Controllers

The Controller is where the actual code is executed. The established standard is to do as little as possible at that level. That way, we don't get 2-3-4000 lines of code in a single controller.

If you look at the already existing code base, you will see that most controller methods have 3 to 6 lines of code. Most of the code in a controller is access verification (in most cases).

When you create a controller, you should always extend the BaseController class. This parent class offers many tools that you will need during development. Things like: verifyRequester, verifyPermissions among other things.

Here is an example of how to verify user access to a feature:

let allowed = await this.verifyPermissions(
    CustomersProvider.permissions.list, 
    context.token, 
    false
) as boolean;

if (!allowed) return {
    pagination: {total: 0, currentPage: 1, pageCount: 1}, 
    customers: []
};

In this instance, we are checking that the current user has the list_customers permission, if he does not we stop the execution now with an empty response.

We always prefer an empty response to a access denied message. This helps confuse the people trying to break in.