Currently the workout page does not check that the workout is part of the current logged in user's training program. This means that a logged in user can update any customer's workouts.
Currently the AccountInfo page will crash on bad form input. Eg. when non integer data is sent where integers are expected it cases a crash. This should be handled gracefully and an error message should be displayed to the user indicating what was wrong with the data.
Validation error messages can be added by using the addValidationError method defined on the FormRoute class. They can be displayed in the template by including the "partials/validation-errors" template. An example can be seen in the "admin/edit-program" template.
Also to get access to the form data in the java code the "name" attribute must be defined on the input element in the html form.
Currently the workout page silently ignores bad input values. On bad input the code should abort and display an error message to the user indicating what was wrong with the input data. In the case of an validation error the form should be repopulated with the form data that was submitted in the request so that the user don't have to re-input the data that was valid.
Validation error messages can be added by using the addValidationError method defined on the FormRoute class. They can be displayed in the template by including the "partials/validation-errors" template. An example can be seen in the "admin/edit-program" template.
Also currently the code will execute unnecessary db queries when bad input is encountered. The input data should be validated before any db queries are executed.