PayPalPlugin icon indicating copy to clipboard operation
PayPalPlugin copied to clipboard

Published 20 hours ago verified publisher icon Sylius

Add more structure to src/Controller/**

Open diimpp opened this issue 5 years ago • 0 comments

Currently all admin/shop/override controllers are in the same directory, which makes it harder to understand what goes where.

Proposition to use

Controller/Admin/EnableSellerAction.php
Controller/Admin/DownloadPayoutsReportAction.php
Controller/Shop/**
Controller/Webhook/**
Controller/Order/OrderItemController.php

OrderItemController.php can be improved by moving contents to trait OrderItemControllerTrait.php + default controller, so it won't pose problems with integration with other plugins.

Additionally there are security concerns with EnableSellerAction/DownloadPayoutsReportAction, which are loaded with active credentials, but relying on firewall to be correctly configured.

image I can guarantee, that there would be people missing admin prefix and accidentally exposing those endpoints at shop firewall, seen that multiple times.

As solution, those controllers can be checking for logged in admin user.

diimpp avatar Oct 16 '20 23:10 diimpp