This commit switches the source of user profile pictures displayed on comments to the source defined on their profile.
The profile image was previously being fetched from the applicant's profile.
This commit introduces a new feature where users can disable the collection and display of IP addresses. It's hardcoded in the .env config file for security reasons, and demo mode ignores this setting, because it already hides IPs by default.
This method would always fail for cached options because at the end it was expecting an Eloquent model, which would never be populated if the requested value was cached in the first place.
Uncached requests wouldn't fail because the exec path would lead to $value being a Model.
Also removed reference to old feature causing application page to crash.
This commit fixes some superficial instances of Broken Access Control
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control).
There may be some more instances of this, as authorization was only done
after most of the controllers were done (big mistake).
Some refactoring was also performed, where Route Model Binding with DI
(dependency injection) was used whenever possible, to increase
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY;
There may be some lines of code that are still copy-pasted from other
parts of the codebase for reuse.
Non-breaking refactoring changes were made, but the app as a whole still
needs full manual testing, and customised responses to HTTP 500
responses. Some errors are also not handled gracefully and this wasn't
checked in this commit.
This commit adds the ability to edit and modify existing forms.
On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code.
