Redsy - Edges

[larachan15]

bEtsy

Congratulations! You're submitting your assignment! These comprehension questions should be answered by all members of your team, not by a single teammate.

Comprehension Questions

Question	Answer
Each team member: what is one thing you were primarily responsible for that you're proud of?	Dionisia- I worked on the OAuth and order summary page. Melissa creating and modifying the cart. Michelle - adding an item to the cart (+removing, updating, what happens when you checkout) + merchant account order summary page. Layla - I was responsible for the primary style and design of the webpage. I am proud of how it turned out and I look forward to practicing my skills in the future. I also made tests for the products controller, and contributed throughout the process on fixing different aspects here with routing and controller actions. I also did the entire review process which I am proud of.
Each team member: what is one thing you were primarily responsible for that you would like targeted feedback on?	Dionisia - I worked on some of the testing since I still a little shaky on that. I worked on the categories controller, merchant model testing, order model testing, product model testing. Melissa - The order summary methods. Michelle - cart. Layla - I appreciate targeted feedback on ways to improve the review process and how to best incorporate how to style reviews on a products detail page.
How did your team break up the work to be done?	We wanted to work independently but without merge conflicts, so we broke up the work by sections : one person working on merchant functions, one on testing/styling, and a pair on cart functions. We would reconvene, discuss where we were in the project and divide the work up on the different sections based on our progress. We also paired on larger features or if someone was stuck.
How did your team utilize git to collaborate?	We worked on separate branches and submitted pull requests once a feature was finished, updated, or debugged. This process helped us thoroughly comb through merge requests and avoid conflicts.
What did your group do to try to keep your code DRY while many people collaborated on it?	We created controller filters, and view form helpers. We tried to dry it up as much as possible as we coded.
What was a technical challenge that you faced as a group?	It was difficult to learn how to properly use pull requests. They caused confusion at the beginning, which likely pushed us bad a day or so.
What was a team/personal challenge that you faced as a group?	Initially it was difficult to decide how to divide up the work, since we all had different schedules and had to work independently, but after thoroughly going through user stories and the ERD, we we able to divide the project in to broad sections and chip away independently on those sections. Also learning how to properly use Github PR
What was your application's ERD? (include a link)	https://trello-attachments.s3.amazonaws.com/5bc778c6bd834c1cdba4b498/5bc8def61fa04287a4d91e5c/698061774baddd13f0c6aa228a6827ef/ERD_Red.PNG
What is your Trello URL?	https://trello.com/b/AM1sQixL/red-jaguars
What is the Heroku URL of your deployed application?	https://redsy.herokuapp.com

[droberts-sea]

bEtsy

Dionisia - I worked on some of the testing since I still a little shaky on that. I worked on the categories controller, merchant model testing, order model testing, product model testing.

and

Melissa - The order summary methods.

• I love the model methods in Order - good work isolating this functionality.
• However, these methods are not well tested! Specific test cases I would like to see for the various self methods:
  • Do they work if everything is as expected?
  • What if there are no orders?
  • What if one or all of the orders have no products?
  • If they rely on a status, what if there are no orders with that status?

Michelle - cart.

• Generally looks alright, outside of the TODOs you left yourself. I left a couple inline comments.

Layla - I appreciate targeted feedback on ways to improve the review process and how to best incorporate how to style reviews on a products detail page.

• If you wanted to make the "leave a review" flow a little cleaner, you might make the form be on the products show page. Another small tweak is to make the rating be a number of stars that you click, rather than a dropdown menu. See for example https://codepen.io/jamesbarnett/pen/vlpkh
• See inline comment about making reviews work for logged-in users

Overall:

• Your application is missing a lot of authentication work - see inline comments in the merchants and products controllers.

Only the person who submitted the PR will get an email about this feedback. Please let the rest of your team know about it.

[droberts-sea]

If you're going to require that the merchant in the URL match the merchant in the session, why bother putting one in the URL? It would be easier to make it /merchants/dashboard or something similar, and show the account for only the logged in user. Then you don't even have to make this check, since there's no way they could give you the wrong ID.

[droberts-sea]

Yes, you should use strong params here.

On line 9, the session should already be set (since this relies in the current_order method).

[droberts-sea]

You should have some authorization here. As-is, anyone could use a tool like postman to change the shipping status of any order.

[droberts-sea]

This is a lot of commented out code! You should remove it - it makes this file much more difficult to read. It will still be there in the Git history if you find you need it.

[droberts-sea]

You should not just check that the user is logged in, but that they are logged in as the owner of this product. As-is, anyone can edit anyone else's products. See https://redsy.herokuapp.com/products/1

[droberts-sea]

Again, authorization is only half-done here.

[droberts-sea]

Line 26 is close. You probably want

if @login_user && @login_user.id == product.merchant_id