To enhance the functionality and security of our marketplace platform, we need to ensure that sellers have the capability to create, read, update, and delete (CRUD) only their products. Additionally, sellers should be able to view orders related to their products. This update requires modifications to both the product and order management logic to enforce these restrictions effectively.
Tasks:
Update Product Management Permissions:
Revise the product CRUD operations in productController.js to validate the seller's identity against the product owner before allowing any modifications.
Implement checks during product creation to associate the product with the authenticated seller's ID.
Restrict Order Visibility:
Modify the order retrieval logic in orderController.js to ensure sellers can only view orders that include their products.
Consider the need for aggregating order details in a way that only displays relevant information to the seller (e.g., omitting products from other sellers in shared orders).
Test New Permissions and Visibility:
Write unit and integration tests to verify that sellers can only manage their products and view relevant orders.
Ensure tests cover scenarios of unauthorized access attempts.
Update API Documentation:
Reflect these changes in the API documentation, clearly stating the permissions and visibility rules for sellers.
Inform Sellers of New Features:
Prepare communication to inform current sellers about the new features and any actions they need to take.
Acceptance Criteria:
Sellers are restricted to managing only their listed products and cannot modify others'.
Sellers can view orders that involve their products but see limited details for products not owned by them.
Comprehensive tests confirm the security and functionality of the updated features.
API documentation is updated to include the new permissions and visibility rules.
Sellers are informed about the update and understand how to use the new features.
Deliverables:
Updated product and order management logic in the backend.
Unit and integration tests validating the new restrictions.
To enhance the functionality and security of our marketplace platform, we need to ensure that sellers have the capability to create, read, update, and delete (CRUD) only their products. Additionally, sellers should be able to view orders related to their products. This update requires modifications to both the product and order management logic to enforce these restrictions effectively.
Tasks:
Update Product Management Permissions:
productController.js
to validate the seller's identity against the product owner before allowing any modifications.Restrict Order Visibility:
orderController.js
to ensure sellers can only view orders that include their products.Test New Permissions and Visibility:
Update API Documentation:
Inform Sellers of New Features:
Acceptance Criteria:
Deliverables: