Development Approach - constaac/wine-mate-api GitHub Wiki

The development process began with envisioning what kind of resources my application would have to persist. After wireframing, I came to the conclusion that my user stories were revolving around creating a list for a collection and a list for a wish list. Since I didn't plan on making my application a social network of sorts, I didn't need to make users' lists public to others, and since users currently one have one list for each resource, my ERD was pretty straight foreward to develop.

The ERD revolves around users owning inventory items and wish-list items. These two resources are stores in two different tables, and belong to users via user ID. Users share a one-to-many relationship with both Inventory items and Wish List items.

From that point, I simply scaffolded my resources, and then customized them to protect against malicious curl scripting from other users. To do this, I used the OpenReadController class to require authentication, set current user via auth Token, and then only allow requests that affected entries that belonged to the user associated with the token.