mohd/Salon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9767ff0a70fdff5a177411306229fc52e239c32
Salon/docs/risks.md
T
mohd 411180e312 Created and activated the booking integrity ExecPlan, then implemented staff availability, overlap prevention, and duration validation with backend tests. 
Added a staff availability model and migration, a booking validation service, and serializer enforcement.
2026-02-28 12:05:57 +03:00

1.3 KiB
Raw Blame History

Risks And Gaps

This file tracks known gaps and risks to address in future iterations.

Security And Auth

  • Phone normalization is KSA-focused and minimal; broaden for multi-country use.
  • OTP protections are basic; add device fingerprinting and IP throttling if needed.
  • OTP provider adapters (Twilio/Unifonic) are scaffolds only; no real SMS/WhatsApp delivery yet.
  • Social login is a placeholder.
  • USERNAME_FIELD is still email while email can be null; verify admin/login flows.

Booking Integrity

  • Availability checks and overlap prevention are now enforced for staff bookings.
  • No timezone handling or business hours enforcement.
  • No cancellation rules or refund logic.

Payments

  • Payment integration is not implemented. Current API only stores records and a Moyasar scaffold exists.
  • Webhook handling and payment status reconciliation missing.
  • Idempotency handling for payment creation missing.

Data And UX

  • Ratings are not recalculated from reviews.
  • No image upload or storage strategy for photos.
  • No notifications (email/SMS) beyond OTP scaffolding.
  • Localization foundations are in progress; full Arabic translation coverage and RTL QA are still pending.

Ops And Compliance

  • No audit logs for admin actions.
  • No multi-tenant isolation or data export tooling.
  • No GDPR/PDPL data retention policies defined.
Reference in New Issue View Git Blame Copy Permalink