Tor, Angelica, Hannah - SuperMarket Betsy - Octos

[hannahlcameron]

bEtsy

Congratulations! You're submitting your assignment! These comprehension questions should be answered by all members of your team, not by a single teammate.

Comprehension Questions

Question	Answer
How did your team break up the work to be done?	We broke up work assignments evenly by models (2 each) and then worked our way through the controllers as we needed them. We continued to assign work based off of priority and difficulty of task. We worked mostly independently, but closely coordinated so that we were in sync with each other.
How did your team utilize git to collaborate?	We used git to collaborate by leveraging the ability to push branches up got git. We CR-ed these branches before we merged them into our master, which cut down on bugs and helped make sure we all knew what was going on in our code base.
What did your group do to try to keep your code DRY while many people collaborated on it?	We utilized view helpers and partials to keep things dry. We also assigned work with this in mind so we ran into fewer issues.
What was a technical challenge that you faced as a group?	The conditional validations on orders that showed/didn't show personal information on the site as appropriate.
What was a team/personal challenge that you faced as a group?	You only gave us three people.
What could your team have done better?	Fine, we could have had higher test coverage, but we're happy with our 91%.
What was your application's ERD? (include a link)	https://www.lucidchart.com/documents/edit/2292d0d1-d497-4a72-ba8f-1089ed986071/0?shared=true&existing=1&docId=2292d0d1-d497-4a72-ba8f-1089ed986071
What is your Trello URL?	https://trello.com/b/TSmAKxla/supermarket
What is the Heroku URL of your deployed application?	https://superheromarket.herokuapp.com/

[droberts-sea]

bEtsy

What We're Looking For

Feature	Feedback
Baseline
Appropriate Git Usage with all members contributing	yes - I'm glad that code reviews worked well for you
Answered comprehension questions	yes
Trello board is created and utilized in project management	yes
Heroku instance is online	yes
General
Nested routes follow RESTful conventions	mostly
oAuth used for User authentication	yes - good work getting Google sorted out
Functionality restricted based on user roles	some - see inline (products controller)
Products can be added and removed from cart	yes
Users can view past orders	yes
Merchants can add, edit and view their products	yes
Errors are reported to the user	yes
Order Functionality
Reduces products' inventory	yes
Cannot order products that are out of stock	yes
Changes order state	yes
Clears current cart	yes
Database
ERD includes all necessary tables and relationships	yes
Table relationships	yes
Models
Validation rules for Models	yes
Business logic is in the models	mostly - some places it's not enough, some places it's overdone / overcomplicated
Controllers
Controller Filters used to DRY up controller code	yes
Testing
Model Testing	yes
Controller Testing	mostly - Many test cases missing around authorization. Since these mostly rely on controller filters they won't show up in simplecov, but they're still important! See inline for examples.
Session Testing	yes
SimpleCov at 90% for controller and model tests	yes - great job!
Front-end
The app is styled to create an attractive user interface	yes - that contrast is a little hard to swallow, but it fits the theme and makes for a consistent look and feel
Content is organized with HTML5 semantic tags	yes
CSS is DRY	yes
Overall	Great work overall! You've built a fully functional web store from top to bottom, everything short of payment processing. This represents a huge amount of work, and you should be proud of yourselves! Your code is pretty well organized all the way from the CSS to the database, and I am quite happy with this submission. There are definitely places where things could be cleaned up or refined, or where there are feature gaps you might like to fill - I've tried to outline some of these below. However bEtsy is a huge project on a very short timeline, and this feedback should not at all diminish the magnitude of what you've accomplished. Keep up the hard work!

Only the person who submitted the PR will get an email about this feedback. Please let the rest of your team know about it.

[droberts-sea]

Product params should not include the merchant ID - you should be taking that from the session! I was able to change the owner of a product, effective "stealing" it.

[droberts-sea]

Edit and update should both be making sure that the logged-in user is also the owner of the product. I was able to change the info on someone else's product by typing the URL into the address bar.

[droberts-sea]

Here you're checking for product ownership - good work. Since you need it in multiple places, this would be a good candidate for a controller filter.

[droberts-sea]

On line 24, why not order_item.order.status?

[droberts-sea]

I'm not sure what this method is accomplishing. Why not start with orders.where(status: status), and then for each of those orders say order.order_items? Seems like putting it all into a hash of arrays is redundant.

[droberts-sea]

What is this test name?

[droberts-sea]

I would probably include some test cases around auth here - what if you're not logged in? What if you're logged in as someone other than the merchant offering this product?

[droberts-sea]

You need to include negative cases for the things a guest user / the wrong user can't do.

[droberts-sea]

Good! More of this sort of test.

[droberts-sea]

Good catch of this edge case