Commit Graph

7 Commits

Author SHA1 Message Date
Miguel Nogueira 5f1f92a9ce Code review
This commit fixes some superficial instances of Broken Access Control 
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control).
There may be some more instances of this, as authorization was only done 
after most of the controllers were done (big mistake).

Some refactoring was also performed, where Route Model Binding with DI 
(dependency injection) was used whenever possible, to increase 
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY; 
There may be some lines of code that are still copy-pasted from other 
parts of the codebase for reuse.

Non-breaking refactoring changes were made, but the app as a whole still 
needs full manual testing, and customised responses to HTTP 500 
responses. Some errors are also not handled gracefully and this wasn't 
checked in this commit.
2020-07-16 21:21:28 +01:00
Miguel Nogueira 4a766620ff Fix appointment policy not being called correctly
This commit fixes the appointment policy being called at the wrong time, with the wrong arguments.
It also fixes wrong references on the auth service provider, also fixing other issues with poliy usage.

Fixes #3 and SPACEJEWEL-HOSTING-59.
2020-07-16 05:24:00 +01:00
Miguel Nogueira 33c16fcf46 Add user directory & isolate authorisation 2020-06-27 19:15:33 +01:00
Miguel Nogueira 5a8c080a31 Beta version
This commit is too large to list all changes.
2020-06-27 00:32:33 +01:00
Miguel Nogueira d15c0cb12f Major changes - Vote system now finished 2020-05-30 00:20:39 +01:00
Miguel Nogueira cc8c293cc6 Significant changes
Added several components and features too long to list here
2020-05-22 03:49:16 +01:00
Miguel Nogueira 7c22894e94 Added models, migrations and controllers
This commit adds the logical structure for the app.
2020-04-29 18:15:54 +01:00