This commit moves most controller logic onto Services. Services are part of the Service-Repository pattern. The models act as repositories.
Services are easily testable and are needed for the upcoming API, in order to avoid duplicated code and to maintain a single source of "truth".
The User, Vacancy and Vote controllers still need their logic moved onto services.
This approach would allow users to directly use HTML in their responses. We'd need to purify HTML on the way out to only allow <br>, otherwise, there'd be XSS concerns.
Rendering as Markdown and letting users know they can use it is a better approach in the long run.
This commit fixes some superficial instances of Broken Access Control
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control).
There may be some more instances of this, as authorization was only done
after most of the controllers were done (big mistake).
Some refactoring was also performed, where Route Model Binding with DI
(dependency injection) was used whenever possible, to increase
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY;
There may be some lines of code that are still copy-pasted from other
parts of the codebase for reuse.
Non-breaking refactoring changes were made, but the app as a whole still
needs full manual testing, and customised responses to HTTP 500
responses. Some errors are also not handled gracefully and this wasn't
checked in this commit.
This commit finally adds the dynamically rendered form that changes according to how the user builds their form.
It also fragments the header and footer for the main page into their own separate files for ease of access later.
Vacancy status has also been added to the Vacancies in DB.
All staff application endpoints have also been moved to under the user application endpoints group, for ease of use (duplicated route group).
This commit also includes Chart.js for the whole project using Webpack. It also updates NPM packages to support ChartJS, and suppresses locale.js warnings from Webpack builds.
Gitignore removes the webpack bundle file since that file should be built each time dependencies/js code are modified.
Miguel Nogueira
Miguel N