Currently all admin/shop/override controllers are in the same directory, which makes it harder to understand what goes where.
Proposition to use
Controller/Admin/EnableSellerAction.php
Controller/Admin/DownloadPayoutsReportAction.php
Controller/Shop/**
Controller/Webhook/**
Controller/Order/OrderItemController.php
OrderItemController.php can be improved by moving contents to trait OrderItemControllerTrait.php + default controller, so it won't pose problems with integration with other plugins.
Additionally there are security concerns with EnableSellerAction/DownloadPayoutsReportAction, which are loaded with active credentials, but relying on firewall to be correctly configured.
I can guarantee, that there would be people missing admin prefix and accidentally exposing those endpoints at shop firewall, seen that multiple times.
As solution, those controllers can be checking for logged in admin user.
Currently all admin/shop/override controllers are in the same directory, which makes it harder to understand what goes where.
Proposition to use
OrderItemController.phpcan be improved by moving contents to traitOrderItemControllerTrait.php+ default controller, so it won't pose problems with integration with other plugins.Additionally there are security concerns with
EnableSellerAction/DownloadPayoutsReportAction, which are loaded with active credentials, but relying on firewall to be correctly configured.I can guarantee, that there would be people missing
adminprefix and accidentally exposing those endpoints at shop firewall, seen that multiple times.As solution, those controllers can be checking for logged in admin user.