalanceAtTransactionTime = models.DateField()   
-    notes = models.ManyToManyField('Note',related_name='CreditTradenotes')   
-    attachments = models.ManyToManyField('Attachment',related_name='CreditTradeattachments')   
-    history = models.ManyToManyField('History',related_name='CreditTradehistory')   
+    offer = models.ForeignKey('Offer', blank=True, null=True, related_name='CreditTradeoffer')   
+    fuelSupplierBalanceBeforeTransaction = models.DateField(blank=True, null=True)   
+    notes = models.ManyToManyField('Note', blank=True, related_name='CreditTradenotes')   
+    attachments = models.ManyToManyField('Attachment', blank=True, related_name='CreditTradeattachments')   
+    history = models.ManyToManyField('History', blank=True, related_name='CreditTradehistory')   
diff --git a/server/models/CreditTradeLogEntry.py b/server/models/CreditTradeLogEntry.py
index b0883f544..8e7883278 100644
--- a/server/models/CreditTradeLogEntry.py
+++ b/server/models/CreditTradeLogEntry.py
@@ -25,16 +25,14 @@
 from django.utils import timezone
 from .CreditTrade import CreditTrade
 from .User import User
-from .CompliancePeriod import CompliancePeriod
 
 
 class CreditTradeLogEntry(models.Model):	    
-    creditTrade = models.ForeignKey('CreditTrade', on_delete=models.CASCADE,related_name='CreditTradeLogEntrycreditTrade')   
-    user = models.ForeignKey('User', on_delete=models.CASCADE,related_name='CreditTradeLogEntryuser')   
-    logEntryTime = models.DateField()   
-    newCompliancePeriod = models.ForeignKey('CompliancePeriod', on_delete=models.CASCADE,related_name='CreditTradeLogEntrynewCompliancePeriod')   
+    creditTrade = models.ForeignKey('CreditTrade', blank=True, null=True, related_name='CreditTradeLogEntrycreditTrade')   
+    user = models.ForeignKey('User', blank=True, null=True, related_name='CreditTradeLogEntryuser')   
+    logEntryTime = models.DateField(blank=True, null=True)   
     newStatus = models.CharField(max_length=255)   
-    newTradeExecutionDate = models.DateField()   
+    newTradeExecutionDate = models.DateField(blank=True, null=True)   
     newTransactionType = models.CharField(max_length=255)   
     newNumberOfCredits = models.IntegerField()   
     newFairMarketValuePrice = models.CharField(max_length=255)   
diff --git a/server/models/CurrentUserViewModel.py b/server/models/CurrentUserViewModel.py
index fc64f9c0e..384153b30 100644
--- a/server/models/CurrentUserViewModel.py
+++ b/server/models/CurrentUserViewModel.py
@@ -32,7 +32,7 @@ class CurrentUserViewModel(models.Model):
     surname = models.CharField(max_length=255)   
     email = models.CharField(max_length=255)   
     active = models.BooleanField()   
-    userRoles = models.ManyToManyField('UserRole',related_name='CurrentUserViewModeluserRoles')   
+    userRoles = models.ManyToManyField('UserRole', blank=True, related_name='CurrentUserViewModeluserRoles')   
     smUserId = models.CharField(max_length=255)   
     smAuthorizationDirectory = models.CharField(max_length=255)   
-    groupMemberships = models.ManyToManyField('GroupMembership',related_name='CurrentUserViewModelgroupMemberships')   
+    groupMemberships = models.ManyToManyField('GroupMembership', blank=True, related_name='CurrentUserViewModelgroupMemberships')   
diff --git a/server/models/FuelSupplier.py b/server/models/FuelSupplier.py
index 0efb6ca54..ff097def3 100644
--- a/server/models/FuelSupplier.py
+++ b/server/models/FuelSupplier.py
@@ -32,9 +32,9 @@
 class FuelSupplier(models.Model):	    
     name = models.CharField(max_length=255)   
     status = models.CharField(max_length=255)   
-    dateCreated = models.DateField()   
-    primaryContact = models.ForeignKey('Contact', on_delete=models.CASCADE,related_name='FuelSupplierprimaryContact')   
-    contacts = models.ManyToManyField('Contact',related_name='FuelSuppliercontacts')   
-    notes = models.ManyToManyField('Note',related_name='FuelSuppliernotes')   
-    attachments = models.ManyToManyField('Attachment',related_name='FuelSupplierattachments')   
-    history = models.ManyToManyField('History',related_name='FuelSupplierhistory')   
+    dateCreated = models.DateField(blank=True, null=True)   
+    primaryContact = models.ForeignKey('Contact', blank=True, null=True, related_name='FuelSupplierprimaryContact')   
+    contacts = models.ManyToManyField('Contact', blank=True, related_name='FuelSuppliercontacts')   
+    notes = models.ManyToManyField('Note', blank=True, related_name='FuelSuppliernotes')   
+    attachments = models.ManyToManyField('Attachment', blank=True, related_name='FuelSupplierattachments')   
+    history = models.ManyToManyField('History', blank=True, related_name='FuelSupplierhistory')   
diff --git a/server/models/GroupMembership.py b/server/models/GroupMembership.py
index 99c84da88..8e052af4b 100644
--- a/server/models/GroupMembership.py
+++ b/server/models/GroupMembership.py
@@ -29,5 +29,5 @@
 
 class GroupMembership(models.Model):	    
     active = models.BooleanField()   
-    group = models.ForeignKey('Group', on_delete=models.CASCADE,related_name='GroupMembershipgroup')   
-    user = models.ForeignKey('User', on_delete=models.CASCADE,related_name='GroupMembershipuser')   
+    group = models.ForeignKey('Group', blank=True, null=True, related_name='GroupMembershipgroup')   
+    user = models.ForeignKey('User', blank=True, null=True, related_name='GroupMembershipuser')   
diff --git a/server/models/HistoryViewModel.py b/server/models/HistoryViewModel.py
index 8a54d9902..2641ec05b 100644
--- a/server/models/HistoryViewModel.py
+++ b/server/models/HistoryViewModel.py
@@ -28,5 +28,5 @@
 class HistoryViewModel(models.Model):	    
     historyText = models.CharField(max_length=2048)   
     lastUpdateUserid = models.CharField(max_length=255)   
-    lastUpdateTimestamp = models.DateField()   
+    lastUpdateTimestamp = models.DateField(blank=True, null=True)   
     affectedEntityId = models.IntegerField()   
diff --git a/server/models/Notification.py b/server/models/Notification.py
index 1cdbb2e09..b089c7416 100644
--- a/server/models/Notification.py
+++ b/server/models/Notification.py
@@ -28,7 +28,7 @@
 
 
 class Notification(models.Model):	    
-    event = models.ForeignKey('NotificationEvent', on_delete=models.CASCADE,related_name='Notificationevent')   
+    event = models.ForeignKey('NotificationEvent', blank=True, null=True, related_name='Notificationevent')   
     hasBeenViewed = models.BooleanField()   
     isWatchNotification = models.BooleanField()   
-    user = models.ForeignKey('User', on_delete=models.CASCADE,related_name='Notificationuser')   
+    user = models.ForeignKey('User', blank=True, null=True, related_name='Notificationuser')   
diff --git a/server/models/NotificationEvent.py b/server/models/NotificationEvent.py
index 08aa8be39..ad980b5a8 100644
--- a/server/models/NotificationEvent.py
+++ b/server/models/NotificationEvent.py
@@ -24,10 +24,12 @@
 from django.db import models
 from django.utils import timezone
 from .CreditTrade import CreditTrade
+from .Offer import Offer
 
 
 class NotificationEvent(models.Model):	    
-    eventTime = models.DateField()   
+    eventTime = models.DateField(blank=True, null=True)   
     eventTypeCode = models.CharField(max_length=255)   
     notes = models.CharField(max_length=255)   
-    creditTrade = models.ForeignKey('CreditTrade', on_delete=models.CASCADE,related_name='NotificationEventcreditTrade')   
+    creditTrade = models.ForeignKey('CreditTrade', blank=True, null=True, related_name='NotificationEventcreditTrade')   
+    offer = models.ForeignKey('Offer', blank=True, null=True, related_name='NotificationEventoffer')   
diff --git a/server/models/Offer.py b/server/models/Offer.py
new file mode 100644
index 000000000..39301c07e
--- /dev/null
+++ b/server/models/Offer.py
@@ -0,0 +1,38 @@
+"""
+    REST API Documentation for the NRS TFRS Credit Trading Application
+
+    The Transportation Fuels Reporting System is being designed to streamline compliance reporting for transportation fuel suppliers in accordance with the Renewable & Low Carbon Fuel Requirements Regulation.
+
+    OpenAPI spec version: v1
+        
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+"""
+
+import datetime
+
+from django.db import models
+from django.utils import timezone
+from .FuelSupplier import FuelSupplier
+from .History import History
+
+
+class Offer(models.Model):	    
+    fuelSupplier = models.ForeignKey('FuelSupplier', blank=True, null=True, related_name='OfferfuelSupplier')   
+    status = models.CharField(max_length=255)   
+    buyOrSell = models.CharField(max_length=255)   
+    numberOfCredits = models.IntegerField()   
+    numberOfViews = models.IntegerField()   
+    datePosted = models.DateField(blank=True, null=True)   
+    note = models.CharField(max_length=255)   
+    history = models.ManyToManyField('History', blank=True, related_name='Offerhistory')   
diff --git a/server/models/RolePermission.py b/server/models/RolePermission.py
index c48afe58f..e2b896458 100644
--- a/server/models/RolePermission.py
+++ b/server/models/RolePermission.py
@@ -28,5 +28,5 @@
 
 
 class RolePermission(models.Model):	    
-    role = models.ForeignKey('Role', on_delete=models.CASCADE,related_name='RolePermissionrole')   
-    permission = models.ForeignKey('Permission', on_delete=models.CASCADE,related_name='RolePermissionpermission')   
+    role = models.ForeignKey('Role', blank=True, null=True, related_name='RolePermissionrole')   
+    permission = models.ForeignKey('Permission', blank=True, null=True, related_name='RolePermissionpermission')   
diff --git a/server/models/User.py b/server/models/User.py
index f272ad4d4..9c254152f 100644
--- a/server/models/User.py
+++ b/server/models/User.py
@@ -32,7 +32,7 @@ class User(models.Model):
     initials = models.CharField(max_length=255)   
     email = models.CharField(max_length=255)   
     status = models.CharField(max_length=255)   
-    fuelSupplier = models.ForeignKey('FuelSupplier', on_delete=models.CASCADE,related_name='UserfuelSupplier')   
+    fuelSupplier = models.ForeignKey('FuelSupplier', blank=True, null=True, related_name='UserfuelSupplier')   
     smUserId = models.CharField(max_length=255)   
     guid = models.CharField(max_length=255)   
     smAuthorizationDirectory = models.CharField(max_length=255)   
diff --git a/server/models/UserDetailsViewModel.py b/server/models/UserDetailsViewModel.py
index 97cd4a24e..f1f381b9c 100644
--- a/server/models/UserDetailsViewModel.py
+++ b/server/models/UserDetailsViewModel.py
@@ -32,4 +32,4 @@ class UserDetailsViewModel(models.Model):
     initials = models.CharField(max_length=255)   
     email = models.CharField(max_length=255)   
     active = models.BooleanField()   
-    permissions = models.ManyToManyField('PermissionViewModel',related_name='UserDetailsViewModelpermissions')   
+    permissions = models.ManyToManyField('PermissionViewModel', blank=True, related_name='UserDetailsViewModelpermissions')   
diff --git a/server/models/UserFavourite.py b/server/models/UserFavourite.py
index 88d24f652..1fc3eec75 100644
--- a/server/models/UserFavourite.py
+++ b/server/models/UserFavourite.py
@@ -31,4 +31,4 @@ class UserFavourite(models.Model):
     name = models.CharField(max_length=255)   
     value = models.CharField(max_length=255)   
     isDefault = models.BooleanField()   
-    User = models.ForeignKey('User', on_delete=models.CASCADE,related_name='UserFavouriteUser')   
+    user = models.ForeignKey('User', blank=True, null=True, related_name='UserFavouriteuser')   
diff --git a/server/models/UserRole.py b/server/models/UserRole.py
index dac70041a..b5c861b12 100644
--- a/server/models/UserRole.py
+++ b/server/models/UserRole.py
@@ -28,7 +28,7 @@
 
 
 class UserRole(models.Model):	    
-    effectiveDate = models.DateField()   
-    expiryDate = models.DateField()   
-    user = models.ForeignKey('User', on_delete=models.CASCADE,related_name='UserRoleuser')   
-    role = models.ForeignKey('Role', on_delete=models.CASCADE,related_name='UserRolerole')   
+    effectiveDate = models.DateField(blank=True, null=True)   
+    expiryDate = models.DateField(blank=True, null=True)   
+    user = models.ForeignKey('User', blank=True, null=True, related_name='UserRoleuser')   
+    role = models.ForeignKey('Role', blank=True, null=True, related_name='UserRolerole')   
diff --git a/server/models/UserRoleViewModel.py b/server/models/UserRoleViewModel.py
index af30adcff..c48c05f1c 100644
--- a/server/models/UserRoleViewModel.py
+++ b/server/models/UserRoleViewModel.py
@@ -26,7 +26,7 @@
 
 
 class UserRoleViewModel(models.Model):	    
-    effectiveDate = models.DateField()   
-    expiryDate = models.DateField()   
+    effectiveDate = models.DateField(blank=True, null=True)   
+    expiryDate = models.DateField(blank=True, null=True)   
     roleId = models.IntegerField()   
     userId = models.IntegerField()   
diff --git a/server/models/UserViewModel.py b/server/models/UserViewModel.py
index e032069a0..9a10d39db 100644
--- a/server/models/UserViewModel.py
+++ b/server/models/UserViewModel.py
@@ -33,5 +33,5 @@ class UserViewModel(models.Model):
     email = models.CharField(max_length=255)   
     active = models.BooleanField()   
     smUserId = models.CharField(max_length=255)   
-    userRoles = models.ManyToManyField('UserRole',related_name='UserViewModeluserRoles')   
-    groupMemberships = models.ManyToManyField('GroupMembership',related_name='UserViewModelgroupMemberships')   
+    userRoles = models.ManyToManyField('UserRole', blank=True, related_name='UserViewModeluserRoles')   
+    groupMemberships = models.ManyToManyField('GroupMembership', blank=True, related_name='UserViewModelgroupMemberships')   
diff --git a/server/models/__init__.py b/server/models/__init__.py
index 4f89d5edd..616481a05 100644
--- a/server/models/__init__.py
+++ b/server/models/__init__.py
@@ -37,10 +37,6 @@
 #except:
 #     import Audit
 #try:
-#     from . import CompliancePeriod  
-#except:
-#     import CompliancePeriod
-#try:
 #     from . import Contact  
 #except:
 #     import Contact
@@ -105,6 +101,10 @@
 #except:
 #     import NotificationViewModel
 #try:
+#     from . import Offer  
+#except:
+#     import Offer
+#try:
 #     from . import Permission  
 #except:
 #     import Permission
diff --git a/server/serializers.py b/server/serializers.py
index ca191a378..0c205dffc 100644
--- a/server/serializers.py
+++ b/server/serializers.py
@@ -23,7 +23,6 @@
 from .models.Attachment import Attachment
 from .models.AttachmentViewModel import AttachmentViewModel
 from .models.Audit import Audit
-from .models.CompliancePeriod import CompliancePeriod
 from .models.Contact import Contact
 from .models.CreditTrade import CreditTrade
 from .models.CreditTradeLogEntry import CreditTradeLogEntry
@@ -40,6 +39,7 @@
 from .models.Notification import Notification
 from .models.NotificationEvent import NotificationEvent
 from .models.NotificationViewModel import NotificationViewModel
+from .models.Offer import Offer
 from .models.Permission import Permission
 from .models.PermissionViewModel import PermissionViewModel
 from .models.Role import Role
@@ -69,11 +69,6 @@ class Meta:
     model = Audit
     fields = ('id','appCreateTimestamp','appCreateUserid','appCreateUserGuid','appCreateUserDirectory','appLastUpdateTimestamp','appLastUpdateUserid','appLastUpdateUserGuid','appLastUpdateUserDirectory','entityName','entityId','propertyName','oldValue','newValue','isDelete')
 
-class CompliancePeriodSerializer(serializers.ModelSerializer):
-  class Meta:
-    model = CompliancePeriod
-    fields = ('id','periodName','isActive')
-
 class ContactSerializer(serializers.ModelSerializer):
   class Meta:
     model = Contact
@@ -82,12 +77,12 @@ class Meta:
 class CreditTradeSerializer(serializers.ModelSerializer):
   class Meta:
     model = CreditTrade
-    fields = ('id','status','fuelSupplier','transactionPartnerFuelSupplier','compliancePeriod','fuelSupplierLastUpdatedBy','partnerLastUpdatedBy','reviewedRejectedBy','approvedRejectedBy','cancelledBy','tradeExecutionDate','transactionType','numberOfCredits','fairMarketValuePrice','fuelSupplierBalanceAtTransactionTime','notes','attachments','history')
+    fields = ('id','status','initiator','respondent','initiatorLastUpdateBy','respondentLastUpdatedBy','reviewedRejectedBy','approvedRejectedBy','cancelledBy','tradeExecutionDate','transactionType','numberOfCredits','fairMarketValuePrice','offer','fuelSupplierBalanceBeforeTransaction','notes','attachments','history')
 
 class CreditTradeLogEntrySerializer(serializers.ModelSerializer):
   class Meta:
     model = CreditTradeLogEntry
-    fields = ('id','creditTrade','user','logEntryTime','newCompliancePeriod','newStatus','newTradeExecutionDate','newTransactionType','newNumberOfCredits','newFairMarketValuePrice','newFuelSupplierBalanceAtTransactionTime')
+    fields = ('id','creditTrade','user','logEntryTime','newStatus','newTradeExecutionDate','newTransactionType','newNumberOfCredits','newFairMarketValuePrice','newFuelSupplierBalanceAtTransactionTime')
 
 class CurrentUserViewModelSerializer(serializers.ModelSerializer):
   class Meta:
@@ -147,13 +142,18 @@ class Meta:
 class NotificationEventSerializer(serializers.ModelSerializer):
   class Meta:
     model = NotificationEvent
-    fields = ('id','eventTime','eventTypeCode','notes','creditTrade')
+    fields = ('id','eventTime','eventTypeCode','notes','creditTrade','offer')
 
 class NotificationViewModelSerializer(serializers.ModelSerializer):
   class Meta:
     model = NotificationViewModel
     fields = ('id','eventId','event2Id','hasBeenViewed','isWatchNotification','isExpired','isAllDay','priorityCode','userId')
 
+class OfferSerializer(serializers.ModelSerializer):
+  class Meta:
+    model = Offer
+    fields = ('id','fuelSupplier','status','buyOrSell','numberOfCredits','numberOfViews','datePosted','note','history')
+
 class PermissionSerializer(serializers.ModelSerializer):
   class Meta:
     model = Permission
@@ -197,7 +197,7 @@ class Meta:
 class UserFavouriteSerializer(serializers.ModelSerializer):
   class Meta:
     model = UserFavourite
-    fields = ('id','type','name','value','isDefault','User')
+    fields = ('id','type','name','value','isDefault','user')
 
 class UserFavouriteViewModelSerializer(serializers.ModelSerializer):
   class Meta:
@@ -218,3 +218,4 @@ class UserViewModelSerializer(serializers.ModelSerializer):
   class Meta:
     model = UserViewModel
     fields = ('id','givenName','surname','email','active','smUserId','userRoles','groupMemberships')
+
diff --git a/server/test_api_complex.py b/server/test_api_complex.py
new file mode 100644
index 000000000..0a6116ab5
--- /dev/null
+++ b/server/test_api_complex.py
@@ -0,0 +1,122 @@
+"""
+    REST API Documentation for the NRS TFRS Credit Trading Application
+
+    The Transportation Fuels Reporting System is being designed to streamline compliance reporting for transportation fuel suppliers in accordance with the Renewable & Low Carbon Fuel Requirements Regulation.
+
+    OpenAPI spec version: v1
+        
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+"""
+from django.utils import timezone
+
+import json
+from django.test import TestCase
+from django.test import Client
+import django
+
+from rest_framework.test import APIRequestFactory
+from rest_framework.parsers import JSONParser
+from rest_framework import status
+
+from . import fakedata
+from .models.Attachment import Attachment
+from .serializers import AttachmentSerializer
+from .models.AttachmentViewModel import AttachmentViewModel
+from .serializers import AttachmentViewModelSerializer
+from .models.Audit import Audit
+from .serializers import AuditSerializer
+from .models.CompliancePeriod import CompliancePeriod
+from .serializers import CompliancePeriodSerializer
+from .models.Contact import Contact
+from .serializers import ContactSerializer
+from .models.CreditTrade import CreditTrade
+from .serializers import CreditTradeSerializer
+from .models.CreditTradeLogEntry import CreditTradeLogEntry
+from .serializers import CreditTradeLogEntrySerializer
+from .models.CurrentUserViewModel import CurrentUserViewModel
+from .serializers import CurrentUserViewModelSerializer
+from .models.FuelSupplier import FuelSupplier
+from .serializers import FuelSupplierSerializer
+from .models.Group import Group
+from .serializers import GroupSerializer
+from .models.GroupMembership import GroupMembership
+from .serializers import GroupMembershipSerializer
+from .models.GroupMembershipViewModel import GroupMembershipViewModel
+from .serializers import GroupMembershipViewModelSerializer
+from .models.GroupViewModel import GroupViewModel
+from .serializers import GroupViewModelSerializer
+from .models.History import History
+from .serializers import HistorySerializer
+from .models.HistoryViewModel import HistoryViewModel
+from .serializers import HistoryViewModelSerializer
+from .models.LookupList import LookupList
+from .serializers import LookupListSerializer
+from .models.Note import Note
+from .serializers import NoteSerializer
+from .models.Notification import Notification
+from .serializers import NotificationSerializer
+from .models.NotificationEvent import NotificationEvent
+from .serializers import NotificationEventSerializer
+from .models.NotificationViewModel import NotificationViewModel
+from .serializers import NotificationViewModelSerializer
+from .models.Permission import Permission
+from .serializers import PermissionSerializer
+from .models.PermissionViewModel import PermissionViewModel
+from .serializers import PermissionViewModelSerializer
+from .models.Role import Role
+from .serializers import RoleSerializer
+from .models.RolePermission import RolePermission
+from .serializers import RolePermissionSerializer
+from .models.RolePermissionViewModel import RolePermissionViewModel
+from .serializers import RolePermissionViewModelSerializer
+from .models.RoleViewModel import RoleViewModel
+from .serializers import RoleViewModelSerializer
+from .models.User import User
+from .serializers import UserSerializer
+from .models.UserDetailsViewModel import UserDetailsViewModel
+from .serializers import UserDetailsViewModelSerializer
+from .models.UserFavourite import UserFavourite
+from .serializers import UserFavouriteSerializer
+from .models.UserFavouriteViewModel import UserFavouriteViewModel
+from .serializers import UserFavouriteViewModelSerializer
+from .models.UserRole import UserRole
+from .serializers import UserRoleSerializer
+from .models.UserRoleViewModel import UserRoleViewModel
+from .serializers import UserRoleViewModelSerializer
+from .models.UserViewModel import UserViewModel
+from .serializers import UserViewModelSerializer
+
+
+# Complex API test cases. 
+# If an API operation contains generated code and requires a complex model object
+# (containing child items) then it is tested in this file.
+#
+# This file will have to be edited by hand.
+class Test_Api_Complex(TestCase):
+
+    def setUp(self):
+        # Every test needs a client.
+        self.client = Client()
+        # needed to setup django
+        django.setup()
+
+   
+        
+
+if __name__ == '__main__':
+    unittest.main()
+
+
+
+
diff --git a/server/test_api_custom.py b/server/test_api_custom.py
new file mode 100644
index 000000000..6d91bf7b4
--- /dev/null
+++ b/server/test_api_custom.py
@@ -0,0 +1,1437 @@
+"""
+    REST API Documentation for the NRS TFRS Credit Trading Application
+
+    The Transportation Fuels Reporting System is being designed to streamline compliance reporting for transportation fuel suppliers in accordance with the Renewable & Low Carbon Fuel Requirements Regulation.
+
+    OpenAPI spec version: v1
+        
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+"""
+
+import json
+from django.test import TestCase
+from django.test import Client
+from django.core.files.uploadedfile import SimpleUploadedFile
+import django
+
+from rest_framework.test import APIRequestFactory
+from rest_framework.parsers import JSONParser
+from rest_framework import status
+
+from . import fakedata
+from .models.Attachment import Attachment
+from .serializers import AttachmentSerializer
+from .models.AttachmentViewModel import AttachmentViewModel
+from .serializers import AttachmentViewModelSerializer
+from .models.Audit import Audit
+from .serializers import AuditSerializer
+from .models.Contact import Contact
+from .serializers import ContactSerializer
+from .models.CreditTrade import CreditTrade
+from .serializers import CreditTradeSerializer
+from .models.CreditTradeLogEntry import CreditTradeLogEntry
+from .serializers import CreditTradeLogEntrySerializer
+from .models.CurrentUserViewModel import CurrentUserViewModel
+from .serializers import CurrentUserViewModelSerializer
+from .models.FuelSupplier import FuelSupplier
+from .serializers import FuelSupplierSerializer
+from .models.Group import Group
+from .serializers import GroupSerializer
+from .models.GroupMembership import GroupMembership
+from .serializers import GroupMembershipSerializer
+from .models.GroupMembershipViewModel import GroupMembershipViewModel
+from .serializers import GroupMembershipViewModelSerializer
+from .models.GroupViewModel import GroupViewModel
+from .serializers import GroupViewModelSerializer
+from .models.History import History
+from .serializers import HistorySerializer
+from .models.HistoryViewModel import HistoryViewModel
+from .serializers import HistoryViewModelSerializer
+from .models.LookupList import LookupList
+from .serializers import LookupListSerializer
+from .models.Note import Note
+from .serializers import NoteSerializer
+from .models.Notification import Notification
+from .serializers import NotificationSerializer
+from .models.NotificationEvent import NotificationEvent
+from .serializers import NotificationEventSerializer
+from .models.NotificationViewModel import NotificationViewModel
+from .serializers import NotificationViewModelSerializer
+from .models.Permission import Permission
+from .serializers import PermissionSerializer
+from .models.PermissionViewModel import PermissionViewModel
+from .serializers import PermissionViewModelSerializer
+from .models.Role import Role
+from .serializers import RoleSerializer
+from .models.RolePermission import RolePermission
+from .serializers import RolePermissionSerializer
+from .models.RolePermissionViewModel import RolePermissionViewModel
+from .serializers import RolePermissionViewModelSerializer
+from .models.RoleViewModel import RoleViewModel
+from .serializers import RoleViewModelSerializer
+from .models.User import User
+from .serializers import UserSerializer
+from .models.UserDetailsViewModel import UserDetailsViewModel
+from .serializers import UserDetailsViewModelSerializer
+from .models.UserFavourite import UserFavourite
+from .serializers import UserFavouriteSerializer
+from .models.UserFavouriteViewModel import UserFavouriteViewModel
+from .serializers import UserFavouriteViewModelSerializer
+from .models.UserRole import UserRole
+from .serializers import UserRoleSerializer
+from .models.UserRoleViewModel import UserRoleViewModel
+from .serializers import UserRoleViewModelSerializer
+from .models.UserViewModel import UserViewModel
+from .serializers import UserViewModelSerializer
+
+
+# Custom API test cases. 
+# If an API operation does not contains generated code then it is tested in this 
+# file.
+#
+class Test_Api_Custom(TestCase):
+
+    def setUp(self):
+        # Every test needs a client.
+        self.client = Client()
+        # needed to setup django
+        django.setup()
+
+    # following functions are used by the complex tests to create / delete dependent objects
+
+    def createContact(self):
+        testContactUrl = "/api/contacts"
+        # Create:        
+        payload = fakedata.ContactTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testContactUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        contactId = data['id']
+        return contactId
+
+    def createGroup(self):
+        testGroupUrl = "/api/groups"
+        payload = fakedata.GroupTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testGroupUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        contactId = data['id']
+        return contactId
+
+    def createCompliancePeriod(self):
+        testUrl = "/api/complianceperiods"
+        # Create:        
+        payload = fakedata.CompliancePeriodTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        return createdId
+
+    def createFuelSupplier(self, contactId):
+        testUrl = "/api/fuelsuppliers"
+        # Create:        
+        payload = {
+          'name': "Initial",
+          'status': "Initial",
+          'dateCreated': '2000-01-01',   
+          'primaryContact': contactId ,
+          'contacts': [contactId],
+          'notes': [],          
+          'attachments': [],   
+          'history': []
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        return createdId
+
+    def createRole(self):
+        testUrl = "/api/roles"
+        # Create:        
+        fakeRole = fakedata.RoleTestDataCreate()
+        payload = {                      
+          'name': fakeRole['name'],
+          'description': fakeRole['description']
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        return createdId
+
+    def createPermission(self):
+        testUrl = "/api/permissions"
+        # Create:        
+        fakePermission = fakedata.PermissionTestDataCreate()
+        payload = {    
+          'code': fakePermission['code'],
+          'name': fakePermission['name'],
+          'description': fakePermission['description']
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        return createdId
+
+    def createUser(self, fuelsupplierId):
+        testUserUrl = "/api/users"
+        # Create:        
+        fakeUser = fakedata.UserTestDataCreate()
+        payload = {            
+          'givenName': fakeUser['givenName'],
+          'surname':fakeUser['surname'],
+          'initials':fakeUser['initials'],
+          'email':fakeUser['email'],
+          'status':'Active',
+          'smUserId':fakeUser['smUserId'],
+          'guid':fakeUser['guid'],
+          'smAuthorizationDirectory':fakeUser['smAuthorizationDirectory'],
+          'fuelSupplier': fuelsupplierId
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUserUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        userId = data['id']
+        return userId
+
+    def createCreditTrade(self, fuelSupplierId, userId):
+        testUrl = "/api/credittrades"
+        fakeCreditTrade = fakedata.CreditTradeTestDataCreate()
+        payload = {
+          'status':fakeCreditTrade['status'],          
+          'fuelSupplier':fuelSupplierId,
+          'transactionPartnerFuelSupplier': fuelSupplierId,
+          'fuelSupplierLastUpdatedBy': userId,
+          'partnerLastUpdatedBy': None,
+          'reviewedRejectedBy': None,
+          'approvedRejectedBy': None,
+          'cancelledBy': None,
+          'tradeExecutionDate': '2017-01-01',
+          'transactionType':fakeCreditTrade['transactionType'],
+          'numberOfCredits':fakeCreditTrade['numberOfCredits'],
+          'fairMarketValuePrice': '100.00', 
+          'fuelSupplierBalanceAtTransactionTime':'2017-01-01',
+          'notes':[],
+          'attachments':[],
+          'history':[]
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        return createdId
+
+    def createOffer(self, fuelSupplierId):
+        testUrl = "/api/offers"
+        fakeOffer = fakedata.OfferTestDataCreate()
+        payload = {
+          'fuelSupplier':fuelSupplierId,
+          'status': fakeOffer['status'],
+          'buyOrSell': fakeOffer['buyOrSell'],
+          'numberOfCredits': fakeOffer['numberOfCredits'],
+          'numberOfViews': fakeOffer['numberOfViews'], 
+          'datePosted': '2017-01-01',
+          'note': fakeOffer['note'], 
+          'history':[]
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        return createdId  
+    
+    def createNotificationEvent(self, creditTradeId, offerId):
+        testUrl = "/api/notificationevents"
+        fakeNotificationEvent = fakedata.NotificationEventTestDataCreate()
+        payload = {            
+          'eventTime': '2017-01-01',
+          'eventTypeCode': fakeNotificationEvent['eventTypeCode'],
+          'notes': fakeNotificationEvent['notes'], 
+          'creditTrade':creditTradeId,
+          'offer': offerId          
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        return createdId
+
+    def deleteContact(self, contactId):
+        # cleanup the contact.        
+        deleteUrl = "/api/contacts/" + str(contactId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+    
+    def deleteCreditTrade(self, creditTradeId):
+        deleteUrl = "/api/credittrades/" + str(creditTradeId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deleteFuelSupplier(self, fuelsupplierId):
+        deleteUrl = "/api/fuelsuppliers/" + str(fuelsupplierId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deleteGroup(self, groupId):
+        deleteUrl = "/api/groups/" + str(groupId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deleteRole(self, roleId):
+        deleteUrl = "/api/roles/" + str(roleId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deleteRolePermission(self, rolePermissionId):
+        deleteUrl = "/api/rolepermissions/" + str(rolePermissionId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deleteOffer(self, offerId):
+        deleteUrl = "/api/offers/" + str(offerId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deletePermission(self, permissionId):
+        deleteUrl = "/api/permissions/" + str(permissionId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deleteNotificationEvent(self, notificationEventId):
+        deleteUrl = "/api/notificationevents/" + str(notificationEventId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+    def deleteUser(self, userId):
+        deleteUrl = "/api/users/" + str(userId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code    
+
+    def test_credittradesBulkPost(self):
+        # Test Bulk Load.
+        payload = fakedata.CreditTradeTestDataCreate()
+        jsonString = "[]"
+        response = self.client.post('/api/credittrades/bulk',content_type='application/json', data=jsonString)
+        # Check that the response is 200 OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        
+
+    def test_credittradesGet(self):
+        # Credit Trade has the following dependencies:
+        #      User
+        #        Fuel Supplier 
+        #      FuelSupplier
+        #        Contact 
+        
+        # Order of operations for the create will be:
+        # 1. Create a Contact
+        # 2. Create a Fuel Supplier with that Contact
+        # 3. Create a User with that Fuel Supplier
+        # 4. Create the Credit Trade.
+        fakeCreditTrade = fakedata.CreditTradeTestDataCreate()
+
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+
+        # Test List operation
+        baseUrl = "/api/credittrades"
+        response = self.client.get(baseUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        testUrl = baseUrl + "/" + str(creditTradeId) 
+        response = self.client.get(testUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        # Test Put
+        payload = {
+          'id': creditTradeId,
+          'status':'changed',          
+          'fuelSupplier':fuelSupplierId,
+          'transactionPartnerFuelSupplier': fuelSupplierId,
+          'fuelSupplierLastUpdatedBy': userId,
+          'fairMarketValuePrice': '101.00', 
+          'partnerLastUpdatedBy': None,
+          'reviewedRejectedBy': None,
+          'approvedRejectedBy': None,
+          'cancelledBy': None,
+          'tradeExecutionDate': '2017-01-01',
+          'transactionType':fakeCreditTrade['transactionType'],
+          'numberOfCredits':fakeCreditTrade['numberOfCredits'],
+          'fuelSupplierBalanceAtTransactionTime':'2017-01-01',
+          'notes':[],
+          'attachments':[],
+          'history':[]
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.put(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+
+        # Cleanup
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+    def test_credittradetradelogentriesBulkPost(self):
+        # Test Bulk Load.
+        payload = fakedata.CreditTradeLogEntryTestDataCreate()
+        jsonString = "[]"
+        response = self.client.post('/api/credittradetradelogentries/bulk',content_type='application/json', data=jsonString)
+        # Check that the response is 200 OK.
+        assert status.HTTP_201_CREATED == response.status_code        
+
+    def test_credittradetradelogentriesGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+
+        # Test Create and List operations.
+        testUrl = "/api/credittradetradelogentries"
+        # Create:
+        serializer_class = CreditTradeLogEntrySerializer
+        fakeCreditTradeLogEntry = fakedata.CreditTradeLogEntryTestDataCreate()
+        payload = {
+            'creditTrade': creditTradeId,   
+            'user': userId,  
+            'logEntryTime': '2000-01-01',
+            'newStatus': fakeCreditTradeLogEntry['newStatus'],
+            'newTradeExecutionDate': '2000-01-01',   
+            'newTransactionType': fakeCreditTradeLogEntry['newStatus'],   
+            'newNumberOfCredits': fakeCreditTradeLogEntry['newNumberOfCredits'],  
+            'newFairMarketValuePrice': '500.00',
+            'newFuelSupplierBalanceAtTransactionTime': fakeCreditTradeLogEntry['newFuelSupplierBalanceAtTransactionTime']
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        # List:
+        response = self.client.get(testUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        # Put
+        
+        getputUrl = testUrl + "/" + str(createdId)
+        payload = {
+            'id': createdId,
+            'creditTrade': creditTradeId,   
+            'user': userId,  
+            'logEntryTime': '2000-01-01',            
+            'newStatus': 'changed',
+            'newTradeExecutionDate': '2000-01-01',   
+            'newTransactionType': fakeCreditTradeLogEntry['newStatus'],   
+            'newNumberOfCredits': fakeCreditTradeLogEntry['newNumberOfCredits'],  
+            'newFairMarketValuePrice': '500.00',
+            'newFuelSupplierBalanceAtTransactionTime': fakeCreditTradeLogEntry['newFuelSupplierBalanceAtTransactionTime']
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code        
+        # Get
+        response = self.client.get(testUrl)
+        assert status.HTTP_200_OK == response.status_code        
+
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        assert data[1]['newStatus'] == payload['newStatus']
+
+        # Cleanup:
+        deleteUrl = testUrl + "/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+        # Cleanup
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)           
+
+
+    def test_fuelsuppliersBulkPost(self):
+        # Test Bulk Load.
+        payload = fakedata.FuelSupplierTestDataCreate()
+        jsonString = "[]"
+        response = self.client.post('/api/fuelsuppliers/bulk',content_type='application/json', data=jsonString)
+        # Check that the response is 200 OK.
+        assert status.HTTP_201_CREATED == response.status_code        
+
+    def test_fuelsuppliersCreateGetDelete(self):
+        # Fuel supplier has contacts as a dependency.        
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        # Test List operation
+        testUrl = "/api/fuelsuppliers"
+
+        # List:
+        response = self.client.get(testUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+
+        # Get
+        getUrl = testUrl + "/" + str(fuelSupplierId) 
+        response = self.client.get(testUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+
+        # Put
+        changedpayload = {
+          'id': fuelSupplierId,
+          'name': "Changed",
+          'status': "Changed",
+          'dateCreated': '2000-01-01',   
+          'primaryContact': contactId ,
+          'contacts': [contactId],
+          'notes': [],          
+          'attachments': [],   
+          'history': []
+        }
+        jsonString = json.dumps(changedpayload)
+        response = self.client.put(getUrl, content_type='application/json', data=jsonString)
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        assert data['name'] == changedpayload['name'];
+
+        response = self.client.get(getUrl)
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        assert data['name'] == changedpayload['name'];
+        
+        # Cleanup Fuel Supplier
+        self.deleteFuelSupplier(fuelSupplierId)
+
+        # Cleanup contact:
+        self.deleteContact(contactId)        
+
+    def test_notificationsBulkPost(self):
+        # Test Bulk Load.
+        payload = fakedata.NotificationTestDataCreate()
+        jsonString = "[]"
+        response = self.client.post('/api/notifications/bulk',content_type='application/json', data=jsonString)
+        # Check that the response is 200 OK.
+        assert status.HTTP_201_CREATED == response.status_code        
+
+    def test_notificationsGet(self):
+        # Test Create and List operations.
+        testUrl = "/api/notifications"
+        # Create:
+        serializer_class = NotificationSerializer
+        payload = fakedata.NotificationTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        # List:
+        response = self.client.get(testUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        # Cleanup:
+        deleteUrl = testUrl + "/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code        
+
+    def test_notificationsIdDeletePost(self):
+        # Test Retrieve and Update operations.
+        testUrl = "/api/notifications/(?P<id>[0-9]+)/delete"
+        createUrl = testUrl.replace ("/(?P<id>[0-9]+)/delete","")
+        # Create an object:
+        payload = fakedata.NotificationTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(createUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        deleteUrl = testUrl.replace ("(?P<id>[0-9]+)",str(createdId))
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code        
+
+    def test_notificationsIdGet(self):
+        # Test Retrieve and Update operations.
+        testUrl = "/api/notifications/(?P<id>[0-9]+)"
+        createUrl = testUrl.replace ("/(?P<id>[0-9]+)","")
+        # Create an object:
+        payload = fakedata.NotificationTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(createUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        # Update the object:
+        updateUrl = testUrl.replace ("(?P<id>[0-9]+)",str(createdId))
+        payload = fakedata.NotificationTestDataUpdate()
+        jsonString = json.dumps(payload)
+        response = self.client.put(updateUrl, content_type='application/json', data=jsonString)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        # Cleanup:
+        deleteUrl = createUrl + "/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code        
+
+    def test_notificationeventsBulkPost(self):
+        # Test Bulk Load.
+        payload = fakedata.NotificationEventTestDataCreate()
+        jsonString = "[]"
+        response = self.client.post('/api/notificationevents/bulk',content_type='application/json', data=jsonString)
+        # Check that the response is 200 OK.
+        assert status.HTTP_201_CREATED == response.status_code        
+
+    def test_notificationeventsGet(self):
+        # NotificationEvent needs a CreditTrade.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+
+        # Test Create and List operations.
+        testUrl = "/api/notificationevents"
+        # Create:
+        serializer_class = NotificationEventSerializer
+        fakeNotificationEvent = fakedata.NotificationEventTestDataCreate()
+        payload = {
+            'eventTime': '2000-01-01',   
+            'eventTypeCode': fakeNotificationEvent['eventTypeCode'],
+            'notes': fakeNotificationEvent['notes'],
+            'creditTrade': creditTradeId 
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_201_CREATED == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        # List:
+        response = self.client.get(testUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+
+        getputUrl = testUrl + "/" + str (createdId)  
+        # put
+        payload = {
+            'eventTime': '2000-01-01',   
+            'eventTypeCode': 'test',
+            'notes': fakeNotificationEvent['notes'],
+            'creditTrade': creditTradeId 
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.put(getputUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        response = self.client.get(getputUrl)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)        
+
+        assert data['eventTypeCode'] == payload['eventTypeCode']
+
+        # Cleanup
+        deleteUrl = testUrl + "/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)
+
+    def test_usersBulkPost(self):
+        # Test Bulk Load.
+        payload = fakedata.UserTestDataCreate()
+        jsonString = "[]"
+        response = self.client.post('/api/users/bulk',content_type='application/json', data=jsonString)
+        # Check that the response is 200 OK.
+        assert status.HTTP_201_CREATED == response.status_code        
+
+    def test_users(self):
+        # a User has Fuel supplier as a dependency
+        # a Fuel Supplier has contacts as a dependency
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+        
+        testUrl="/api/users"
+        # List:
+        response = self.client.get(testUrl)
+        assert status.HTTP_200_OK == response.status_code
+
+        fakeUser = fakedata.UserTestDataCreate()
+        # test update and get
+        testUrl="/api/users/" + str(userId)
+        payload = {
+          'id': userId,
+          'givenName': 'changed',
+          'surname':fakeUser['surname'],
+          'initials':fakeUser['initials'],
+          'email':fakeUser['email'],
+          'status':fakeUser['status'],
+          'smUserId':fakeUser['smUserId'],
+          'guid':fakeUser['guid'],
+          'smAuthorizationDirectory':fakeUser['smAuthorizationDirectory'],
+          'fuelSupplier': fuelSupplierId
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.put(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+
+        response = self.client.get(testUrl)
+
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        # Cleanup                       
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+    def test_attachmentsIdDownloadGet(self):
+        # first upload a new attachment.
+        testUrl = "/api/attachments"
+        uploadUrl = testUrl + "/upload"
+        serializer_class = AttachmentSerializer
+        payload = fakedata.AttachmentTestDataCreate()
+        rawData = "TEST"                
+        jsonString = json.dumps(payload)        
+        fileData = SimpleUploadedFile("file.txt", rawData.encode('utf-8') )
+        form = {
+            "file": fileData,
+            "item": jsonString,
+        }
+        response = self.client.post(uploadUrl, data=form)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        # download the attachment.
+        downloadUrl = testUrl + "/" + str(createdId) + "/download"
+        response = self.client.get(downloadUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        parsed = response.content.decode("utf-8")
+        # response should match the contents sent.
+        assert rawData==parsed
+        # Cleanup:
+        deleteUrl = testUrl + "/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code         
+        
+
+    def test_creditTradeIdNotesGet(self):
+        # start by creating a credit trade.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+        fakeNote = fakedata.NoteTestDataCreate()
+
+        testUrl = "/api/credittrades/" + str(creditTradeId) + "/notes"
+        payload = fakedata.NoteTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+
+        # Cleanup the Note
+        deleteUrl = "/api/notes/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+        # Cleanup                       
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+    def test_credittradesIdAttachmentsGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+
+        uploadUrl = "/api/credittrades/" + str(creditTradeId) + "/attachments"
+        payload = fakedata.AttachmentTestDataCreate()
+        rawData = "TEST"                
+        jsonString = json.dumps(payload)        
+        fileData = SimpleUploadedFile("file.txt", rawData.encode('utf-8') )
+        form = {
+            "file": fileData,
+            "item": jsonString,
+        }
+        response = self.client.post(uploadUrl, data=form)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+
+        testUrl = "/api/attachments"
+        # download the attachment.
+        downloadUrl = testUrl + "/" + str(createdId) + "/download"
+        response = self.client.get(downloadUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        parsed = response.content.decode("utf-8")
+        # response should match the contents sent.
+        assert rawData==parsed
+        # Cleanup:
+        deleteUrl = testUrl + "/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code         
+
+        # Cleanup                       
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+    def test_credittradesIdHistoryGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+
+        fakeHistory = fakedata.HistoryTestDataCreate()
+        testUrl = "/api/credittrades/" + str(creditTradeId) + "/history"
+        payload = fakedata.HistoryTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+
+        # Cleanup the History
+        deleteUrl = "/api/histories/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+        testUrl = "/api/credittrades/" + str(creditTradeId) + "/history"
+        payload = fakedata.HistoryTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+
+        # Cleanup                       
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+
+    def test_credittradeSearchGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId, userId)
+
+        # do a search
+        testUrl = "/api/credittrades/search"        
+        response = self.client.get(testUrl)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        # Cleanup                       
+        self.deleteCreditTrade(creditTradeId)
+        self.deleteUser(userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+        
+
+
+    def test_usersCurrentFavourites(self):
+        # create a user
+        groupId = self.createGroup()
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        # add a favourite
+
+        fakeFavourite = fakedata.UserFavouriteTestDataCreate()
+        testUrl = "/api/users/current/favourites"
+        jsonString = json.dumps(fakeFavourite)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        
+        # update a favourite
+        fakeFavourite = fakedata.UserFavouriteTestDataUpdate()
+        payload = [{
+            'type': fakeFavourite['type'],
+            'name': fakeFavourite['name'],
+            'value': fakeFavourite['value'],
+            'isDefault': fakeFavourite['isDefault'],
+            'user': userId
+        }]
+        jsonString = json.dumps(payload)        
+        response = self.client.put(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        
+        # search for the favourite
+        response = self.client.get(testUrl + "/search")
+        assert status.HTTP_200_OK == response.status_code
+        
+        # delete favourite
+        deleteUrl = testUrl + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+
+        # cleanup
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)        
+
+    def test_usersCurrentGet(self):
+        # the auth layer is out of scope - in future add a check here that the user matches the logged in user.
+        groupId = self.createGroup()
+        # create a user.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+
+        testUrl="/api/users/current"
+        # List:
+        response = self.client.get(testUrl)
+        assert status.HTTP_200_OK == response.status_code
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)  
+
+
+    def test_fuelsuppliersIdAttachmentsGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+
+        uploadUrl = "/api/fuelsuppliers/" + str(fuelSupplierId) + "/attachments"
+        payload = fakedata.AttachmentTestDataCreate()
+        rawData = "TEST"                
+        jsonString = json.dumps(payload)        
+        fileData = SimpleUploadedFile("file.txt", rawData.encode('utf-8') )
+        form = {
+            "file": fileData,
+            "item": jsonString,
+        }
+        response = self.client.post(uploadUrl, data=form)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+
+        testUrl = "/api/attachments"
+        # download the attachment.
+        downloadUrl = testUrl + "/" + str(createdId) + "/download"
+        response = self.client.get(downloadUrl)
+        # Check that the response is 200 OK.
+        assert status.HTTP_200_OK == response.status_code
+        parsed = response.content.decode("utf-8")
+        # response should match the contents sent.
+        assert rawData==parsed
+        # Cleanup:
+        deleteUrl = testUrl + "/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code         
+
+        # Cleanup                       
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+    def test_fuelsuppliersIdHistoryGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+
+        fakeHistory = fakedata.HistoryTestDataCreate()
+        testUrl = "/api/fuelsuppliers/" + str(fuelSupplierId) + "/history"
+        payload = fakedata.HistoryTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+
+        # Cleanup the History
+        deleteUrl = "/api/histories/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+        # Cleanup                       
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+    def test_fuelsuppliersIdNotesGet(self):
+        # start by creating a credit trade.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        fakeNote = fakedata.NoteTestDataCreate()
+
+        testUrl = "/api/fuelsuppliers/" + str(fuelSupplierId) + "/notes"
+        payload = fakedata.NoteTestDataCreate()
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+
+        # Cleanup the Note
+        deleteUrl = "/api/notes/" + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+        # Check that the response is OK.
+        assert status.HTTP_204_NO_CONTENT == response.status_code
+
+        # Cleanup                       
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                      
+
+    def test_fuelsuppliersSearchGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)        
+
+        # do a search
+        testUrl = "/api/fuelsuppliers/search"        
+        response = self.client.get(testUrl)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        # Cleanup                       
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                    
+
+    def test_groupsIdUsersGet(self):
+        # create a group.
+        groupId = self.createGroup()
+        # create a user.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        # add user to group.
+        userGroupUrl = "/api/users/" + str(userId) + "/groups"
+        # create a new group membership.
+        payload = {'active': True, 'group':groupId, 'user':userId}
+        jsonString = json.dumps(payload)
+        response = self.client.post(userGroupUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+
+        # test the get
+        response = self.client.get(userGroupUrl)
+        assert status.HTTP_200_OK == response.status_code
+
+        testUrl = "/api/groups/" + str(groupId)
+        # get the users in the group.
+        response = self.client.get(testUrl)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        
+        # should match        
+
+        # cleanup
+        self.deleteGroup (groupId)
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)   
+
+    def test_rolesIdPermissionsGet(self):
+        # create a group.
+        roleId = self.createRole()        
+        # create a permission.
+        permissionId = self.createPermission()
+
+        rolePermissionUrl = "/api/roles/" + str(roleId) + "/permissions"
+        # create a new group membership.
+        payload = {'role':roleId, 'permission':permissionId}
+        jsonString = json.dumps(payload)
+        response = self.client.post(rolePermissionUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        rolePermissionId = data['id']
+
+        # test the get
+        response = self.client.get(rolePermissionUrl)
+        assert status.HTTP_200_OK == response.status_code        
+
+        # test the put.  This will also delete the RolePermission.
+        payload = []
+        jsonString = json.dumps(payload)
+        response = self.client.put(rolePermissionUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+        
+
+        # cleanup
+          
+        
+        self.deleteRole (roleId)
+        self.deletePermission(permissionId)        
+
+
+    def test_rolesIdUsersGet(self):
+        # create a role.
+        roleId = self.createRole()
+        # create a user.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        # add role to user.
+        userRoleUrl = "/api/users/" + str(userId) + "/roles"
+        # create a new UserRole.
+        payload = {
+            'effectiveDate': '2000-01-01',   
+            'expiryDate': None,   
+            'user': userId,
+            'role': roleId
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(userRoleUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+        
+        # test the get
+        response = self.client.get(userRoleUrl)
+        assert status.HTTP_200_OK == response.status_code
+        
+        testUrl = "/api/roles/" + str(roleId)
+        # get the users in the group.
+        response = self.client.get(testUrl)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        
+        # test the PUT - this will clear the user role map.
+        payload = []
+        jsonString = json.dumps(payload)
+        response = self.client.put(userRoleUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+
+        # cleanup
+        self.deleteRole (roleId)
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)          
+
+    def test_usersIdFavourites(self):
+        # create a user
+        groupId = self.createGroup()
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        # add a favourite
+
+        fakeFavourite = fakedata.UserFavouriteTestDataCreate()
+        payload = {
+            'type': fakeFavourite['type'],
+            'name': fakeFavourite['name'],
+            'value': fakeFavourite['value'], 
+            'isDefault': fakeFavourite['isDefault'],
+            'user': userId
+        }
+
+        testUrl = "/api/users/" + str(userId) +  "/favourites"
+        jsonString = json.dumps(payload)
+        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        createdId = data['id']
+        
+        # update a favourite
+        fakeFavourite = fakedata.UserFavouriteTestDataUpdate()
+        payload = [{
+            'type': fakeFavourite['type'],
+            'name': fakeFavourite['name'],
+            'value': fakeFavourite['value'],
+            'isDefault': fakeFavourite['isDefault'],
+            'user': userId
+        }]
+        jsonString = json.dumps(payload)        
+        response = self.client.put(testUrl, content_type='application/json', data=jsonString)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+                
+        # delete favourite
+        deleteUrl = testUrl + str(createdId) + "/delete"
+        response = self.client.post(deleteUrl)
+
+        # cleanup
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                    
+
+    
+    def test_usersIdGroupsPut(self):
+        # create a role.
+        groupId = self.createGroup()
+        # create a user.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        # add group to user.
+        userGroupUrl = "/api/users/" + str(userId) + "/groups"
+        # create a new UserRole.
+        payload = {
+            'active': True,   
+            'user': userId,   
+            'group': groupId            
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(userGroupUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+        
+        # test the PUT
+        payload = []
+        jsonString = json.dumps(payload)
+        response = self.client.put(userGroupUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+
+        # cleanup
+        self.deleteGroup (groupId)
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                    
+
+    def test_usersIdNotificationsGet(self):        
+        # create a user.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+
+        # create a credit trade and offer.
+        offerId = self.createOffer(fuelSupplierId)
+        creditTradeId = self.createCreditTrade(fuelSupplierId,userId)
+        notificationEventId = self.createNotificationEvent(creditTradeId, offerId)
+
+
+        # add notification to user.
+        userNotificationUrl = "/api/users/" + str(userId) + "/notifications"
+        # create a new UserRole.
+        payload = {
+          'event': notificationEventId,
+          'hasBeenViewed': False,
+          'isWatchNotification': False,
+          'user':userId
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(userNotificationUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+        
+        # test the Get
+        response = self.client.get(userNotificationUrl)
+        assert status.HTTP_200_OK == response.status_code
+
+        # cleanup
+        self.deleteNotificationEvent(notificationEventId)
+        self.deleteOffer(offerId)
+        self.deleteCreditTrade(creditTradeId)       
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                         
+
+    def test_usersIdPermissionsGet(self):
+        # create a user.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+
+        # create a credit trade and offer.
+
+        notificationEventId = self.createUser(fuelSupplierId)
+
+        # assign permissions to the user.
+        #TODO add that.
+
+        userPermissionUrl = "/api/users/" + str(userId) + "/permissions"        
+        
+        # test the Get
+        response = self.client.get(userPermissionUrl)
+        assert status.HTTP_200_OK == response.status_code
+
+        # cleanup
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)                               
+
+    def test_usersIdRolesPut(self):
+        # create a role.
+        roleId = self.createRole()
+        # create a user.
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)
+        userId = self.createUser(fuelSupplierId)
+        # add role to user.
+        userRoleUrl = "/api/users/" + str(userId) + "/roles"
+        # create a new UserRole.
+        payload = {
+            'effectiveDate': '2000-01-01',   
+            'expiryDate': None,   
+            'user': userId,
+            'role': roleId
+        }
+        jsonString = json.dumps(payload)
+        response = self.client.post(userRoleUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+        
+        # test the PUT
+        payload = []
+        jsonString = json.dumps(payload)
+        response = self.client.put(userRoleUrl,content_type='application/json', data=jsonString)
+        assert status.HTTP_200_OK == response.status_code
+
+        # cleanup
+        self.deleteRole (roleId)
+        self.deleteUser (userId)
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId)             
+
+    def test_usersSearchGet(self):
+        contactId = self.createContact()        
+        fuelSupplierId = self.createFuelSupplier(contactId)        
+        userId = self.createUser(fuelSupplierId)
+
+        # do a search
+        testUrl = "/api/users/search"        
+        response = self.client.get(testUrl)
+        # Check that the response is OK.
+        assert status.HTTP_200_OK == response.status_code
+        # parse the response.
+        jsonString = response.content.decode("utf-8")
+        data = json.loads(jsonString)
+        # Cleanup                       
+        self.deleteUser(userId) 
+        self.deleteFuelSupplier(fuelSupplierId)
+        self.deleteContact(contactId) 
+        
+
+if __name__ == '__main__':
+    unittest.main()
+
+
+
+
diff --git a/server/test_api_simple.py b/server/test_api_simple.py
index e28e29c95..be16fe4d5 100644
--- a/server/test_api_simple.py
+++ b/server/test_api_simple.py
@@ -35,8 +35,6 @@
 from .serializers import AttachmentViewModelSerializer
 from .models.Audit import Audit
 from .serializers import AuditSerializer
-from .models.CompliancePeriod import CompliancePeriod
-from .serializers import CompliancePeriodSerializer
 from .models.Contact import Contact
 from .serializers import ContactSerializer
 from .models.CreditTrade import CreditTrade
@@ -69,6 +67,8 @@
 from .serializers import NotificationEventSerializer
 from .models.NotificationViewModel import NotificationViewModel
 from .serializers import NotificationViewModelSerializer
+from .models.Offer import Offer
+from .serializers import OfferSerializer
 from .models.Permission import Permission
 from .serializers import PermissionSerializer
 from .models.PermissionViewModel import PermissionViewModel
@@ -195,88 +195,6 @@ def test_attachmentsIdGet(self):
         assert status.HTTP_204_NO_CONTENT == response.status_code
         
 
-    def test_complianceperiodsBulkPost(self):
-        # Test Bulk Load.
-        payload = fakedata.CompliancePeriodTestDataCreate()
-        jsonString = "[]"
-        response = self.client.post('/api/complianceperiods/bulk',content_type='application/json', data=jsonString)
-        # Check that the response is 200 OK.
-        assert status.HTTP_201_CREATED == response.status_code
-        
-
-    def test_complianceperiodsGet(self):
-        # Test Create and List operations.
-        testUrl = "/api/complianceperiods"
-        # Create:
-        serializer_class = CompliancePeriodSerializer
-        payload = fakedata.CompliancePeriodTestDataCreate()
-        jsonString = json.dumps(payload)
-        response = self.client.post(testUrl, content_type='application/json', data=jsonString)
-        # Check that the response is OK.
-        assert status.HTTP_201_CREATED == response.status_code
-        # parse the response.
-        jsonString = response.content.decode("utf-8")
-        data = json.loads(jsonString)
-        createdId = data['id']
-        # List:
-        response = self.client.get(testUrl)
-        # Check that the response is 200 OK.
-        assert status.HTTP_200_OK == response.status_code
-        # Cleanup:
-        deleteUrl = testUrl + "/" + str(createdId) + "/delete"
-        response = self.client.post(deleteUrl)
-        # Check that the response is OK.
-        assert status.HTTP_204_NO_CONTENT == response.status_code
-        
-
-    def test_complianceperiodsIdDeletePost(self):
-        # Test Retrieve and Update operations.
-        testUrl = "/api/complianceperiods/(?P<id>[0-9]+)/delete"
-        createUrl = testUrl.replace ("/(?P<id>[0-9]+)/delete","")
-        # Create an object:
-        payload = fakedata.CompliancePeriodTestDataCreate()
-        jsonString = json.dumps(payload)
-        response = self.client.post(createUrl, content_type='application/json', data=jsonString)
-        # Check that the response is OK.
-        assert status.HTTP_201_CREATED == response.status_code
-        # parse the response.
-        jsonString = response.content.decode("utf-8")
-        data = json.loads(jsonString)
-        createdId = data['id']
-        deleteUrl = testUrl.replace ("(?P<id>[0-9]+)",str(createdId))
-        response = self.client.post(deleteUrl)
-        # Check that the response is OK.
-        assert status.HTTP_204_NO_CONTENT == response.status_code
-        
-
-    def test_complianceperiodsIdGet(self):
-        # Test Retrieve and Update operations.
-        testUrl = "/api/complianceperiods/(?P<id>[0-9]+)"
-        createUrl = testUrl.replace ("/(?P<id>[0-9]+)","")
-        # Create an object:
-        payload = fakedata.CompliancePeriodTestDataCreate()
-        jsonString = json.dumps(payload)
-        response = self.client.post(createUrl, content_type='application/json', data=jsonString)
-        # Check that the response is OK.
-        assert status.HTTP_201_CREATED == response.status_code
-        # parse the response.
-        jsonString = response.content.decode("utf-8")
-        data = json.loads(jsonString)
-        createdId = data['id']
-        # Update the object:
-        updateUrl = testUrl.replace ("(?P<id>[0-9]+)",str(createdId))
-        payload = fakedata.CompliancePeriodTestDataUpdate()
-        jsonString = json.dumps(payload)
-        response = self.client.put(updateUrl, content_type='application/json', data=jsonString)
-        # Check that the response is 200 OK.
-        assert status.HTTP_200_OK == response.status_code
-        # Cleanup:
-        deleteUrl = createUrl + "/" + str(createdId) + "/delete"
-        response = self.client.post(deleteUrl)
-        # Check that the response is OK.
-        assert status.HTTP_204_NO_CONTENT == response.status_code
-        
-
     def test_contactsBulkPost(self):
         # Test Bulk Load.
         payload = fakedata.ContactTestDataCreate()
diff --git a/server/urls.py b/server/urls.py
index 8eb7c35ca..36fd539a5 100644
--- a/server/urls.py
+++ b/server/urls.py
@@ -52,31 +52,26 @@ def get(self, request):
     url(r'^attachments/(?P<id>[0-9]+)/delete$', views.attachmentsIdDeletePost.as_view()),
     url(r'^attachments/(?P<id>[0-9]+)/download$', views_custom.attachmentsIdDownloadGet.as_view()),
     url(r'^attachments/(?P<id>[0-9]+)$', views.attachmentsIdGet.as_view()),
-    url(r'^complianceperiods/bulk$', views.complianceperiodsBulkPost.as_view()),
-    url(r'^complianceperiods$', views.complianceperiodsGet.as_view()),
-    url(r'^complianceperiods/(?P<id>[0-9]+)/delete$', views.complianceperiodsIdDeletePost.as_view()),
-    url(r'^complianceperiods/(?P<id>[0-9]+)$', views.complianceperiodsIdGet.as_view()),
+    url(r'^attachments/upload$', views_custom.attachmentsUploadPost.as_view()),
     url(r'^contacts/bulk$', views.contactsBulkPost.as_view()),
     url(r'^contacts$', views.contactsGet.as_view()),
     url(r'^contacts/(?P<id>[0-9]+)/delete$', views.contactsIdDeletePost.as_view()),
     url(r'^contacts/(?P<id>[0-9]+)$', views.contactsIdGet.as_view()),
-    url(r'^creditTrade/(?P<id>[0-9]+)/notes$', views_custom.creditTradeIdNotesGet.as_view()),
     url(r'^credittrades/bulk$', views.credittradesBulkPost.as_view()),
     url(r'^credittrades$', views.credittradesGet.as_view()),
     url(r'^credittrades/(?P<id>[0-9]+)/attachments$', views_custom.credittradesIdAttachmentsGet.as_view()),
     url(r'^credittrades/(?P<id>[0-9]+)/delete$', views.credittradesIdDeletePost.as_view()),
     url(r'^credittrades/(?P<id>[0-9]+)$', views.credittradesIdGet.as_view()),
     url(r'^credittrades/(?P<id>[0-9]+)/history$', views_custom.credittradesIdHistoryGet.as_view()),
-    url(r'^credittrades/(?P<id>[0-9]+)/history$', views_custom.credittradesIdHistoryPost.as_view()),
-    url(r'^credittrading/search$', views_custom.credittradingSearchGet.as_view()),
+    url(r'^credittrades/(?P<id>[0-9]+)/notes$', views_custom.credittradesIdNotesGet.as_view()),
+    url(r'^credittrades/search$', views_custom.credittradesSearchGet.as_view()),
     url(r'^credittradetradelogentries/bulk$', views.credittradetradelogentriesBulkPost.as_view()),
     url(r'^credittradetradelogentries$', views.credittradetradelogentriesGet.as_view()),
     url(r'^credittradetradelogentries/(?P<id>[0-9]+)/delete$', views.credittradetradelogentriesIdDeletePost.as_view()),
     url(r'^credittradetradelogentries/(?P<id>[0-9]+)$', views.credittradetradelogentriesIdGet.as_view()),
     url(r'^users/current/favourites/(?P<id>[0-9]+)/delete$', views_custom.usersCurrentFavouritesIdDeletePost.as_view()),
-    url(r'^users/current/favourites$', views_custom.usersCurrentFavouritesPost.as_view()),
     url(r'^users/current/favourites$', views_custom.usersCurrentFavouritesPut.as_view()),
-    url(r'^users/current/favourites/(?P<id>[0-9]+)$', views_custom.usersCurrentFavouritesTypeGet.as_view()),
+    url(r'^users/current/favourites/search$', views_custom.usersCurrentFavouritesSearchGet.as_view()),
     url(r'^users/current$', views_custom.usersCurrentGet.as_view()),
     url(r'^fuelsuppliers/bulk$', views.fuelsuppliersBulkPost.as_view()),
     url(r'^fuelsuppliers$', views.fuelsuppliersGet.as_view()),
@@ -84,7 +79,6 @@ def get(self, request):
     url(r'^fuelsuppliers/(?P<id>[0-9]+)/delete$', views.fuelsuppliersIdDeletePost.as_view()),
     url(r'^fuelsuppliers/(?P<id>[0-9]+)$', views.fuelsuppliersIdGet.as_view()),
     url(r'^fuelsuppliers/(?P<id>[0-9]+)/history$', views_custom.fuelsuppliersIdHistoryGet.as_view()),
-    url(r'^fuelsuppliers/(?P<id>[0-9]+)/history$', views_custom.fuelsuppliersIdHistoryPost.as_view()),
     url(r'^fuelsuppliers/(?P<id>[0-9]+)/notes$', views_custom.fuelsuppliersIdNotesGet.as_view()),
     url(r'^fuelsuppliers/search$', views_custom.fuelsuppliersSearchGet.as_view()),
     url(r'^groups/bulk$', views.groupsBulkPost.as_view()),
@@ -92,6 +86,10 @@ def get(self, request):
     url(r'^groups/(?P<id>[0-9]+)/delete$', views.groupsIdDeletePost.as_view()),
     url(r'^groups/(?P<id>[0-9]+)$', views.groupsIdGet.as_view()),
     url(r'^groups/(?P<id>[0-9]+)/users$', views_custom.groupsIdUsersGet.as_view()),
+    url(r'^groupmemberships/bulk$', views.groupmembershipsBulkPost.as_view()),
+    url(r'^groupmemberships$', views.groupmembershipsGet.as_view()),
+    url(r'^groupmemberships/(?P<id>[0-9]+)/delete$', views.groupmembershipsIdDeletePost.as_view()),
+    url(r'^groupmemberships/(?P<id>[0-9]+)$', views.groupmembershipsIdGet.as_view()),
     url(r'^histories/bulk$', views.historiesBulkPost.as_view()),
     url(r'^histories$', views.historiesGet.as_view()),
     url(r'^histories/(?P<id>[0-9]+)/delete$', views.historiesIdDeletePost.as_view()),
@@ -112,6 +110,10 @@ def get(self, request):
     url(r'^notificationevents$', views.notificationeventsGet.as_view()),
     url(r'^notificationevents/(?P<id>[0-9]+)/delete$', views.notificationeventsIdDeletePost.as_view()),
     url(r'^notificationevents/(?P<id>[0-9]+)$', views.notificationeventsIdGet.as_view()),
+    url(r'^offers/bulk$', views.offersBulkPost.as_view()),
+    url(r'^offers$', views.offersGet.as_view()),
+    url(r'^offers/(?P<id>[0-9]+)/delete$', views.offersIdDeletePost.as_view()),
+    url(r'^offers/(?P<id>[0-9]+)$', views.offersIdGet.as_view()),
     url(r'^permissions/bulk$', views.permissionsBulkPost.as_view()),
     url(r'^permissions$', views.permissionsGet.as_view()),
     url(r'^permissions/(?P<id>[0-9]+)/delete$', views.permissionsIdDeletePost.as_view()),
@@ -121,26 +123,25 @@ def get(self, request):
     url(r'^roles/(?P<id>[0-9]+)/delete$', views.rolesIdDeletePost.as_view()),
     url(r'^roles/(?P<id>[0-9]+)$', views.rolesIdGet.as_view()),
     url(r'^roles/(?P<id>[0-9]+)/permissions$', views_custom.rolesIdPermissionsGet.as_view()),
-    url(r'^roles/(?P<id>[0-9]+)/permissions$', views_custom.rolesIdPermissionsPost.as_view()),
-    url(r'^roles/(?P<id>[0-9]+)/permissions$', views_custom.rolesIdPermissionsPut.as_view()),
     url(r'^roles/(?P<id>[0-9]+)/users$', views_custom.rolesIdUsersGet.as_view()),
-    url(r'^roles/(?P<id>[0-9]+)/users$', views_custom.rolesIdUsersPut.as_view()),
+    url(r'^rolepermissions/bulk$', views.rolepermissionsBulkPost.as_view()),
+    url(r'^rolepermissions$', views.rolepermissionsGet.as_view()),
+    url(r'^rolepermissions/(?P<id>[0-9]+)/delete$', views.rolepermissionsIdDeletePost.as_view()),
+    url(r'^rolepermissions/(?P<id>[0-9]+)$', views.rolepermissionsIdGet.as_view()),
     url(r'^users/bulk$', views.usersBulkPost.as_view()),
     url(r'^users$', views.usersGet.as_view()),
     url(r'^users/(?P<id>[0-9]+)/delete$', views.usersIdDeletePost.as_view()),
     url(r'^users/(?P<id>[0-9]+)/favourites$', views_custom.usersIdFavouritesGet.as_view()),
-    url(r'^users/(?P<id>[0-9]+)/favourites$', views_custom.usersIdFavouritesPost.as_view()),
-    url(r'^users/(?P<id>[0-9]+)/favourites$', views_custom.usersIdFavouritesPut.as_view()),
     url(r'^users/(?P<id>[0-9]+)$', views.usersIdGet.as_view()),
     url(r'^users/(?P<id>[0-9]+)/groups$', views_custom.usersIdGroupsGet.as_view()),
-    url(r'^users/(?P<id>[0-9]+)/groups$', views_custom.usersIdGroupsPost.as_view()),
-    url(r'^users/(?P<id>[0-9]+)/groups$', views_custom.usersIdGroupsPut.as_view()),
     url(r'^users/(?P<id>[0-9]+)/notifications$', views_custom.usersIdNotificationsGet.as_view()),
     url(r'^users/(?P<id>[0-9]+)/permissions$', views_custom.usersIdPermissionsGet.as_view()),
     url(r'^users/(?P<id>[0-9]+)/roles$', views_custom.usersIdRolesGet.as_view()),
-    url(r'^users/(?P<id>[0-9]+)/roles$', views_custom.usersIdRolesPost.as_view()),
-    url(r'^users/(?P<id>[0-9]+)/roles$', views_custom.usersIdRolesPut.as_view()),
-    url(r'^users/search$', views_custom.usersSearchGet.as_view())
+    url(r'^users/search$', views_custom.usersSearchGet.as_view()),
+    url(r'^userroles/bulk$', views.userrolesBulkPost.as_view()),
+    url(r'^userroles$', views.userrolesGet.as_view()),
+    url(r'^userroles/(?P<id>[0-9]+)/delete$', views.userrolesIdDeletePost.as_view()),
+    url(r'^userroles/(?P<id>[0-9]+)$', views.userrolesIdGet.as_view())
 ]
 
 urlpatterns = format_suffix_patterns(urlpatterns)
diff --git a/server/views.py b/server/views.py
index 9a5cfccc2..14f766c8f 100644
--- a/server/views.py
+++ b/server/views.py
@@ -30,7 +30,6 @@
 from .models.Attachment import Attachment
 from .models.AttachmentViewModel import AttachmentViewModel
 from .models.Audit import Audit
-from .models.CompliancePeriod import CompliancePeriod
 from .models.Contact import Contact
 from .models.CreditTrade import CreditTrade
 from .models.CreditTradeLogEntry import CreditTradeLogEntry
@@ -47,6 +46,7 @@
 from .models.Notification import Notification
 from .models.NotificationEvent import NotificationEvent
 from .models.NotificationViewModel import NotificationViewModel
+from .models.Offer import Offer
 from .models.Permission import Permission
 from .models.PermissionViewModel import PermissionViewModel
 from .models.Role import Role
@@ -110,15 +110,6 @@ def post(self, request, *args, **kwargs):
     return self.destroy(request, *args, **kwargs)
 
 
-class attachmentsIdDownloadGet(APIView):
-  """  
-  Returns the binary file component of an attachment  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
 class attachmentsIdGet(mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView):
   """  
   Gets a specific Attachment object  
@@ -138,117 +129,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class attachmentsIdPut(APIView):
-  """  
-  Updates a specific Attachment object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Attachment.objects.all()  
-  serializer_class = serializers.AttachmentSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class attachmentsPost(APIView):
-  """  
-  Creates a new Attachment object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Attachment.objects.all()  
-  serializer_class = serializers.AttachmentSerializer  
-  def post(self, request, item):
-    return Response()
-
-class complianceperiodsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
-  """  
-  Bulk create / update a number of CompliancePeriod object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CompliancePeriod.objects.all()  
-  serializer_class = serializers.CompliancePeriodSerializer
-  def post(self, request, *args, **kwargs):
-    """
-    Creates a number of new CompliancePeriod objects
-    """
-    return self.create(request, *args, **kwargs)
-
-class complianceperiodsGet(mixins.ListModelMixin, mixins.CreateModelMixin, generics.GenericAPIView):
-  """  
-  Lists available CompliancePeriod objects  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CompliancePeriod.objects.all()  
-  serializer_class = serializers.CompliancePeriodSerializer
-  def get(self, request, *args, **kwargs):
-    """
-    Lists available CompliancePeriod objects
-    """
-    return self.list(request, *args, **kwargs)
-  def post(self, request, *args, **kwargs):
-    """
-    Creates a new CompliancePeriod object
-    """
-    return self.create(request, *args, **kwargs)
-
-class complianceperiodsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific CompliancePeriod object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CompliancePeriod.objects.all()  
-  serializer_class = serializers.CompliancePeriodSerializer
-  def post(self, request, *args, **kwargs):
-    """
-    Destroys the specified CompliancePeriod object
-    """
-    return self.destroy(request, *args, **kwargs)
-
-
-class complianceperiodsIdGet(mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView):
-  """  
-  Gets a specific CompliancePeriod object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CompliancePeriod.objects.all()  
-  serializer_class = serializers.CompliancePeriodSerializer
-  def get(self, request, *args, **kwargs):
-    """
-    Retrieves the specified CompliancePeriod object
-    """
-    return self.retrieve(request, *args, **kwargs)
-  def put(self, request, *args, **kwargs):
-    """
-    Updates the specified CompliancePeriod object
-    """
-    return self.update(request, *args, **kwargs)
-
-class complianceperiodsIdPut(APIView):
-  """  
-  Updates a specific CompliancePeriod object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CompliancePeriod.objects.all()  
-  serializer_class = serializers.CompliancePeriodSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class complianceperiodsPost(APIView):
-  """  
-  Creates a new CompliancePeriod object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CompliancePeriod.objects.all()  
-  serializer_class = serializers.CompliancePeriodSerializer  
-  def post(self, request, item):
-    return Response()
-
 class contactsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of Contact object  
@@ -316,37 +196,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class contactsIdPut(APIView):
-  """  
-  Updates a specific Contact object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Contact.objects.all()  
-  serializer_class = serializers.ContactSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class contactsPost(APIView):
-  """  
-  Creates a new Contact object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Contact.objects.all()  
-  serializer_class = serializers.ContactSerializer  
-  def post(self, request, item):
-    return Response()
-
-class creditTradeIdNotesGet(APIView):
-  """  
-  Returns notes for a particular CreditTrade  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
 class credittradesBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of CreditTrade object  
@@ -380,15 +229,6 @@ def post(self, request, *args, **kwargs):
     """
     return self.create(request, *args, **kwargs)
 
-class credittradesIdAttachmentsGet(APIView):
-  """  
-  Returns attachments for a particular CreditTrade  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
 class credittradesIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
   """  
   Deletes a specific CreditTrade object  
@@ -423,55 +263,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class credittradesIdHistoryGet(APIView):
-  """  
-  Returns History for a particular CreditTrade  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id, offset = None, limit = None):
-    return Response()
-
-class credittradesIdHistoryPost(APIView):
-  """  
-  Add a History record to the CreditTrade  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def post(self, request, id, item):
-    return Response()
-
-class credittradesIdPut(APIView):
-  """  
-  Updates a specific CreditTrade object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CreditTrade.objects.all()  
-  serializer_class = serializers.CreditTradeSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class credittradesPost(APIView):
-  """  
-  Creates a new CreditTrade object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CreditTrade.objects.all()  
-  serializer_class = serializers.CreditTradeSerializer  
-  def post(self, request, item):
-    return Response()
-
-class credittradingSearchGet(APIView):
-  """  
-  Searches credit trades  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, organization = None, tradeType = None, status = None, dateType = None, startDate = None, endDate = None):
-    return Response()
-
 class credittradetradelogentriesBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of CreditTradeLogEntry object  
@@ -539,73 +330,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class credittradetradelogentriesIdPut(APIView):
-  """  
-  Updates a specific CreditTradeLogEntry object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CreditTradeLogEntry.objects.all()  
-  serializer_class = serializers.CreditTradeLogEntrySerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class credittradetradelogentriesPost(APIView):
-  """  
-  Creates a new CreditTradeLogEntry object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = CreditTradeLogEntry.objects.all()  
-  serializer_class = serializers.CreditTradeLogEntrySerializer  
-  def post(self, request, item):
-    return Response()
-
-class usersCurrentFavouritesIdDeletePost(APIView):
-  """  
-  Removes a specific user favourite  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def post(self, request, id):
-    return Response()
-
-class usersCurrentFavouritesPost(APIView):
-  """  
-  Create new favourite for the current user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def post(self, request, item):
-    return Response()
-
-class usersCurrentFavouritesPut(APIView):
-  """  
-  Updates a favourite  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def put(self, request, item):
-    return Response()
-
-class usersCurrentFavouritesTypeGet(APIView):
-  """  
-  Returns a user's favourites of a given type.  If type is empty, returns all.  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, type):
-    return Response()
-
-class usersCurrentGet(APIView):
-  """  
-  Get the currently logged in user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, ):
-    return Response()
-
 class fuelsuppliersBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of FuelSupplier object  
@@ -639,15 +363,6 @@ def post(self, request, *args, **kwargs):
     """
     return self.create(request, *args, **kwargs)
 
-class fuelsuppliersIdAttachmentsGet(APIView):
-  """  
-  Returns attachments for a particular FuelSupplier  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
 class fuelsuppliersIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
   """  
   Deletes a specific FuelSupplier object  
@@ -682,64 +397,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class fuelsuppliersIdHistoryGet(APIView):
-  """  
-  Returns History for a particular FuelSupplier  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id, offset = None, limit = None):
-    return Response()
-
-class fuelsuppliersIdHistoryPost(APIView):
-  """  
-  Add a History record to the FuelSupplier  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def post(self, request, id, item):
-    return Response()
-
-class fuelsuppliersIdNotesGet(APIView):
-  """  
-  Returns notes for a particular FuelSupplier  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
-class fuelsuppliersIdPut(APIView):
-  """  
-  Updates a specific FuelSupplier object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = FuelSupplier.objects.all()  
-  serializer_class = serializers.FuelSupplierSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class fuelsuppliersPost(APIView):
-  """  
-  Creates a new FuelSupplier object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = FuelSupplier.objects.all()  
-  serializer_class = serializers.FuelSupplierSerializer  
-  def post(self, request, item):
-    return Response()
-
-class fuelsuppliersSearchGet(APIView):
-  """  
-  Searches fuel suppliers  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, fuelSupplierName = None, includeInactive = None):
-    return Response()
-
 class groupsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of Group object  
@@ -807,36 +464,72 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class groupsIdPut(APIView):
+class groupmembershipsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
-  Updates a specific Group object  
+  Bulk create / update a number of GroupMembership object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  queryset = Group.objects.all()  
-  serializer_class = serializers.GroupSerializer  
-  def put(self, request, id, item):
-    return Response()
+  queryset = GroupMembership.objects.all()  
+  serializer_class = serializers.GroupMembershipSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a number of new GroupMembership objects
+    """
+    return self.create(request, *args, **kwargs)
 
-class groupsIdUsersGet(APIView):
+class groupmembershipsGet(mixins.ListModelMixin, mixins.CreateModelMixin, generics.GenericAPIView):
   """  
-  returns users in a given Group  
+  Lists available GroupMembership objects  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
+  queryset = GroupMembership.objects.all()  
+  serializer_class = serializers.GroupMembershipSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Lists available GroupMembership objects
+    """
+    return self.list(request, *args, **kwargs)
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a new GroupMembership object
+    """
+    return self.create(request, *args, **kwargs)
 
-class groupsPost(APIView):
+class groupmembershipsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
   """  
-  Creates a new Group object  
+  Deletes a specific GroupMembership object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  queryset = Group.objects.all()  
-  serializer_class = serializers.GroupSerializer  
-  def post(self, request, item):
-    return Response()
+  queryset = GroupMembership.objects.all()  
+  serializer_class = serializers.GroupMembershipSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Destroys the specified GroupMembership object
+    """
+    return self.destroy(request, *args, **kwargs)
+
+
+class groupmembershipsIdGet(mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView):
+  """  
+  Gets a specific GroupMembership object  
+  """
+  lookup_field = 'id'
+  permission_classes = (permissions.AllowAny,)  
+  queryset = GroupMembership.objects.all()  
+  serializer_class = serializers.GroupMembershipSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Retrieves the specified GroupMembership object
+    """
+    return self.retrieve(request, *args, **kwargs)
+  def put(self, request, *args, **kwargs):
+    """
+    Updates the specified GroupMembership object
+    """
+    return self.update(request, *args, **kwargs)
 
 class historiesBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
@@ -905,28 +598,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class historiesIdPut(APIView):
-  """  
-  Updates a specific History object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = History.objects.all()  
-  serializer_class = serializers.HistorySerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class historiesPost(APIView):
-  """  
-  Creates a new History object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = History.objects.all()  
-  serializer_class = serializers.HistorySerializer  
-  def post(self, request, item):
-    return Response()
-
 class lookuplistsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of LookupList object  
@@ -994,28 +665,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class lookuplistsIdPut(APIView):
-  """  
-  Updates a specific LookupList object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = LookupList.objects.all()  
-  serializer_class = serializers.LookupListSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class lookuplistsPost(APIView):
-  """  
-  Creates a new LookupList object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = LookupList.objects.all()  
-  serializer_class = serializers.LookupListSerializer  
-  def post(self, request, item):
-    return Response()
-
 class notesBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of Note object  
@@ -1083,28 +732,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class notesIdPut(APIView):
-  """  
-  Updates a specific Note object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Note.objects.all()  
-  serializer_class = serializers.NoteSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class notesPost(APIView):
-  """  
-  Creates a new Note object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Note.objects.all()  
-  serializer_class = serializers.NoteSerializer  
-  def post(self, request, item):
-    return Response()
-
 class notificationsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of Notification object  
@@ -1172,28 +799,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class notificationsIdPut(APIView):
-  """  
-  Updates a specific Notification object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Notification.objects.all()  
-  serializer_class = serializers.NotificationSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class notificationsPost(APIView):
-  """  
-  Creates a new Notification object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Notification.objects.all()  
-  serializer_class = serializers.NotificationSerializer  
-  def post(self, request, item):
-    return Response()
-
 class notificationeventsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of NotificationEvent object  
@@ -1261,27 +866,72 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class notificationeventsIdPut(APIView):
+class offersBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
-  Updates a specific NotificationEvent object  
+  Bulk create / update a number of Offer object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  queryset = NotificationEvent.objects.all()  
-  serializer_class = serializers.NotificationEventSerializer  
-  def put(self, request, id, item):
-    return Response()
+  queryset = Offer.objects.all()  
+  serializer_class = serializers.OfferSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a number of new Offer objects
+    """
+    return self.create(request, *args, **kwargs)
 
-class notificationeventsPost(APIView):
+class offersGet(mixins.ListModelMixin, mixins.CreateModelMixin, generics.GenericAPIView):
   """  
-  Creates a new NotificationEvent object  
+  Lists available Offer objects  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  queryset = NotificationEvent.objects.all()  
-  serializer_class = serializers.NotificationEventSerializer  
-  def post(self, request, item):
-    return Response()
+  queryset = Offer.objects.all()  
+  serializer_class = serializers.OfferSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Lists available Offer objects
+    """
+    return self.list(request, *args, **kwargs)
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a new Offer object
+    """
+    return self.create(request, *args, **kwargs)
+
+class offersIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
+  """  
+  Deletes a specific Offer object  
+  """
+  lookup_field = 'id'
+  permission_classes = (permissions.AllowAny,)  
+  queryset = Offer.objects.all()  
+  serializer_class = serializers.OfferSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Destroys the specified Offer object
+    """
+    return self.destroy(request, *args, **kwargs)
+
+
+class offersIdGet(mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView):
+  """  
+  Gets a specific Offer object  
+  """
+  lookup_field = 'id'
+  permission_classes = (permissions.AllowAny,)  
+  queryset = Offer.objects.all()  
+  serializer_class = serializers.OfferSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Retrieves the specified Offer object
+    """
+    return self.retrieve(request, *args, **kwargs)
+  def put(self, request, *args, **kwargs):
+    """
+    Updates the specified Offer object
+    """
+    return self.update(request, *args, **kwargs)
 
 class permissionsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
@@ -1350,28 +1000,6 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class permissionsIdPut(APIView):
-  """  
-  Updates a specific PermissionViewModel object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Permission.objects.all()  
-  serializer_class = serializers.PermissionSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class permissionsPost(APIView):
-  """  
-  Creates a new PermissionViewModel object  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = Permission.objects.all()  
-  serializer_class = serializers.PermissionSerializer  
-  def post(self, request, item):
-    return Response()
-
 class rolesBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
   Bulk create / update a number of RoleViewModel object  
@@ -1439,72 +1067,72 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class rolesIdPermissionsGet(APIView):
+class rolepermissionsBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
-  Get all the permissions for a role  
+  Bulk create / update a number of RolePermission object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
-class rolesIdPermissionsPost(APIView):
-  """  
-  Adds a permissions to a role  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def post(self, request, id, item):
-    return Response()
-
-class rolesIdPermissionsPut(APIView):
-  """  
-  Updates the permissions for a role  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def put(self, request, id, items):
-    return Response()
+  queryset = RolePermission.objects.all()  
+  serializer_class = serializers.RolePermissionSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a number of new RolePermission objects
+    """
+    return self.create(request, *args, **kwargs)
 
-class rolesIdPut(APIView):
+class rolepermissionsGet(mixins.ListModelMixin, mixins.CreateModelMixin, generics.GenericAPIView):
   """  
-  Updates a specific RoleViewModel object  
+  Lists available RolePermission objects  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  queryset = Role.objects.all()  
-  serializer_class = serializers.RoleSerializer  
-  def put(self, request, id, item):
-    return Response()
+  queryset = RolePermission.objects.all()  
+  serializer_class = serializers.RolePermissionSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Lists available RolePermission objects
+    """
+    return self.list(request, *args, **kwargs)
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a new RolePermission object
+    """
+    return self.create(request, *args, **kwargs)
 
-class rolesIdUsersGet(APIView):
+class rolepermissionsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
   """  
-  Gets all the users for a role  
+  Deletes a specific RolePermission object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
+  queryset = RolePermission.objects.all()  
+  serializer_class = serializers.RolePermissionSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Destroys the specified RolePermission object
+    """
+    return self.destroy(request, *args, **kwargs)
 
-class rolesIdUsersPut(APIView):
-  """  
-  Updates the users for a role  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def put(self, request, id, items):
-    return Response()
 
-class rolesPost(APIView):
+class rolepermissionsIdGet(mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView):
   """  
-  Creates a new RoleViewModel object  
+  Gets a specific RolePermission object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  queryset = Role.objects.all()  
-  serializer_class = serializers.RoleSerializer  
-  def post(self, request, item):
-    return Response()
+  queryset = RolePermission.objects.all()  
+  serializer_class = serializers.RolePermissionSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Retrieves the specified RolePermission object
+    """
+    return self.retrieve(request, *args, **kwargs)
+  def put(self, request, *args, **kwargs):
+    """
+    Updates the specified RolePermission object
+    """
+    return self.update(request, *args, **kwargs)
 
 class usersBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
@@ -1554,33 +1182,6 @@ def post(self, request, *args, **kwargs):
     return self.destroy(request, *args, **kwargs)
 
 
-class usersIdFavouritesGet(APIView):
-  """  
-  Returns the favourites for a user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
-class usersIdFavouritesPost(APIView):
-  """  
-  Adds favourites to a user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def post(self, request, id, item):
-    return Response()
-
-class usersIdFavouritesPut(APIView):
-  """  
-  Updates the favourites for a user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def put(self, request, id, items):
-    return Response()
-
 class usersIdGet(mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView):
   """  
   Returns data for a particular user  
@@ -1600,107 +1201,71 @@ def put(self, request, *args, **kwargs):
     """
     return self.update(request, *args, **kwargs)
 
-class usersIdGroupsGet(APIView):
+class userrolesBulkPost(BulkCreateModelMixin, generics.GenericAPIView):
   """  
-  Returns all groups that a user is a member of  
+  Bulk create / update a number of UserRole object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
-class usersIdGroupsPost(APIView):
-  """  
-  Add to the active set of groups for a user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def post(self, request, id, item):
-    return Response()
-
-class usersIdGroupsPut(APIView):
-  """  
-  Updates the active set of groups for a user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def put(self, request, id, items):
-    return Response()
-
-class usersIdNotificationsGet(APIView):
-  """  
-  Returns a user's notifications  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
-class usersIdPermissionsGet(APIView):
-  """  
-  Returns the set of permissions for a user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
-
-class usersIdPut(APIView):
-  """  
-    
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = User.objects.all()  
-  serializer_class = serializers.UserSerializer  
-  def put(self, request, id, item):
-    return Response()
-
-class usersIdRolesGet(APIView):
-  """  
-  Returns the roles for a user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  def get(self, request, id):
-    return Response()
+  queryset = UserRole.objects.all()  
+  serializer_class = serializers.UserRoleSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a number of new UserRole objects
+    """
+    return self.create(request, *args, **kwargs)
 
-class usersIdRolesPost(APIView):
+class userrolesGet(mixins.ListModelMixin, mixins.CreateModelMixin, generics.GenericAPIView):
   """  
-  Adds a role to a user  
+  Lists available UserRole objects  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  def post(self, request, id, item):
-    return Response()
+  queryset = UserRole.objects.all()  
+  serializer_class = serializers.UserRoleSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Lists available UserRole objects
+    """
+    return self.list(request, *args, **kwargs)
+  def post(self, request, *args, **kwargs):
+    """
+    Creates a new UserRole object
+    """
+    return self.create(request, *args, **kwargs)
 
-class usersIdRolesPut(APIView):
+class userrolesIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
   """  
-  Updates the roles for a user  
+  Deletes a specific UserRole object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  def put(self, request, id, items):
-    return Response()
+  queryset = UserRole.objects.all()  
+  serializer_class = serializers.UserRoleSerializer
+  def post(self, request, *args, **kwargs):
+    """
+    Destroys the specified UserRole object
+    """
+    return self.destroy(request, *args, **kwargs)
 
-class usersPost(APIView):
-  """  
-  Create new user  
-  """
-  lookup_field = 'id'
-  permission_classes = (permissions.AllowAny,)  
-  queryset = User.objects.all()  
-  serializer_class = serializers.UserSerializer  
-  def post(self, request, item):
-    return Response()
 
-class usersSearchGet(APIView):
+class userrolesIdGet(mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView):
   """  
-  Searches Users  
+  Gets a specific UserRole object  
   """
   lookup_field = 'id'
   permission_classes = (permissions.AllowAny,)  
-  def get(self, request, fuelSuppliers = None, surname = None, includeInactive = None):
-    return Response()
+  queryset = UserRole.objects.all()  
+  serializer_class = serializers.UserRoleSerializer
+  def get(self, request, *args, **kwargs):
+    """
+    Retrieves the specified UserRole object
+    """
+    return self.retrieve(request, *args, **kwargs)
+  def put(self, request, *args, **kwargs):
+    """
+    Updates the specified UserRole object
+    """
+    return self.update(request, *args, **kwargs)
 
 
diff --git a/server/views_custom.py b/server/views_custom.py
index b3a11bf3e..8a6655d6d 100644
--- a/server/views_custom.py
+++ b/server/views_custom.py
@@ -18,6 +18,9 @@
     See the License for the specific language governing permissions and
     limitations under the License.
 """
+import sys
+import json
+from django.http import HttpResponse
 
 from rest_framework.views import APIView
 from rest_framework.response import Response
@@ -64,230 +67,205 @@
 
 # Custom views.  This file is hand edited.
 
-class attachmentsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific Attachment object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class attachmentsIdDownloadGet(APIView):
-  """  
-  Returns the binary file component of an attachment  
-  """
-  # enter code for this routine here.        
-  
+class attachmentsIdDownloadGet(APIView):  
   def get(self, request, id):
-    return Response()
-
-class attachmentsIdPut(APIView):
-  """  
-  Updates a specific Attachment object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class attachmentsPost(APIView):
-  """  
-  Creates a new Attachment object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class complianceperiodsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific CompliancePeriod object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class complianceperiodsIdPut(APIView):
-  """  
-  Updates a specific CompliancePeriod object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class complianceperiodsPost(APIView):
-  """  
-  Creates a new CompliancePeriod object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class contactsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific Contact object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class contactsIdPut(APIView):
-  """  
-  Updates a specific Contact object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class contactsPost(APIView):
-  """  
-  Creates a new Contact object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class creditTradeIdNotesGet(APIView):
+    """  
+    Returns the binary file component of an attachment  
+    """
+    try:
+      attachment = Attachment.objects.get(id=id)
+      response = HttpResponse(attachment.fileContents, content_type='application/octet-stream')
+      response['Content-Disposition'] = 'attachment; filename=' + attachment.fileName
+      response['Content-Length'] = sys.getsizeof(attachment.fileContents)    
+      return response  
+    except Attachment.DoesNotExist:
+      return HttpResponse(status=404)
+
+class attachmentsUploadPost(APIView):
+  def get(self, request):
+    """  
+    File upload form.  
+    """     
+    return HttpResponse("<html><body><form method=\"post\" action=\"/api/attachments/upload\" enctype=\"multipart/form-data\"><input type=\"file\" name = \"file\" /><br>Description <input type=text name=description><br>Type <input type=text name=type><br><input type = \"submit\" value = \"Upload\" /></body></html>")
+
+  def post(self, request):
+    """  
+    Accepts a new file upload.  
+    """
+    jsonString = self.request.POST['item']
+    data = json.loads(jsonString)
+    fileName = request.FILES['file'].name
+    fileData = request.FILES['file'].read()
+    attachment = Attachment(fileContents=fileData, fileName=fileName, description=data['description'],type=data['type'])    
+    attachment.save()
+    # convert the attachment to json.
+    serializer = serializers.AttachmentSerializer(attachment)
+    return Response(serializer.data)
+
+class credittradesIdNotesGet(APIView):
   """  
   Returns notes for a particular CreditTrade  
   """
   # enter code for this routine here.        
   
-  def get(self, request, id):
-    return Response()
+  def get(self, request, id):     
+    """
+    Returns notes for a particular CreditTrade
+    """
+    creditTrade = CreditTrade.objects.filter(id=id)    
+    serializer = serializers.NotesSerializer(creditTrade.notes, many=True)    
+    return Response(serializer.data)
+
+  def post(self, request, id ): 
+    """
+    Add a note to the creditTrade
+    """
+    creditTrade = CreditTrade.objects.get(id=id)   
+    # the body of the post is the data to be added.
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    note = Note(noteText=data['noteText'], isNoLongerRelevant=data['isNoLongerRelevant'])
+    note.save()
+    creditTrade.notes.add(note)
+    creditTrade.save()
+    serializer = serializers.NoteSerializer(note)
+    return Response(serializer.data)
+
+class credittradesIdAttachmentsGet(mixins.CreateModelMixin, APIView):
+  lookup_field = 'id'
+  permission_classes = (permissions.AllowAny,)  
+  queryset = Attachment.objects.all()  
+  serializer_class = serializers.AttachmentSerializer
 
-class credittradesIdAttachmentsGet(APIView):
-  """  
-  Returns attachments for a particular CreditTrade  
-  """
-  # enter code for this routine here.        
-  
   def get(self, request, id):
-    return Response()
+    """  
+    Returns attachments for a particular CreditTrade  
+    """
+    creditTrade = CreditTrade.objects.get(id=id)    
+    serializer = AttachmentSerializer(creditTrade.attachments, many=True)
+    return Response(serializer.data)
 
-class credittradesIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific CreditTrade object  
-  """
-  # enter code for this routine here.        
-  
   def post(self, request, id):
-    return Response()
-
-class credittradesIdHistoryGet(APIView):
-  """  
-  Returns History for a particular CreditTrade  
-  """
-  # enter code for this routine here.        
-  
+    """  
+    Accepts a new file upload.  
+    """
+    jsonString = request.body.decode('utf-8')
+    jsonString = self.request.POST['item']
+    data = json.loads(jsonString)
+    fileName = request.FILES['file'].name
+    fileData = request.FILES['file'].read()
+    attachment = Attachment(fileContents=fileData, fileName=fileName, description=data['description'],type=data['type'])    
+    attachment.save()
+    creditTrade = CreditTrade.objects.get(id=id)   
+    creditTrade.attachments.add (attachment)
+    creditTrade.save()
+    serializer = serializers.AttachmentSerializer(attachment)
+    return Response(serializer.data)
+
+class credittradesIdHistoryGet(mixins.CreateModelMixin, APIView):
+  lookup_field = 'id'
+  permission_classes = (permissions.AllowAny,)  
+  queryset = History.objects.all()  
+  serializer_class = serializers.HistorySerializer
+     
   def get(self, request, id, offset = None, limit = None):
-    return Response()
+    """  
+    Returns History for a particular CreditTrade  
+    """
+    creditTrade = CreditTrade.objects.filter(id=id)    
+    serializer = serializers.HistorySerializer(creditTrade.history, many=True)
+    return Response(serializer.data)
 
-class credittradesIdHistoryPost(APIView):
-  """  
-  Add a History record to the CreditTrade  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id, item):
-    return Response()
-
-class credittradesIdPut(APIView):
-  """  
-  Updates a specific CreditTrade object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class credittradesPost(APIView):
-  """  
-  Creates a new CreditTrade object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class credittradingSearchGet(APIView):
-  """  
-  Searches credit trades  
-  """
-  # enter code for this routine here.        
-  
-  def get(self, request, organization = None, tradeType = None, status = None, dateType = None, startDate = None, endDate = None):
-    return Response()
-
-class credittradetradelogentriesIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific CreditTradeLogEntry object  
-  """
-  # enter code for this routine here.        
-  
   def post(self, request, id):
-    return Response()
-
-class credittradetradelogentriesIdPut(APIView):
+    """  
+    Add a History record to the CreditTrade  
+    """
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    history = History(historyText=data['historyText'])
+    history.save()
+
+    creditTrade = CreditTrade.objects.get(id=id)       
+    creditTrade.history.add(history)
+    creditTrade.save()
+    serializer = serializers.HistorySerializer(history)
+    return Response(serializer.data)
+
+class credittradesSearchGet(APIView):
   """  
-  Updates a specific CreditTradeLogEntry object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class credittradetradelogentriesPost(APIView):
+  Searches credit trades  
   """  
-  Creates a new CreditTradeLogEntry object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
+  def get(self, request, organization = None, tradeType = None, status = None, dateType = None, startDate = None, endDate = None):
+    result = CreditTrade.objects.all()
+    if organization != None:
+       result = result.filter(organization__icontains = organization)
+    if status != None:
+       result = result.filter(status__icontains = status)
+    if dateType != None:
+       result = result.filter(dateType = dateType)
+    if startDate != None:
+        result = result.filter(tradeExecutionDate__gt = startDate, tradeExecutionDate__lt = endDate)
+    if endDate != None:
+        result = result.filter(tradeExecutionDate__lt = endDate)
+       
+    serializer = serializers.CreditTradeSerializer(result, many=True)
+    return Response(serializer.data)    
 
 class usersCurrentFavouritesIdDeletePost(APIView):
   """  
   Removes a specific user favourite  
-  """
-  # enter code for this routine here.        
-  
+  """  
   def post(self, request, id):
-    return Response()
+    userFavourite = UserFavourite.objects.get(id=id)
+    userFavourite.remove()
+    serializer = serializers.UserFavouriteSerializer(userFavourite)
+    return Response(serializer.data)
 
-class usersCurrentFavouritesPost(APIView):
+class usersCurrentFavouritesPut(APIView):
   """  
   Create new favourite for the current user  
   """
-  # enter code for this routine here.        
   
-  def post(self, request, item):
-    return Response()
+  def post(self, request):    
+    user = User.objects.all()[0] # replace with getcurrentuserid    
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    userFavourite = UserFavourite(type = data['type'], name = data['name'], value = data['value'], isDefault = data['isDefault'], user = user)
+    userFavourite.save()
+    serializer = serializers.UserFavouriteSerializer(userFavourite)
+    return Response(serializer.data)  
 
-class usersCurrentFavouritesPut(APIView):
-  """  
-  Updates a favourite  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, item):
-    return Response()
+  def put(self, request):
+    user = User.objects.all()[0] # replace with getcurrentuserid    
+    jsonString = request.body.decode('utf-8')
+    alldata = json.loads(jsonString)
+    # clear existing favourites.
+    UserFavourite.objects.filter(user=user).delete()
+
+    # add the replacement favourites
+    for data in alldata:
+      userFavourite = UserFavourite(type = data['type'], name = data['name'], value = data['value'], isDefault = data['isDefault'], user = user)
+      userFavourite.save()
+    result = UserFavourite.objects.filter(user=user)
+    serializer = serializers.UserFavouriteSerializer(result, many=True)
+    return Response(serializer.data)  
 
-class usersCurrentFavouritesTypeGet(APIView):
+class usersCurrentFavouritesSearchGet(APIView):
   """  
-  Returns a user's favourites of a given type.  If type is empty, returns all.  
+  Returns a user's favourites of a given type.   
   """
   # enter code for this routine here.        
   
-  def get(self, request, type):
-    return Response()
+  def get(self, request):
+    currentUser = User.objects.all()[0] # replace with current user
+    type = request.GET.get('type', None)
+    userFavourites = UserFavourite.objects.filter(user = currentUser)
+    if type != None:
+        userFavourites = userFavourites.filter(type = type)
+
+    serializer = serializers.UserFavouriteSerializer(userFavourites, many=True)
+    return Response(serializer.data)
+    
 
 class usersCurrentGet(APIView):
   """  
@@ -296,97 +274,106 @@ class usersCurrentGet(APIView):
   # enter code for this routine here.        
   
   def get(self, request, ):
-    return Response()
+    currentUser = User.objects.all()[0] # replace with current user
+    serializer = serializers.UserSerializer(currentUser)
+    return Response(serializer.data)
 
-class fuelsuppliersIdAttachmentsGet(APIView):
+class fuelsuppliersIdAttachmentsGet(mixins.CreateModelMixin, APIView):
   """  
   Returns attachments for a particular FuelSupplier  
   """
   # enter code for this routine here.        
-  
+  lookup_field = 'id'
+  permission_classes = (permissions.AllowAny,)  
+  queryset = History.objects.all()  
+  serializer_class = serializers.HistorySerializer
+
   def get(self, request, id):
-    return Response()
+    """  
+    Returns attachments for a particular Fuel Supplier  
+    """
+    fuelSupplier = FuelSupplier.objects.get(id=id)    
+    serializer = AttachmentSerializer(fuelSupplier.attachments, many=True)
+    return Response(serializer.data)
 
-class fuelsuppliersIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific FuelSupplier object  
-  """
-  # enter code for this routine here.        
-  
   def post(self, request, id):
-    return Response()
+    """  
+    Accepts a new file upload.  
+    """    
+    jsonString = self.request.POST['item']
+    data = json.loads(jsonString)
+    fileName = request.FILES['file'].name
+    fileData = request.FILES['file'].read()
+    attachment = Attachment(fileContents=fileData, fileName=fileName, description=data['description'],type=data['type'])    
+    attachment.save()
+    fuelSupplier = FuelSupplier.objects.get(id=id)   
+    fuelSupplier.attachments.add (attachment)
+    fuelSupplier.save()
+    serializer = serializers.AttachmentSerializer(attachment)
+    return Response(serializer.data)
 
 class fuelsuppliersIdHistoryGet(APIView):
   """  
   Returns History for a particular FuelSupplier  
-  """
-  # enter code for this routine here.        
-  
-  def get(self, request, id, offset = None, limit = None):
-    return Response()
-
-class fuelsuppliersIdHistoryPost(APIView):
-  """  
-  Add a History record to the FuelSupplier  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id, item):
-    return Response()
-
-class fuelsuppliersIdNotesGet(APIView):
-  """  
-  Returns notes for a particular FuelSupplier  
-  """
-  # enter code for this routine here.        
-  
-  def get(self, request, id):
-    return Response()
-
-class fuelsuppliersIdPut(APIView):
   """  
-  Updates a specific FuelSupplier object  
-  """
-  # enter code for this routine here.        
   
-  def put(self, request, id, item):
-    return Response()
+  def get(self, request, id, offset = None, limit = None):
+    fuelSupplier = FuelSupplier.objects.get(id=id)
+    serializer = serializers.HistorySerializer(fuelSupplier.history, many=true)
+    return Response(serializer.data)
 
-class fuelsuppliersPost(APIView):
-  """  
-  Creates a new FuelSupplier object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
+  def post(self, request, id):
+    """  
+    Add a History record to the FuelSupplier  
+    """
+    fuelSupplier = FuelSupplier.objects.get(id=id)
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    history = History(historyText=data['historyText'])
+    history.save()
+    fuelSupplier.history.add(history)
+    fuelSupplier.save()
+    serializer = serializers.HistorySerializer(history)
+    return Response(serializer.data)  
+
+class fuelsuppliersIdNotesGet(APIView):    
+  
+  def get(self, request, id):     
+    """
+    Returns notes for a particular FuelSupplier
+    """
+    fuelSupplier = FuelSupplier.objects.get(id=id)    
+    serializer = serializers.NotesSerializer(fuelSupplier.notes, many=True)    
+    return Response(serializer.data)
+
+  def post(self, request, id ): 
+    """
+    Add a note to the FuelSupplier
+    """
+    fuelSupplier = FuelSupplier.objects.get(id=id)   
+    # the body of the post is the data to be added.
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    note = Note(noteText=data['noteText'], isNoLongerRelevant=data['isNoLongerRelevant'])
+    note.save()
+    fuelSupplier.notes.add(note)
+    fuelSupplier.save()
+    serializer = serializers.NoteSerializer(note)
+    return Response(serializer.data)
 
 class fuelsuppliersSearchGet(APIView):
   """  
   Searches fuel suppliers  
-  """
-  # enter code for this routine here.        
-  
+  """   
   def get(self, request, fuelSupplierName = None, includeInactive = None):
-    return Response()
-
-class groupsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific Group object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class groupsIdPut(APIView):
-  """  
-  Updates a specific Group object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
+    result = FuelSupplier.objects.all()
+    if fuelSupplierName != None:
+       result = result.filter(name__icontains = fuelSupplierName)
+    if includeInactive == None or includeInactive == False:
+       result = result.filter(status__icontains = 'Active')
+        
+    serializer = serializers.FuelSupplierSerializer(result, many=True)
+    return Response(serializer.data)    
 
 class groupsIdUsersGet(APIView):
   """  
@@ -395,187 +382,11 @@ class groupsIdUsersGet(APIView):
   # enter code for this routine here.        
   
   def get(self, request, id):
-    return Response()
-
-class groupsPost(APIView):
-  """  
-  Creates a new Group object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class historiesIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific History object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class historiesIdPut(APIView):
-  """  
-  Updates a specific History object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class historiesPost(APIView):
-  """  
-  Creates a new History object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class lookuplistsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific LookupList object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class lookuplistsIdPut(APIView):
-  """  
-  Updates a specific LookupList object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class lookuplistsPost(APIView):
-  """  
-  Creates a new LookupList object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class notesIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific Note object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class notesIdPut(APIView):
-  """  
-  Updates a specific Note object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class notesPost(APIView):
-  """  
-  Creates a new Note object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class notificationsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific Notification object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class notificationsIdPut(APIView):
-  """  
-  Updates a specific Notification object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class notificationsPost(APIView):
-  """  
-  Creates a new Notification object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class notificationeventsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific NotificationEvent object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class notificationeventsIdPut(APIView):
-  """  
-  Updates a specific NotificationEvent object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class notificationeventsPost(APIView):
-  """  
-  Creates a new NotificationEvent object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class permissionsIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific PermissionViewModel object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
-class permissionsIdPut(APIView):
-  """  
-  Updates a specific PermissionViewModel object  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, item):
-    return Response()
-
-class permissionsPost(APIView):
-  """  
-  Creates a new PermissionViewModel object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class rolesIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a specific RoleViewModel object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
+    group = Group.objects.get (id = id)
+    groupMembership = GroupMembership.objects.filter(group=group)
+    serializer = serializers.GroupMembershipSerializer(groupMembership.users, many=True)
+    return Response(serializer.data)
+    
 
 class rolesIdPermissionsGet(APIView):
   """  
@@ -584,34 +395,40 @@ class rolesIdPermissionsGet(APIView):
   # enter code for this routine here.        
   
   def get(self, request, id):
-    return Response()
-
-class rolesIdPermissionsPost(APIView):
-  """  
-  Adds a permissions to a role  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id, item):
-    return Response()
-
-class rolesIdPermissionsPut(APIView):
-  """  
-  Updates the permissions for a role  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, items):
-    return Response()
-
-class rolesIdPut(APIView):
-  """  
-  Updates a specific RoleViewModel object  
-  """
-  # enter code for this routine here.        
+    role = Role.objects.get (id = id)
+    rolePermissions = RolePermission.objects.filter(role = role)    
+    serializer = serializers.RolePermissionSerializer(rolePermissions, many=True)
+    return Response(serializer.data)
   
-  def put(self, request, id, item):
-    return Response()
+  def post(self, request, id):
+    """  
+    Adds a permission to a role  
+    """
+    role = Role.objects.get (id = id)
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    permission = Permission.objects.get(id = data['permission'])
+    rolePermission = RolePermission(role = role, permission = permission)
+    rolePermission.save()
+    serializer = serializers.RolePermissionSerializer(rolePermission)
+    return Response(serializer.data)    
+
+  def put(self, request, id):
+    """  
+    Updates the permissions for a role  
+    """
+    role = Role.objects.get (id = id)
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    # start by clearing out any existing roles.
+    RolePermission.objects.filter(role=role).delete()
+    for row in data:
+        permission = Permission.objects.get(id = data['permission'])
+        rolePermission = RolePermission (permission = permission, role = role)
+        rolePermission.save()
+    results = RolePermission.objects.filter(role=role)
+    serializer = serializers.RolePermissionSerializer(results, many=True)
+    return Response(serializer.data)    
 
 class rolesIdUsersGet(APIView):
   """  
@@ -620,7 +437,9 @@ class rolesIdUsersGet(APIView):
   # enter code for this routine here.        
   
   def get(self, request, id):
-    return Response()
+    role = Role.objects.get (id = id)       
+    serializer = serializers.UserSerializer(role.users)
+    return Response(serializer.data)        
 
 class rolesIdUsersPut(APIView):
   """  
@@ -631,148 +450,161 @@ class rolesIdUsersPut(APIView):
   def put(self, request, id, items):
     return Response()
 
-class rolesPost(APIView):
-  """  
-  Creates a new RoleViewModel object  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
-    return Response()
-
-class usersIdDeletePost(mixins.DestroyModelMixin, generics.GenericAPIView):
-  """  
-  Deletes a user  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id):
-    return Response()
-
 class usersIdFavouritesGet(APIView):
-  """  
-  Returns the favourites for a user  
-  """
-  # enter code for this routine here.        
-  
   def get(self, request, id):
-    return Response()
-
-class usersIdFavouritesPost(APIView):
-  """  
-  Adds favourites to a user  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id, item):
-    return Response()
-
-class usersIdFavouritesPut(APIView):
-  """  
-  Updates the favourites for a user  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, items):
-    return Response()
-
-class usersIdGroupsGet(APIView):
-  """  
-  Returns all groups that a user is a member of  
-  """
-  # enter code for this routine here.        
+    """  
+    Returns the favourites for a user  
+    """
+    user = User.objects.get(id)
+    result = UserFavourite.objects.filter(user=user)
+    serializer = serializers.UserFavouriteSerializer(result)
+    return Response(serializer.data)  
+
+  def post(self, request, id):    
+    """  
+    Adds favourites to a user  
+    """  
+    user = User.objects.get(id=id)    
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    userFavourite = UserFavourite(type = data['type'], name = data['name'], value = data['value'], isDefault = data['isDefault'], user = user)
+    userFavourite.save()
+    serializer = serializers.UserFavouriteSerializer(userFavourite)
+    return Response(serializer.data)  
+
+  def put(self, request, id):
+    """  
+    Updates the favourites for a user  
+    """
+    user = User.objects.get(id=id)   
+    jsonString = request.body.decode('utf-8')
+    alldata = json.loads(jsonString)
+    # clear existing favourites.
+    UserFavourite.objects.filter(user=user).delete()
+
+    # add the replacement favourites
+    for data in alldata:
+      userFavourite = UserFavourite(type = data['type'], name = data['name'], value = data['value'], isDefault = data['isDefault'], user = user)
+      userFavourite.save()
+    result = UserFavourite.objects.filter(user=user)
+    serializer = serializers.UserFavouriteSerializer(result, many=True)
+    return Response(serializer.data)  
+
+class usersIdGroupsGet(APIView):            
   
   def get(self, request, id):
-    return Response()
-
-class usersIdGroupsPost(APIView):
-  """  
-  Add to the active set of groups for a user  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, id, item):
-    return Response()
-
-class usersIdGroupsPut(APIView):
-  """  
-  Updates the active set of groups for a user  
-  """
-  # enter code for this routine here.        
+    """  
+    Returns all groups that a user is a member of  
+    """
+    group = Group.objects.get(id=id)
+    result = GroupMembership.objects.filter(group=group)
+    serializer = serializers.GroupMembershipSerializer(result, many=True)
+    return Response(serializer.data)
   
-  def put(self, request, id, items):
+  def post(self, request, id):
+    """  
+    Adds a user to a group.  
+    """    
+    user = User.objects.get(id = id)
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    group = Group.objects.get(id = data['group'])
+    groupMembership = GroupMembership(active = data['active'], group = group, user = user)
+    groupMembership.save()
+    serializer = serializers.GroupMembershipSerializer(groupMembership)
+    return Response(serializer.data)
+    
+  def put(self, request, id):
     return Response()
 
-class usersIdNotificationsGet(APIView):
-  """  
-  Returns a user's notifications  
-  """
-  # enter code for this routine here.        
+class usersIdNotificationsGet(APIView):        
   
   def get(self, request, id):
-    return Response()
+    """  
+    Returns a user's notifications 
+    """
+    user = User.objects.get(id=id)
+    result = Notification.objects.filter(user=user)
+    serializer = serializers.NotificationSerializer(result, many=True)
+    return Response(serializer.data)
+  
+  def post(self, request, id):
+    """  
+    Adds a notification to user 
+    """    
+    user = User.objects.get(id = id)
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    notificationEvent = NotificationEvent.objects.get(id=data['event'])
+    notification = Notification(event = notificationEvent, hasBeenViewed = data['hasBeenViewed'], isWatchNotification = data['isWatchNotification'], user = user)
+    notification.save()
+    serializer = serializers.NotificationSerializer(notification)
+    return Response(serializer.data)
 
 class usersIdPermissionsGet(APIView):
   """  
   Returns the set of permissions for a user  
   """
-  # enter code for this routine here.        
-  
   def get(self, request, id):
-    return Response()
-
-class usersIdPut(APIView):
-  """  
-    
-  """
-  # enter code for this routine here.        
+    """  
+    Returns a user's permissions 
+    """
+    user = User.objects.get(id=id)
+    userRoles = UserRole.objects.filter(user=user)
+    result = []
+    for userRole in userRoles:
+        rolePermissions = RolePermission.objects.filter(role=userRole.role)
+        for rolePermission in rolePermissions:
+            result.append (rolePermission.permission)
+    serializer = serializers.PermissionSerializer(result, many=True)
+    return Response(serializer.data)
   
-  def put(self, request, id, item):
-    return Response()
 
 class usersIdRolesGet(APIView):
-  """  
-  Returns the roles for a user  
-  """
-  # enter code for this routine here.        
-  
   def get(self, request, id):
-    return Response()
-
-class usersIdRolesPost(APIView):
-  """  
-  Adds a role to a user  
-  """
-  # enter code for this routine here.        
+    """  
+    Returns all roles that a user is a member of  
+    """
+    result = UserRole.objects.filter(user=id)
+    serializer = serializers.UserRoleSerializer(result, many=True)
+    return Response(serializer.data)
   
-  def post(self, request, id, item):
-    return Response()
-
-class usersIdRolesPut(APIView):
-  """  
-  Updates the roles for a user  
-  """
-  # enter code for this routine here.        
-  
-  def put(self, request, id, items):
-    return Response()
-
-class usersPost(APIView):
-  """  
-  Create new user  
-  """
-  # enter code for this routine here.        
-  
-  def post(self, request, item):
+  def post(self, request, id):
+    """  
+    Adds a user to a role.  
+    """    
+    user = User.objects.get(id = id)
+    jsonString = request.body.decode('utf-8')
+    data = json.loads(jsonString)
+    role = Role.objects.get(id = data['role'])
+    userRole = UserRole(effectiveDate = data['effectiveDate'], expiryDate = data['expiryDate'],role = role, user = user)
+    userRole.save()
+    serializer = serializers.UserRoleSerializer(userRole)
+    return Response(serializer.data)
+    
+  def put(self, request, id):
+    """  
+    Updates the roles for a user  
+    """
     return Response()
 
-class usersSearchGet(APIView):
-  """  
-  Searches Users  
-  """
-  # enter code for this routine here.        
-  
+class usersSearchGet(APIView):  
   def get(self, request, fuelSuppliers = None, surname = None, includeInactive = None):
-    return Response()
+    """  
+    Searches Users  
+    """   
+    result = User.objects.all()
+    if fuelSuppliers != None:
+       # split on comma.
+       fuelSuppliers = fuelSuppliers.split(",")
+       for fuelSupplier in fuelSuppliers:
+         result = result.filter(fuelSupplier__id = fuelSupplier)
+    if surname != None:
+       result = result.filter(surname__icontains = surname)
+    if includeInactive != True:
+       result = result.filter(status = 'Active')    
+       
+    serializer = serializers.UserSerializer(result, many=True)
+    return Response(serializer.data)    
 
 
diff --git a/tfrs/APISpec/TFRSswagger.yaml b/tfrs/APISpec/TFRSswagger.yaml
index e980e3ba5..fb648fc16 100644
--- a/tfrs/APISpec/TFRSswagger.yaml
+++ b/tfrs/APISpec/TFRSswagger.yaml
@@ -435,149 +435,6 @@ paths:
           description: id of CreditTradeLogEntry to delete
           required: true
           type: integer
-  /complianceperiods:
-    get:
-      tags:
-        - CompliancePeriod
-      summary: Lists available CompliancePeriod objects
-      x-codegen-operation: list
-      consumes: []
-      produces:
-        - text/plain
-        - application/json
-        - text/json
-      responses:
-        200:
-          description: OK
-          schema:
-            type: array
-            items:
-              $ref: "#/definitions/CompliancePeriod"
-    post:
-      tags:
-        - CompliancePeriod
-      x-codegen-operation: create
-      summary: Creates a new CompliancePeriod object            
-      consumes:
-        - application/json
-      produces:
-        - text/plain
-        - application/json
-        - text/json
-      parameters:
-        - name: item
-          in: body
-          required: true
-          schema:
-            $ref: "#/definitions/CompliancePeriod"
-      responses:
-        201:
-          description: CompliancePeriod created
-          headers:
-            Location:
-              description: A link to the CompliancePeriod
-              type: string
-              format: url
-          schema:
-            $ref: "#/definitions/CompliancePeriod"  
-  /complianceperiods/bulk:
-    post:
-      tags:
-        - CompliancePeriod
-      summary: Bulk create / update a number of CompliancePeriod object      
-      x-codegen-operation: bulk
-      consumes:
-        - application/json
-      produces:
-        - text/plain
-        - application/json
-        - text/json
-      parameters:
-        - name: items
-          in: body
-          required: true
-          schema:
-            type: array
-            items:
-              $ref: "#/definitions/CompliancePeriod"
-      responses:
-        201:
-          description: CompliancePeriod created
-  /complianceperiods/{id}:
-    get:
-      tags:
-        - CompliancePeriod
-      summary: Gets a specific CompliancePeriod object      
-      x-codegen-operation: retrieve
-      consumes: []
-      produces:
-        - text/plain
-        - application/json
-        - text/json
-      responses:
-        200:
-          description: OK
-          schema:
-            $ref: "#/definitions/CompliancePeriod"
-        404:
-          description: CompliancePeriod not found
-      parameters:
-        - name: id
-          in: path
-          description: id of CompliancePeriod to fetch
-          required: true
-          type: integer
-    put:
-      tags:
-        - CompliancePeriod
-      x-codegen-operation: update
-      summary: Updates a specific CompliancePeriod object      
-      consumes:
-        - application/json
-      produces:
-        - text/plain
-        - application/json
-        - text/json
-      responses:
-        200:
-          description: OK
-          schema:
-            $ref: "#/definitions/CompliancePeriod"
-        404:
-          description: CompliancePeriod not found
-      parameters:
-        - name: id
-          in: path
-          description: id of CompliancePeriod to fetch
-          required: true
-          type: integer
-        - name: item
-          in: body
-          required: true
-          schema:
-            $ref: "#/definitions/CompliancePeriod"
-  /complianceperiods/{id}/delete:
-    post:
-      tags:
-        - CompliancePeriod
-      x-codegen-operation: destroy
-      summary: Deletes a specific CompliancePeriod object      
-      consumes: []
-      produces:
-        - text/plain
-        - application/json
-        - text/json
-      responses:
-        200:
-          description: OK
-        404:
-          description: CompliancePeriod not found
-      parameters:
-        - name: id
-          in: path
-          description: id of CompliancePeriod to delete
-          required: true
-          type: integer
   /lookuplists:
     get:
       tags:
@@ -1244,9 +1101,732 @@ paths:
           type: integer
     put:
       tags:
-        - Contact
+        - Contact
+      x-codegen-operation: update
+      summary: Updates a specific Contact object      
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/Contact"
+        404:
+          description: Contact not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Contact to fetch
+          required: true
+          type: integer
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/Contact"
+  /contacts/{id}/delete:
+    post:
+      tags:
+        - Contact
+      x-codegen-operation: destroy
+      summary: Deletes a specific Contact object      
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+        404:
+          description: Contact not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Contact to delete
+          required: true
+          type: integer
+  /notifications:
+    get:
+      tags:
+        - Notification
+      summary: Lists available Notification objects
+      x-codegen-operation: list
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/Notification"
+    post:
+      tags:
+        - Notification
+      x-codegen-operation: create
+      summary: Creates a new Notification object            
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/Notification"
+      responses:
+        201:
+          description: Notification created
+          headers:
+            Location:
+              description: A link to the Notification
+              type: string
+              format: url
+          schema:
+            $ref: "#/definitions/Notification"  
+  /notifications/bulk:
+    post:
+      tags:
+        - Notification
+      summary: Bulk create / update a number of Notification object      
+      x-codegen-operation: bulk
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: items
+          in: body
+          required: true
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/Notification"
+      responses:
+        201:
+          description: Notification created
+  /notifications/{id}:
+    get:
+      tags:
+        - Notification
+      summary: Gets a specific Notification object      
+      x-codegen-operation: retrieve
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/Notification"
+        404:
+          description: Notification not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Notification to fetch
+          required: true
+          type: integer
+    put:
+      tags:
+        - Notification
+      x-codegen-operation: update
+      summary: Updates a specific Notification object      
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/Notification"
+        404:
+          description: Notification not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Notification to fetch
+          required: true
+          type: integer
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/Notification"
+  /notifications/{id}/delete:
+    post:
+      tags:
+        - Notification
+      x-codegen-operation: destroy
+      summary: Deletes a specific Notification object      
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+        404:
+          description: Notification not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Notification to delete
+          required: true
+          type: integer
+  /notificationevents:
+    get:
+      tags:
+        - NotificationEvent
+      summary: Lists available NotificationEvent objects
+      x-codegen-operation: list
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/NotificationEvent"
+    post:
+      tags:
+        - NotificationEvent
+      x-codegen-operation: create
+      summary: Creates a new NotificationEvent object            
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/NotificationEvent"
+      responses:
+        201:
+          description: NotificationEvent created
+          headers:
+            Location:
+              description: A link to the NotificationEvent
+              type: string
+              format: url
+          schema:
+            $ref: "#/definitions/NotificationEvent"  
+  /notificationevents/bulk:
+    post:
+      tags:
+        - NotificationEvent
+      summary: Bulk create / update a number of NotificationEvent object      
+      x-codegen-operation: bulk
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: items
+          in: body
+          required: true
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/NotificationEvent"
+      responses:
+        201:
+          description: NotificationEvent created
+  /notificationevents/{id}:
+    get:
+      tags:
+        - NotificationEvent
+      summary: Gets a specific NotificationEvent object      
+      x-codegen-operation: retrieve
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/NotificationEvent"
+        404:
+          description: NotificationEvent not found
+      parameters:
+        - name: id
+          in: path
+          description: id of NotificationEvent to fetch
+          required: true
+          type: integer
+    put:
+      tags:
+        - NotificationEvent
+      x-codegen-operation: update
+      summary: Updates a specific NotificationEvent object      
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/NotificationEvent"
+        404:
+          description: NotificationEvent not found
+      parameters:
+        - name: id
+          in: path
+          description: id of NotificationEvent to fetch
+          required: true
+          type: integer
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/NotificationEvent"
+  /notificationevents/{id}/delete:
+    post:
+      tags:
+        - NotificationEvent
+      x-codegen-operation: destroy
+      summary: Deletes a specific NotificationEvent object      
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+        404:
+          description: NotificationEvent not found
+      parameters:
+        - name: id
+          in: path
+          description: id of NotificationEvent to delete
+          required: true
+          type: integer
+  /groups:
+    get:
+      tags:
+        - Group
+      summary: Lists available Group objects
+      x-codegen-operation: list
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/Group"
+    post:
+      tags:
+        - Group
+      x-codegen-permission: ADMIN
+      x-codegen-operation: create
+      summary: Creates a new Group object            
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/Group"
+      responses:
+        201:
+          description: Group created
+          headers:
+            Location:
+              description: A link to the Group
+              type: string
+              format: url
+          schema:
+            $ref: "#/definitions/Group"  
+  /groups/bulk:
+    post:
+      tags:
+        - Group
+      summary: Bulk create / update a number of Group object      
+      x-codegen-operation: bulk
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: items
+          in: body
+          required: true
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/Group"
+      responses:
+        201:
+          description: Group created
+  /groups/{id}:
+    get:
+      tags:
+        - Group
+      summary: Gets a specific Group object      
+      x-codegen-operation: retrieve
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/Group"
+        404:
+          description: Group not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Group to fetch
+          required: true
+          type: integer
+    put:
+      tags:
+        - Group      
+      x-codegen-permission: ADMIN
+      x-codegen-operation: update
+      summary: Updates a specific Group object      
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/Group"
+        404:
+          description: Group not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Group to fetch
+          required: true
+          type: integer
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/Group"
+  /groups/{id}/delete:
+    post:
+      tags:
+        - Group      
+      x-codegen-permission: ADMIN
+      x-codegen-operation: destroy
+      summary: Deletes a specific Group object      
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+        404:
+          description: Group not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Group to delete
+          required: true
+          type: integer
+  /permissions:
+    get:
+      tags:
+        - Permission
+      summary: Lists available PermissionViewModel objects
+      x-codegen-operation: list
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/PermissionViewModel"
+    post:
+      tags:
+        - Permission
+      x-codegen-permission: ADMIN
+      x-codegen-operation: create
+      summary: Creates a new PermissionViewModel object            
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/PermissionViewModel"
+      responses:
+        201:
+          description: Permission created
+          headers:
+            Location:
+              description: A link to the Permission
+              type: string
+              format: url
+          schema:
+            $ref: "#/definitions/PermissionViewModel"  
+  /permissions/bulk:
+    post:
+      tags:
+        - Permission
+      summary: Bulk create / update a number of PermissionViewModel object      
+      x-codegen-operation: bulk
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: items
+          in: body
+          required: true
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/PermissionViewModel"
+      responses:
+        201:
+          description: Permission created
+  /permissions/{id}:
+    get:
+      tags:
+        - Permission
+      summary: Gets a specific PermissionViewModel object      
+      x-codegen-operation: retrieve
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/PermissionViewModel"
+        404:
+          description: Permission not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Permission to fetch
+          required: true
+          type: integer
+    put:
+      tags:
+        - Permission      
+      x-codegen-permission: ADMIN
+      x-codegen-operation: update
+      summary: Updates a specific PermissionViewModel object      
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/PermissionViewModel"
+        404:
+          description: Permission not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Permission to fetch
+          required: true
+          type: integer
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/PermissionViewModel"
+  /permissions/{id}/delete:
+    post:
+      tags:
+        - Permission      
+      x-codegen-permission: ADMIN
+      x-codegen-operation: destroy
+      summary: Deletes a specific PermissionViewModel object      
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+        404:
+          description: Permission not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Permission to delete
+          required: true
+          type: integer
+  /roles:
+    get:
+      tags:
+        - Role
+      summary: Lists available RoleViewModel objects
+      x-codegen-operation: list
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/RoleViewModel"
+    post:
+      tags:
+        - Role
+      x-codegen-permission: ADMIN
+      x-codegen-operation: create
+      summary: Creates a new RoleViewModel object            
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: item
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/RoleViewModel"
+      responses:
+        201:
+          description: Role created
+          headers:
+            Location:
+              description: A link to the Role
+              type: string
+              format: url
+          schema:
+            $ref: "#/definitions/RoleViewModel"  
+  /roles/bulk:
+    post:
+      tags:
+        - Role
+      summary: Bulk create / update a number of RoleViewModel object      
+      x-codegen-operation: bulk
+      consumes:
+        - application/json
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:
+        - name: items
+          in: body
+          required: true
+          schema:
+            type: array
+            items:
+              $ref: "#/definitions/RoleViewModel"
+      responses:
+        201:
+          description: Role created
+  /roles/{id}:
+    get:
+      tags:
+        - Role
+      summary: Gets a specific RoleViewModel object      
+      x-codegen-operation: retrieve
+      consumes: []
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        200:
+          description: OK
+          schema:
+            $ref: "#/definitions/RoleViewModel"
+        404:
+          description: Role not found
+      parameters:
+        - name: id
+          in: path
+          description: id of Role to fetch
+          required: true
+          type: integer
+    put:
+      tags:
+        - Role      
+      x-codegen-permission: ADMIN
       x-codegen-operation: update
-      summary: Updates a specific Contact object      
+      summary: Updates a specific RoleViewModel object      
       consumes:
         - application/json
       produces:
@@ -1257,26 +1837,27 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/Contact"
+            $ref: "#/definitions/RoleViewModel"
         404:
-          description: Contact not found
+          description: Role not found
       parameters:
         - name: id
           in: path
-          description: id of Contact to fetch
+          description: id of Role to fetch
           required: true
           type: integer
         - name: item
           in: body
           required: true
           schema:
-            $ref: "#/definitions/Contact"
-  /contacts/{id}/delete:
+            $ref: "#/definitions/RoleViewModel"
+  /roles/{id}/delete:
     post:
       tags:
-        - Contact
+        - Role      
+      x-codegen-permission: ADMIN
       x-codegen-operation: destroy
-      summary: Deletes a specific Contact object      
+      summary: Deletes a specific RoleViewModel object      
       consumes: []
       produces:
         - text/plain
@@ -1286,18 +1867,18 @@ paths:
         200:
           description: OK
         404:
-          description: Contact not found
+          description: Role not found
       parameters:
         - name: id
           in: path
-          description: id of Contact to delete
+          description: id of Role to delete
           required: true
           type: integer
-  /notifications:
+  /rolepermissions:
     get:
       tags:
-        - Notification
-      summary: Lists available Notification objects
+        - RolePermission
+      summary: Lists available RolePermission objects
       x-codegen-operation: list
       consumes: []
       produces:
@@ -1310,12 +1891,13 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/Notification"
+              $ref: "#/definitions/RolePermission"
     post:
       tags:
-        - Notification
+        - RolePermission
+      x-codegen-permission: ADMIN
       x-codegen-operation: create
-      summary: Creates a new Notification object            
+      summary: Creates a new RolePermission object            
       consumes:
         - application/json
       produces:
@@ -1327,22 +1909,22 @@ paths:
           in: body
           required: true
           schema:
-            $ref: "#/definitions/Notification"
+            $ref: "#/definitions/RolePermission"
       responses:
         201:
-          description: Notification created
+          description: RolePermission created
           headers:
             Location:
-              description: A link to the Notification
+              description: A link to the RolePermission
               type: string
               format: url
           schema:
-            $ref: "#/definitions/Notification"  
-  /notifications/bulk:
+            $ref: "#/definitions/RolePermission"  
+  /rolepermissions/bulk:
     post:
       tags:
-        - Notification
-      summary: Bulk create / update a number of Notification object      
+        - RolePermission
+      summary: Bulk create / update a number of RolePermission object      
       x-codegen-operation: bulk
       consumes:
         - application/json
@@ -1357,15 +1939,15 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/Notification"
+              $ref: "#/definitions/RolePermission"
       responses:
         201:
-          description: Notification created
-  /notifications/{id}:
+          description: RolePermission created
+  /rolepermissions/{id}:
     get:
       tags:
-        - Notification
-      summary: Gets a specific Notification object      
+        - RolePermission
+      summary: Gets a specific RolePermission object      
       x-codegen-operation: retrieve
       consumes: []
       produces:
@@ -1376,20 +1958,21 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/Notification"
+            $ref: "#/definitions/RolePermission"
         404:
-          description: Notification not found
+          description: RolePermission not found
       parameters:
         - name: id
           in: path
-          description: id of Notification to fetch
+          description: id of RolePermission to fetch
           required: true
           type: integer
     put:
       tags:
-        - Notification
+        - RolePermission      
+      x-codegen-permission: ADMIN
       x-codegen-operation: update
-      summary: Updates a specific Notification object      
+      summary: Updates a specific RolePermission object      
       consumes:
         - application/json
       produces:
@@ -1400,26 +1983,27 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/Notification"
+            $ref: "#/definitions/RolePermission"
         404:
-          description: Notification not found
+          description: RolePermission not found
       parameters:
         - name: id
           in: path
-          description: id of Notification to fetch
+          description: id of RolePermission to fetch
           required: true
           type: integer
         - name: item
           in: body
           required: true
           schema:
-            $ref: "#/definitions/Notification"
-  /notifications/{id}/delete:
+            $ref: "#/definitions/RolePermission"
+  /rolepermissions/{id}/delete:
     post:
       tags:
-        - Notification
+        - RolePermission      
+      x-codegen-permission: ADMIN
       x-codegen-operation: destroy
-      summary: Deletes a specific Notification object      
+      summary: Deletes a specific RolePermission object      
       consumes: []
       produces:
         - text/plain
@@ -1429,18 +2013,18 @@ paths:
         200:
           description: OK
         404:
-          description: Notification not found
+          description: RolePermission not found
       parameters:
         - name: id
           in: path
-          description: id of Notification to delete
+          description: id of RolePermission to delete
           required: true
           type: integer
-  /notificationevents:
+  /groupmemberships:
     get:
       tags:
-        - NotificationEvent
-      summary: Lists available NotificationEvent objects
+        - GroupMembership
+      summary: Lists available GroupMembership objects
       x-codegen-operation: list
       consumes: []
       produces:
@@ -1453,12 +2037,13 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/NotificationEvent"
+              $ref: "#/definitions/GroupMembership"
     post:
       tags:
-        - NotificationEvent
+        - GroupMembership
+      x-codegen-permission: ADMIN
       x-codegen-operation: create
-      summary: Creates a new NotificationEvent object            
+      summary: Creates a new GroupMembership object            
       consumes:
         - application/json
       produces:
@@ -1470,22 +2055,22 @@ paths:
           in: body
           required: true
           schema:
-            $ref: "#/definitions/NotificationEvent"
+            $ref: "#/definitions/GroupMembership"
       responses:
         201:
-          description: NotificationEvent created
+          description: GroupMembership created
           headers:
             Location:
-              description: A link to the NotificationEvent
+              description: A link to the GroupMembership
               type: string
               format: url
           schema:
-            $ref: "#/definitions/NotificationEvent"  
-  /notificationevents/bulk:
+            $ref: "#/definitions/GroupMembership"  
+  /groupmemberships/bulk:
     post:
       tags:
-        - NotificationEvent
-      summary: Bulk create / update a number of NotificationEvent object      
+        - GroupMembership
+      summary: Bulk create / update a number of GroupMembership object      
       x-codegen-operation: bulk
       consumes:
         - application/json
@@ -1500,15 +2085,15 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/NotificationEvent"
+              $ref: "#/definitions/GroupMembership"
       responses:
         201:
-          description: NotificationEvent created
-  /notificationevents/{id}:
+          description: GroupMembership created
+  /groupmemberships/{id}:
     get:
       tags:
-        - NotificationEvent
-      summary: Gets a specific NotificationEvent object      
+        - GroupMembership
+      summary: Gets a specific GroupMembership object      
       x-codegen-operation: retrieve
       consumes: []
       produces:
@@ -1519,20 +2104,21 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/NotificationEvent"
+            $ref: "#/definitions/GroupMembership"
         404:
-          description: NotificationEvent not found
+          description: GroupMembership not found
       parameters:
         - name: id
           in: path
-          description: id of NotificationEvent to fetch
+          description: id of GroupMembership to fetch
           required: true
           type: integer
     put:
       tags:
-        - NotificationEvent
+        - GroupMembership      
+      x-codegen-permission: ADMIN
       x-codegen-operation: update
-      summary: Updates a specific NotificationEvent object      
+      summary: Updates a specific GroupMembership object      
       consumes:
         - application/json
       produces:
@@ -1543,26 +2129,27 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/NotificationEvent"
+            $ref: "#/definitions/GroupMembership"
         404:
-          description: NotificationEvent not found
+          description: GroupMembership not found
       parameters:
         - name: id
           in: path
-          description: id of NotificationEvent to fetch
+          description: id of GroupMembership to fetch
           required: true
           type: integer
         - name: item
           in: body
           required: true
           schema:
-            $ref: "#/definitions/NotificationEvent"
-  /notificationevents/{id}/delete:
+            $ref: "#/definitions/GroupMembership"
+  /groupmemberships/{id}/delete:
     post:
       tags:
-        - NotificationEvent
+        - GroupMembership      
+      x-codegen-permission: ADMIN
       x-codegen-operation: destroy
-      summary: Deletes a specific NotificationEvent object      
+      summary: Deletes a specific GroupMembership object      
       consumes: []
       produces:
         - text/plain
@@ -1572,18 +2159,18 @@ paths:
         200:
           description: OK
         404:
-          description: NotificationEvent not found
+          description: GroupMembership not found
       parameters:
         - name: id
           in: path
-          description: id of NotificationEvent to delete
+          description: id of GroupMembership to delete
           required: true
           type: integer
-  /groups:
+  /userroles:
     get:
       tags:
-        - Group
-      summary: Lists available Group objects
+        - UserRole
+      summary: Lists available UserRole objects
       x-codegen-operation: list
       consumes: []
       produces:
@@ -1596,13 +2183,13 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/Group"
+              $ref: "#/definitions/UserRole"
     post:
       tags:
-        - Group
+        - UserRole
       x-codegen-permission: ADMIN
       x-codegen-operation: create
-      summary: Creates a new Group object            
+      summary: Creates a new UserRole object            
       consumes:
         - application/json
       produces:
@@ -1614,22 +2201,22 @@ paths:
           in: body
           required: true
           schema:
-            $ref: "#/definitions/Group"
+            $ref: "#/definitions/UserRole"
       responses:
         201:
-          description: Group created
+          description: UserRole created
           headers:
             Location:
-              description: A link to the Group
+              description: A link to the UserRole
               type: string
               format: url
           schema:
-            $ref: "#/definitions/Group"  
-  /groups/bulk:
+            $ref: "#/definitions/UserRole"  
+  /userroles/bulk:
     post:
       tags:
-        - Group
-      summary: Bulk create / update a number of Group object      
+        - UserRole
+      summary: Bulk create / update a number of UserRole object      
       x-codegen-operation: bulk
       consumes:
         - application/json
@@ -1644,15 +2231,15 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/Group"
+              $ref: "#/definitions/UserRole"
       responses:
         201:
-          description: Group created
-  /groups/{id}:
+          description: UserRole created
+  /userroles/{id}:
     get:
       tags:
-        - Group
-      summary: Gets a specific Group object      
+        - UserRole
+      summary: Gets a specific UserRole object      
       x-codegen-operation: retrieve
       consumes: []
       produces:
@@ -1663,21 +2250,21 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/Group"
+            $ref: "#/definitions/UserRole"
         404:
-          description: Group not found
+          description: UserRole not found
       parameters:
         - name: id
           in: path
-          description: id of Group to fetch
+          description: id of UserRole to fetch
           required: true
           type: integer
     put:
       tags:
-        - Group      
+        - UserRole      
       x-codegen-permission: ADMIN
       x-codegen-operation: update
-      summary: Updates a specific Group object      
+      summary: Updates a specific UserRole object      
       consumes:
         - application/json
       produces:
@@ -1688,27 +2275,27 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/Group"
+            $ref: "#/definitions/UserRole"
         404:
-          description: Group not found
+          description: UserRole not found
       parameters:
         - name: id
           in: path
-          description: id of Group to fetch
+          description: id of UserRole to fetch
           required: true
           type: integer
         - name: item
           in: body
           required: true
           schema:
-            $ref: "#/definitions/Group"
-  /groups/{id}/delete:
+            $ref: "#/definitions/UserRole"
+  /userroles/{id}/delete:
     post:
       tags:
-        - Group      
+        - UserRole      
       x-codegen-permission: ADMIN
       x-codegen-operation: destroy
-      summary: Deletes a specific Group object      
+      summary: Deletes a specific UserRole object      
       consumes: []
       produces:
         - text/plain
@@ -1718,18 +2305,18 @@ paths:
         200:
           description: OK
         404:
-          description: Group not found
+          description: UserRole not found
       parameters:
         - name: id
           in: path
-          description: id of Group to delete
+          description: id of UserRole to delete
           required: true
           type: integer
-  /permissions:
+  /users:
     get:
       tags:
-        - Permission
-      summary: Lists available PermissionViewModel objects
+        - User
+      summary: Lists available User objects
       x-codegen-operation: list
       consumes: []
       produces:
@@ -1742,13 +2329,13 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/PermissionViewModel"
+              $ref: "#/definitions/User"
     post:
       tags:
-        - Permission
+        - User
       x-codegen-permission: ADMIN
       x-codegen-operation: create
-      summary: Creates a new PermissionViewModel object            
+      summary: Creates a new User object            
       consumes:
         - application/json
       produces:
@@ -1760,22 +2347,22 @@ paths:
           in: body
           required: true
           schema:
-            $ref: "#/definitions/PermissionViewModel"
+            $ref: "#/definitions/User"
       responses:
         201:
-          description: Permission created
+          description: User created
           headers:
             Location:
-              description: A link to the Permission
+              description: A link to the User
               type: string
               format: url
           schema:
-            $ref: "#/definitions/PermissionViewModel"  
-  /permissions/bulk:
+            $ref: "#/definitions/User"  
+  /users/bulk:
     post:
       tags:
-        - Permission
-      summary: Bulk create / update a number of PermissionViewModel object      
+        - User
+      summary: Bulk create / update a number of User object      
       x-codegen-operation: bulk
       consumes:
         - application/json
@@ -1790,15 +2377,15 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/PermissionViewModel"
+              $ref: "#/definitions/User"
       responses:
         201:
-          description: Permission created
-  /permissions/{id}:
+          description: User created
+  /users/{id}:
     get:
       tags:
-        - Permission
-      summary: Gets a specific PermissionViewModel object      
+        - User
+      summary: Gets a specific User object      
       x-codegen-operation: retrieve
       consumes: []
       produces:
@@ -1809,21 +2396,21 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/PermissionViewModel"
+            $ref: "#/definitions/User"
         404:
-          description: Permission not found
+          description: User not found
       parameters:
         - name: id
           in: path
-          description: id of Permission to fetch
+          description: id of User to fetch
           required: true
           type: integer
     put:
       tags:
-        - Permission      
+        - User      
       x-codegen-permission: ADMIN
       x-codegen-operation: update
-      summary: Updates a specific PermissionViewModel object      
+      summary: Updates a specific User object      
       consumes:
         - application/json
       produces:
@@ -1834,27 +2421,27 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/PermissionViewModel"
+            $ref: "#/definitions/User"
         404:
-          description: Permission not found
+          description: User not found
       parameters:
         - name: id
           in: path
-          description: id of Permission to fetch
+          description: id of User to fetch
           required: true
           type: integer
         - name: item
           in: body
           required: true
           schema:
-            $ref: "#/definitions/PermissionViewModel"
-  /permissions/{id}/delete:
+            $ref: "#/definitions/User"
+  /users/{id}/delete:
     post:
       tags:
-        - Permission      
+        - User      
       x-codegen-permission: ADMIN
       x-codegen-operation: destroy
-      summary: Deletes a specific PermissionViewModel object      
+      summary: Deletes a specific User object      
       consumes: []
       produces:
         - text/plain
@@ -1864,18 +2451,18 @@ paths:
         200:
           description: OK
         404:
-          description: Permission not found
+          description: User not found
       parameters:
         - name: id
           in: path
-          description: id of Permission to delete
+          description: id of User to delete
           required: true
           type: integer
-  /roles:
+  /offers:
     get:
       tags:
-        - Role
-      summary: Lists available RoleViewModel objects
+        - Offer
+      summary: Lists available Offer objects
       x-codegen-operation: list
       consumes: []
       produces:
@@ -1888,13 +2475,12 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/RoleViewModel"
+              $ref: "#/definitions/Offer"
     post:
       tags:
-        - Role
-      x-codegen-permission: ADMIN
+        - Offer
       x-codegen-operation: create
-      summary: Creates a new RoleViewModel object            
+      summary: Creates a new Offer object            
       consumes:
         - application/json
       produces:
@@ -1906,22 +2492,22 @@ paths:
           in: body
           required: true
           schema:
-            $ref: "#/definitions/RoleViewModel"
+            $ref: "#/definitions/Offer"
       responses:
         201:
-          description: Role created
+          description: Offer created
           headers:
             Location:
-              description: A link to the Role
+              description: A link to the Offer
               type: string
               format: url
           schema:
-            $ref: "#/definitions/RoleViewModel"  
-  /roles/bulk:
+            $ref: "#/definitions/Offer"  
+  /offers/bulk:
     post:
       tags:
-        - Role
-      summary: Bulk create / update a number of RoleViewModel object      
+        - Offer
+      summary: Bulk create / update a number of Offer object      
       x-codegen-operation: bulk
       consumes:
         - application/json
@@ -1936,15 +2522,15 @@ paths:
           schema:
             type: array
             items:
-              $ref: "#/definitions/RoleViewModel"
+              $ref: "#/definitions/Offer"
       responses:
         201:
-          description: Role created
-  /roles/{id}:
+          description: Offer created
+  /offers/{id}:
     get:
       tags:
-        - Role
-      summary: Gets a specific RoleViewModel object      
+        - Offer
+      summary: Gets a specific Offer object      
       x-codegen-operation: retrieve
       consumes: []
       produces:
@@ -1955,21 +2541,20 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/RoleViewModel"
+            $ref: "#/definitions/Offer"
         404:
-          description: Role not found
+          description: Offer not found
       parameters:
         - name: id
           in: path
-          description: id of Role to fetch
+          description: id of Offer to fetch
           required: true
           type: integer
     put:
       tags:
-        - Role      
-      x-codegen-permission: ADMIN
+        - Offer
       x-codegen-operation: update
-      summary: Updates a specific RoleViewModel object      
+      summary: Updates a specific Offer object      
       consumes:
         - application/json
       produces:
@@ -1980,27 +2565,26 @@ paths:
         200:
           description: OK
           schema:
-            $ref: "#/definitions/RoleViewModel"
+            $ref: "#/definitions/Offer"
         404:
-          description: Role not found
+          description: Offer not found
       parameters:
         - name: id
           in: path
-          description: id of Role to fetch
+          description: id of Offer to fetch
           required: true
           type: integer
         - name: item
           in: body
           required: true
           schema:
-            $ref: "#/definitions/RoleViewModel"
-  /roles/{id}/delete:
+            $ref: "#/definitions/Offer"
+  /offers/{id}/delete:
     post:
       tags:
-        - Role      
-      x-codegen-permission: ADMIN
+        - Offer
       x-codegen-operation: destroy
-      summary: Deletes a specific RoleViewModel object      
+      summary: Deletes a specific Offer object      
       consumes: []
       produces:
         - text/plain
@@ -2010,11 +2594,11 @@ paths:
         200:
           description: OK
         404:
-          description: Role not found
+          description: Offer not found
       parameters:
         - name: id
           in: path
-          description: id of Role to delete
+          description: id of Offer to delete
           required: true
           type: integer
   /attachments/{id}/download:
@@ -2035,7 +2619,28 @@ paths:
         200:
           description: OK
         404:
-          description: Attachment not found in CCW system    
+          description: Attachment not found   
+  /attachments/upload:
+    post:
+      summary: Used to upload an attachment
+      tags:
+        - Attachment
+      description: Append the file to request files item 'file'      
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:        
+        - name: item
+          in: body
+          description: Attachment meta data.  Do not include the binary data in the JSON. 
+          required: true
+          schema:
+            $ref: "#/definitions/Attachment"
+      consumes: []
+      responses:
+        201:
+          description: Attachment created        
   /groups/{id}/users:
     get:
       summary: returns users in a given Group
@@ -2062,7 +2667,7 @@ paths:
             type: array
             items:
               $ref: "#/definitions/UserViewModel"          
-  /credittrading/search:
+  /credittrades/search:
     get:
       summary: Searches credit trades
       description:
@@ -2117,7 +2722,7 @@ paths:
             type: array
             items:
               $ref: "#/definitions/CreditTrade"
-  /creditTrade/{id}/notes:
+  /credittrades/{id}/notes:
     get:
       summary: Returns notes for a particular CreditTrade
       description: Returns notes for a particular CreditTrade.
@@ -2166,6 +2771,31 @@ paths:
           description: id of CreditTrade to fetch attachments for
           required: true
           type: integer    
+    post:
+      summary: Adds a file attachment to a credit trade.  
+      description: Append the file to request files item 'file'
+      x-operation-ignore: YES
+      tags:
+        - CreditTrade
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        '201':
+          description: OK
+      parameters:
+        - name: id
+          in: path
+          description: id of CreditTrade to add attachment to
+          required: true
+          type: integer
+        - name: item
+          in: body
+          description: Attachment meta data.  Do not include the binary data in the JSON. 
+          required: true
+          schema:
+            $ref: "#/definitions/Attachment"          
   /credittrades/{id}/history:
     get:
       summary: Returns History for a particular CreditTrade
@@ -2201,6 +2831,7 @@ paths:
     post:
       summary: Add a History record to the CreditTrade
       description: Add a History record to the CreditTrade
+      x-operation-ignore: YES
       tags:
         - CreditTrade
       produces:
@@ -2288,6 +2919,7 @@ paths:
           type: integer
     post:
       summary: Add a History record to the FuelSupplier
+      x-operation-ignore: YES
       tags:
         - FuelSupplier
       produces:
@@ -2299,7 +2931,7 @@ paths:
           in: path
           description: id of FuelSupplier to add History for
           required: true
-          type: integer
+          type: integer          
         - name: item
           in: body
           required: true
@@ -2390,6 +3022,7 @@ paths:
               $ref: "#/definitions/PermissionViewModel"
     put:
       summary: Updates the permissions for a role
+      x-operation-ignore: YES
       tags:
         - Role
       x-codegen-permission: ADMIN
@@ -2423,6 +3056,7 @@ paths:
           description: Role not found
     post:
       summary: Adds a permissions to a role
+      x-operation-ignore: YES
       tags:
         - Role
       x-codegen-permission: ADMIN
@@ -2476,6 +3110,7 @@ paths:
               $ref: "#/definitions/UserRoleViewModel"
     put:
       summary: Updates the users for a role
+      x-operation-ignore: YES
       tags:
         - Role
       x-codegen-permission: ADMIN
@@ -2527,6 +3162,7 @@ paths:
         404:
            description: User not found
     post:
+      x-operation-ignore: YES
       summary: Create new user
       tags:
         - User
@@ -2597,6 +3233,7 @@ paths:
             $ref: "#/definitions/UserFavourite"            
     post:
       summary: Create new favourite for the current user
+      x-operation-ignore: YES
       tags:
         - CurrentUser
       consumes:
@@ -2621,7 +3258,7 @@ paths:
               format: url
           schema:
             $ref: "#/definitions/UserFavourite"
-  /users/current/favourites/{type}:
+  /users/current/favourites/search:
     get:
       summary: Returns a user's favourites of a given type.  If type is empty, returns all.
       tags:
@@ -2641,7 +3278,7 @@ paths:
            description: User not found
       parameters:
         - name: type
-          in: path
+          in: query
           description: type of favourite to return
           required: true
           type: string
@@ -2745,7 +3382,7 @@ paths:
            description: User not found
     put:
       description: Updates a user
-      x-codegen-operation: update
+      x-operation-ignore: YES      
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -2820,7 +3457,8 @@ paths:
         404:
            description: User not found
     post:
-      summary: Adds favourites to a user
+      summary: Adds favourite to a user
+      x-operation-ignore: YES
       tags:
         - User
       consumes:
@@ -2847,6 +3485,7 @@ paths:
           description: Favourites added to user          
     put:
       summary: Updates the favourites for a user
+      x-operation-ignore: YES
       tags:
         - User
       consumes:
@@ -2899,6 +3538,7 @@ paths:
            description: User not found
     post:
       summary: Adds a role to a user
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -2930,7 +3570,8 @@ paths:
           schema:
             $ref: "#/definitions/UserRoleViewModel"
     put:
-      summary: Updates the roles for a user
+      summary: Updates the roles for a user      
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -3012,6 +3653,7 @@ paths:
            description: User not found
     put:
       summary: Updates the active set of groups for a user
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -3045,6 +3687,7 @@ paths:
           description: User not found
     post:
       summary: Add to the active set of groups for a user
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -3158,7 +3801,6 @@ definitions:
     required:
       - id
       - logEntryTime
-      - newCompliancePeriod
       - newStatus
       - newNumberOfCredits
     properties:
@@ -3172,8 +3814,6 @@ definitions:
       logEntryTime:
         type: string
         format: date-time
-      newCompliancePeriod:
-        $ref: '#/definitions/CompliancePeriod'
       newStatus:
         type: string
       newTradeExecutionDate:
@@ -3418,7 +4058,7 @@ definitions:
       isDefault:
         type: boolean
         description: True if this Favourite is the default for this Context Type. On first access to a context in a session the default favourite for the context it is invoked. If there is no default favourite,  a system-wide default is invoked. On return to the context within a session,  the last parameters used are reapplied.
-      User:
+      user:
         $ref: '#/definitions/User'
   Notification:
     type: object
diff --git a/tfrs/APISpec/in/TFRSSwagger.xlsm b/tfrs/APISpec/in/TFRSSwagger.xlsm
index 6a0056b47..d4d933b99 100644
Binary files a/tfrs/APISpec/in/TFRSSwagger.xlsm and b/tfrs/APISpec/in/TFRSSwagger.xlsm differ
diff --git a/tfrs/APISpec/postapi.yaml b/tfrs/APISpec/postapi.yaml
index 95947174c..ceeca2702 100644
--- a/tfrs/APISpec/postapi.yaml
+++ b/tfrs/APISpec/postapi.yaml
@@ -16,7 +16,28 @@
         200:
           description: OK
         404:
-          description: Attachment not found in CCW system    
+          description: Attachment not found   
+  /attachments/upload:
+    post:
+      summary: Used to upload an attachment
+      tags:
+        - Attachment
+      description: Append the file to request files item 'file'      
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      parameters:        
+        - name: item
+          in: body
+          description: Attachment meta data.  Do not include the binary data in the JSON. 
+          required: true
+          schema:
+            $ref: "#/definitions/Attachment"
+      consumes: []
+      responses:
+        201:
+          description: Attachment created        
   /groups/{id}/users:
     get:
       summary: returns users in a given Group
@@ -43,7 +64,7 @@
             type: array
             items:
               $ref: "#/definitions/UserViewModel"          
-  /credittrading/search:
+  /credittrades/search:
     get:
       summary: Searches credit trades
       description:
@@ -98,7 +119,7 @@
             type: array
             items:
               $ref: "#/definitions/CreditTrade"
-  /creditTrade/{id}/notes:
+  /credittrades/{id}/notes:
     get:
       summary: Returns notes for a particular CreditTrade
       description: Returns notes for a particular CreditTrade.
@@ -147,6 +168,31 @@
           description: id of CreditTrade to fetch attachments for
           required: true
           type: integer    
+    post:
+      summary: Adds a file attachment to a credit trade.  
+      description: Append the file to request files item 'file'
+      x-operation-ignore: YES
+      tags:
+        - CreditTrade
+      produces:
+        - text/plain
+        - application/json
+        - text/json
+      responses:
+        '201':
+          description: OK
+      parameters:
+        - name: id
+          in: path
+          description: id of CreditTrade to add attachment to
+          required: true
+          type: integer
+        - name: item
+          in: body
+          description: Attachment meta data.  Do not include the binary data in the JSON. 
+          required: true
+          schema:
+            $ref: "#/definitions/Attachment"          
   /credittrades/{id}/history:
     get:
       summary: Returns History for a particular CreditTrade
@@ -182,6 +228,7 @@
     post:
       summary: Add a History record to the CreditTrade
       description: Add a History record to the CreditTrade
+      x-operation-ignore: YES
       tags:
         - CreditTrade
       produces:
@@ -269,6 +316,7 @@
           type: integer
     post:
       summary: Add a History record to the FuelSupplier
+      x-operation-ignore: YES
       tags:
         - FuelSupplier
       produces:
@@ -280,7 +328,7 @@
           in: path
           description: id of FuelSupplier to add History for
           required: true
-          type: integer
+          type: integer          
         - name: item
           in: body
           required: true
@@ -371,6 +419,7 @@
               $ref: "#/definitions/PermissionViewModel"
     put:
       summary: Updates the permissions for a role
+      x-operation-ignore: YES
       tags:
         - Role
       x-codegen-permission: ADMIN
@@ -404,6 +453,7 @@
           description: Role not found
     post:
       summary: Adds a permissions to a role
+      x-operation-ignore: YES
       tags:
         - Role
       x-codegen-permission: ADMIN
@@ -457,6 +507,7 @@
               $ref: "#/definitions/UserRoleViewModel"
     put:
       summary: Updates the users for a role
+      x-operation-ignore: YES
       tags:
         - Role
       x-codegen-permission: ADMIN
@@ -508,6 +559,7 @@
         404:
            description: User not found
     post:
+      x-operation-ignore: YES
       summary: Create new user
       tags:
         - User
@@ -578,6 +630,7 @@
             $ref: "#/definitions/UserFavourite"            
     post:
       summary: Create new favourite for the current user
+      x-operation-ignore: YES
       tags:
         - CurrentUser
       consumes:
@@ -602,7 +655,7 @@
               format: url
           schema:
             $ref: "#/definitions/UserFavourite"
-  /users/current/favourites/{type}:
+  /users/current/favourites/search:
     get:
       summary: Returns a user's favourites of a given type.  If type is empty, returns all.
       tags:
@@ -622,7 +675,7 @@
            description: User not found
       parameters:
         - name: type
-          in: path
+          in: query
           description: type of favourite to return
           required: true
           type: string
@@ -726,7 +779,7 @@
            description: User not found
     put:
       description: Updates a user
-      x-codegen-operation: update
+      x-operation-ignore: YES      
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -801,7 +854,8 @@
         404:
            description: User not found
     post:
-      summary: Adds favourites to a user
+      summary: Adds favourite to a user
+      x-operation-ignore: YES
       tags:
         - User
       consumes:
@@ -828,6 +882,7 @@
           description: Favourites added to user          
     put:
       summary: Updates the favourites for a user
+      x-operation-ignore: YES
       tags:
         - User
       consumes:
@@ -880,6 +935,7 @@
            description: User not found
     post:
       summary: Adds a role to a user
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -911,7 +967,8 @@
           schema:
             $ref: "#/definitions/UserRoleViewModel"
     put:
-      summary: Updates the roles for a user
+      summary: Updates the roles for a user      
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -993,6 +1050,7 @@
            description: User not found
     put:
       summary: Updates the active set of groups for a user
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN
@@ -1026,6 +1084,7 @@
           description: User not found
     post:
       summary: Add to the active set of groups for a user
+      x-operation-ignore: YES
       tags:
         - User
       x-codegen-permission: ADMIN