Code Review - Oct 2009

Feedback from the CodeWorks 2009 Code Review - 03 October 2009

The Code Review was performed by Sebastian Bergmann, Arne Blankerts, and Stefan Priebsch.

General Feedback

• Drop the security sentinel where all logic is wrapped in a class and therefore not executable by a direct http call;
• Instead of using the explicit class loaders, an autoloader option could be useful and simplify the code
  • Implemented in v1.2, Dec 2009;
• Construct a Response Object to pass error conditions and status back and forth;
  • Implemented in v2.4, July 2011

Object-Oriented Aspects

• Convert constructors to php5-style;
  • Implemented in v1.2, Dec 2009;
• Use the php5-style parent:: construct for instantiation;
  • Implemented in v1.2, Dec 2009;
• Refactor the object properties to stop using public everything;
• The canDelete methods should be explicit in what can/can't be deleted;
  • Implemented in v3.0, Dec 2012;
• Use Dependency Injection to get DB access into the methods;
  • Implemented in v3.0, Dec 2012;
• Use prepared statements instead of DBQuery class;
• Refactor the controllers to be skinny (with fat models)
  • Begun under v1.2, Dec 2009, continuing to present day;- Nearly complete in v3.0, Dec 2012;
• Separate the models from the data access layer;