- if a customer deletes their account, the comments shouldn't be deleted. to implement that, the comment's customer foreign key can be null. Is that ok ? or will it produce issues ?
- on delete cascade
- each order will reference its invoice and vice versa
- if a customer deletes their account, customer should be warned in case of any undelivered orders.
- after confirmation, customer's completed orders stay, pending orders gets canceled.
- if the customer is deleted, their address should also be deleted
- this entity is a weak entity, with the product and customer as defining entities
- if the customer is deleted, the order item will be deleted
- if the product is deleted, the order item will be deleted, notify the customer that we no longer sell this deleted product
- the program will allow the same address to be assigned to multiple warehouses in case there are multiple warehouses in the same area
- on warehouse deletion cascade
- on product deletion cascade
rule | implementors |
---|---|
person (customer/admin) email must be unique across customers and admins tables | CreatCustomerRequestValidator |
a guest can't access admin pages | AdminAuthorizationMiddleware |
a customer can't access admin pages | AdminAuthorizationMiddleware |
any logged in client can't access any login or registration forms | GuestMiddleware |
for any person, max phone number length is 20 characters | Customer & Admin entities |
- Pending: The order has been received, but processing has not yet begun.
- Processing: The order is being prepared for shipment, including tasks such as packaging and inventory verification.
- Shipped: The order has been dispatched to the customer’s shipping address.
- Out for Delivery: The order is with the courier or postal service, awaiting final delivery.
- Delivered: The order has been successfully delivered to the customer.
- Canceled: The order has been canceled by the customer or the e-commerce website.
- Returned: The order has been returned to the seller due to customer dissatisfaction or other reasons.
// TODO: check stripe payment gateway first
// TODO: check stripe
- Heredoc encloses the result in double quotes, meaning that it can have variables inside.
- Nowdoc encloses the result in single quotes, it can NOT have variables inside.
- Each new middleware layer surrounds any existing middleware layers. The concentric structure expands outwardly as additional middleware layers are added.
- The last middleware layer added is the first to be executed.
- check them here
- check attributes reference here
- Entity attribute is required, it marks a PHP class as an entity to be persisted in the DB
- while Table attribute is optional, it describes the table the entity is persisted in
- first - Migrate down to before the first version.
- prev - Migrate down to before the previous version.
- next - Migrate up to the next version.
- latest - Migrate up to the latest version.
- the problem was that the "foreign key" was of type VARCHAR not an INT in all tables
- me: I knew where was the problem, I added the Column attribute which made the problem
- chatGpt: That makes sense. The Column attribute should not be used on a property that represents a relationship to another entity, like ManyToOne. Using Column here can cause Doctrine to treat the property as a basic column instead of a foreign key reference, which led to the issue you encountered.
- third migration corrected that mistake
-
Application Programming Interface (API)
-
REpresentational State Transfer (REST): a set of architectural principles for building web services.
-
Read: What is a REST API?
-
Read: REST API Best Practices
-
For API testing use Dynamic Variables
-
Products API
-
Categories API
-
Manufacturer API
-
Warehouse API
-
Customer API
- I found that I need to define
enctype
attribute with valuemultipart/form-data
to be able to send files to the server - but why is that ?? and what does the new terminology mean ?
- if we want to validate that the uploaded file is five Megabytes
- Megabytes = 5
- Kilobytes = Megabytes * 1024
- Bytes = Kilobytes * 1024
- when receiving a file, you validate it
- successful upload
- size ?
- name ?
- type
- but when it comes to types, the file type can be spoofed !! even the UploadedFileInterface->getClientMedaType function documentation tells you to not trust the output of this function
- what are MIME types ?? (write it here for reference)
- a reference by internet assigned numbers authority (iana) here
- only enable CORS when necessary to minimize security risks
- use specific origin whitelists rather than allowing access from all domains
- limit the methods and headers allowed in CORS requests to reduce potential vulnerabilities
- configure cookie options:
- httponly: only access the session using http (because it's accessible by js by default)
- secure: HTTPS only, it's never sent on an insecure HTTP connection (except for localhost)
- samesite:
- cross-site scripting (XSS) protection
- regenerate session id
- more information at MDN docs
- Fetch and display the main data first, then activate filtering
- take products' pagination for example, it's better to fetch and display products first, then activate filtering (by category, by price, etc..) and sorting (by release data, price, rating, etc....)
- why this approach is better ?
- User experience: Displaying products first ensures that the client can see content immediately rather than waiting for filtering options to load.
- Data availability: It's better to make sure that data is accessible before activating filtering functionality, this way the application will be much efficient. If order is flipped, resources maybe wasted.
- make a dynamic attributes system (suggested by chatGPT)
- advanced filtering (i5, i7 CPUs for laptops)
- sub-categories (phones > [i-phone, Samsung, phone accessories])
- Complaints system (using UI and emails)
- sales tracking (store sales quantity)
- advanced CMS
- capacity for more employees (manger, supervisor, product manager, order manager)
- order tracking
- Maybe add the feature of archiving products, for data analysis sake.