--- a/server/ammico/urls.py	Tue Mar 31 12:21:22 2015 +0200
+++ b/server/ammico/urls.py	Tue Mar 31 12:22:00 2015 +0200
@@ -1,14 +1,15 @@
 from django.conf.urls import patterns, url, include
 
-from ammico.views import populateUser, ListBooks, InfoBook, ListSlides, InfoSlide, GetSlides
+from ammico.views import populateUser, ListBooks, InfoBook, ListSlides, InfoSlide, BookSlides, SlidesOrder
 
 
 urlpatterns = patterns('',
-    url(r'^populateUser/$', populateUser, name='populateUser'),
-    url(r'^books/$', ListBooks.as_view()),
+    url(r'^populateUser$', populateUser, name='populateUser'),
+    url(r'^books$', ListBooks.as_view()),
     url(r'^books/(?P<idBook>[0-9]+)$', InfoBook.as_view()),
-    url(r'^books/(?P<idBook>[0-9]+)/slides$', GetSlides.as_view()),
-    url(r'^slides/$', ListSlides.as_view()),
+    url(r'^books/(?P<idBook>[0-9]+)/order$', SlidesOrder.as_view()),
+    url(r'^books/(?P<idBook>[0-9]+)/slides$', BookSlides.as_view()),
+    url(r'^slides$', ListSlides.as_view()),
     url(r'^slides/(?P<idSlide>[0-9]+)$', InfoSlide.as_view()),
-    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    url(r'^api-auth', include('rest_framework.urls', namespace='rest_framework')),
 )

--- a/server/ammico/views.py	Tue Mar 31 12:21:22 2015 +0200
+++ b/server/ammico/views.py	Tue Mar 31 12:22:00 2015 +0200
@@ -72,7 +72,7 @@
     """
     #authentication_classes = (authentication.TokenAuthentication,)
     #permission_classes = (permissions.IsAdminUser,)
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.AllowAny,)
 
     def get(self, request):
         """
@@ -88,7 +88,7 @@
     """
     #authentication_classes = (authentication.TokenAuthentication,)
     #permission_classes = (permissions.IsAdminUser,)
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.AllowAny,)
 
     def get(self, request, idBook):
         try:
@@ -104,23 +104,49 @@
         book.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
     
-class GetSlides(APIView):
+class BookSlides(APIView):
     """
     View to get book informations.
     """
     #authentication_classes = (authentication.TokenAuthentication,)
     #permission_classes = (permissions.IsAdminUser,)
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.AllowAny,)
 
     def get(self, request, idBook):
         try:
             book = Book.objects.get(id=idBook)
         except Book.DoesNotExist:
             return HttpResponse(status=404)
-        print(book)
         
         serializer = SlideSerializer(book.slides.all(), many=True)
         return Response(serializer.data)
+    
+
+class SlidesOrder(APIView):
+    """
+    Get/Set Slides order
+    """
+    #authentication_classes = (authentication.TokenAuthentication,)
+    #permission_classes = (permissions.IsAdminUser,)
+    permission_classes = (permissions.AllowAny,)
+
+    def get(self, request, idBook):
+        try:
+            book = Book.objects.get(id=idBook)
+        except Book.DoesNotExist:
+            return HttpResponse(status=404)
+        response = {}
+        response["order"] = book.get_slide_order()
+        return Response(response)
+    
+    def post(self, request, idBook):
+        try:
+            book = Book.objects.get(id=idBook)
+        except Book.DoesNotExist:
+            return HttpResponse(status=404)
+        
+        book.set_slide_order(request.data['order'])
+        return Response(status=status.HTTP_200_OK)
 
 class ListSlides(APIView):
     """
@@ -128,15 +154,22 @@
     """
     #authentication_classes = (authentication.TokenAuthentication,)
     #permission_classes = (permissions.IsAdminUser,)
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.AllowAny,)
 
-    def get(self, request, format=None):
+    def get(self, request):
         """
         Return a list of slide
         """               
         slides = Slide.objects.filter()
         serializer = SlideSerializer(slides, many=True)
         return Response(serializer.data)
+    
+    def post(self, request):
+        serializer = SlideSerializer(data=request.data)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_201_CREATED)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
 class InfoSlide(APIView):
     """
@@ -144,7 +177,7 @@
     """
     #authentication_classes = (authentication.TokenAuthentication,)
     #permission_classes = (permissions.IsAdminUser,)
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.AllowAny,)
 
     def get(self, request, idSlide):
         try:
@@ -156,14 +189,21 @@
         return Response(serializer.data)
     
     def post(self, request, idSlide):
-        print (request.data)
-        serializer = SlideSerializer(data=request.data)
+        try:
+            slide = Slide.objects.get(id=idSlide)
+        except Book.DoesNotExist:
+            return HttpResponse(status=404)
+        serializer = SlideSerializer(slide, data=request.data)
         if serializer.is_valid():
             serializer.save()
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
     
     def delete(self, request, idSlide):
-        slide = Slide.objects.get(id = idSlide)
+        try:
+            slide = Slide.objects.get(id = idSlide)
+        except Book.DoesNotExist:
+            return HttpResponse(status=404)
+        
         slide.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
\ No newline at end of file