Recently I made a TDD for my project rails_todo_api it is a API only application with devise for user authentication and RSpec framework for testing. I'm new to testing and rspec. Here is my github repo: https://github.com/iak97/rails_todo_api.
I need a code review and feedback about it. What improvements and fixes I need to make to better the code. Thanks in advance!
Top comments (4)
I have had a brief look and I'm not sure where you would like the comments. My main observation is that there doesn't seem to be any isolation, so user X can see and update user Y's todos if they can guess the id.
A couple of other comments:
I think an API like this is a bit too simple an example - it's a good starting point, but it doesn't really encourage you to do what we developers do, which is to solve problems for users. It might be better to make it a full-stack rails application with a simple UI, as it might help you think of some more use cases (what happens to done todos - should they be binnable which expires after a period?) and make it more than an academic exercise. Testing rails applications with capybara is great fun as well!
@starswan Thanks for your valuable comments and it will definitely help me to learn and grow. I will take these points and better my code. In the upcoming days will try to build a full-stack application and test it.
@starswan Thank you for taking the time to review my project and providing feedback! I appreciate your observation regarding the lack of isolation in user data and I will fix this.