Restrict "Add Review" to Logged-in Users & Save Reviews #179
Description
Currently, any visitor can submit a review, and the review is only stored locally in the frontend state.
This poses two problems:
- Unauthorized submissions : Non-authenticated users can add reviews, which is not ideal for data integrity.
- No backend persistence : Reviews are not stored in the database. This means if any review is to be moderated, analysed, or otherwise worked upon by the admin, it cannot be done because the data isn’t persisted or accessible server-side.
Solution :
- On the frontend : When a non-logged-in user clicks “Add Review”, show a toast notification: "Please log in to add a review", and do not open the review form. For logged-in users, allow the form to open.
- On form submission by a logged-in user : Push the review into the logged-in user’s reviews array in the user.js model.
Display Strategy:
Reviews stored in the user.js model can also be displayed on the homepage, depending on admin preferences.
Two possible approaches:
- Latest-first rendering: Push new reviews to the collection and automatically show the most recent ones on the site.
- Selective rendering: Only display reviews approved/selected by the admin, while storing all others for internal analytics, sentiment analysis, or feature improvement.
Questions:
- Which approach should we implement, automatic display of the latest reviews, or an admin-controlled curation process? (either can be worked upon)
- If the admin thinks this issue is genuine and can be worked upon, please assign :) @AditiGupta-tech
Commit and Conquer.