Closed mblarsen closed 4 years ago
@cbj4074 I've added and activated more policies, however, some parts of the model I need a better understanding of. I've asked here on Discord.
ps: @cbj4074 no need to review until "Ready for review"
@mblarsen To answer your questions in the TODO list:
OrderController
(see next item).OrderController
, any site visitor should be permitted to call any of those methods, whether authenticated or not. When a visitor adds an item to the shopping cart on the front-end, these API methods are called on the back-end. Does this effectively mean that it doesn't even require a policy?FeaturedController
, generally speaking, that's correct; nobody is authorized to call these methods, with the exception of the artists()
method, which returns the list of currently-featured Artists. (The list of featured Artists is generated automatically with an Artisan command.)* Does this effectively mean that it doesn't even require a policy?
Yes, but it is better to be explicit about it and have an OrderPolicy that just has return true
. I'll add this + Featured policy.
I've updated with your proposed changes.
I'm at bit unclear about delete
, restore
, and forceDelete
in many cases.
I think we need to tweak this a bit. My recollection is that $song->users actually refers to users who have purchased the song, per the song_user table.
@cbj4074 I suggest renaming $song->users then to something more clear. E.g. buyers
, customers
, etc.
Easy to mistake to make.
@cbj4074 I had to refactor IndexRouteTest
to use album instead of users as we have now blocked users.index.
I'm at bit unclear about
delete
,restore
, andforceDelete
in many cases.
I looked at those while reviewing and I think in the vast majority of cases, if not all of them, they are correct. I will double-check them once we get this merged-in (I don't think it's critical to verify them now, nor should doing so hold-up this PR).
@cbj4074 I suggest renaming $song->users then to something more clear. E.g. buyers, customers, etc.
I agree, and will do that once this is merged.
I'm taking another look at catalogable/profile issue and will respond to that shortly...
@mblarsen I took the liberty of merging your other PR into this one, and reconciling the handful of conflicts. Hopefully, I preserved all of the changes from both PRs, but please double-check my work.