952 B
Consistency in error management.
Both exceptions and error reponses are used. A choice should be made between the two options. A combinaison of both is fine as long as the logic is comprehensively documented.
Response::Error class is overused. A simple error message is given instead of specific messages for each recurring error. In the same time, some exceptions (such as AdminAuthenticationException) are used a few times for the same kind of errors.
Authorization rules should be clear and documented. Currently, some operations are restricted to an admin, defined explicitely by the user admin boolean. These operations could be delegated to simple users with some specific fine-grained authorizations.
Structures, not classes
Maybe in some cases, it could be great to use structures instead of classes. They are simpler, use less memory and computation.
Documentation.
Documentation isn't started, yet. TODO!