[FEAT]: Endpoint to allow Super admin to permanently delete an organisation

[Emeriego]

Description

Implement an API endpoint for permanently deleting an organization. This endpoint allows only authenticated super admin users to delete an organization permanently from the system.

Endpoint Feature

This endpoint enables authenticated super admin users to permanently delete an organization. The Super Admin is limited to deleting organizations by their unique identifier. Once deleted, the organization and all its associated data cannot be recovered. It is permanent.

Acceptance Criteria

• [ ] The endpoint should be accessible at DELETE /api/v1/organizations/{organizationId}/delete.
• [ ] The endpoint should accept HTTP DELETE requests.
• [ ] The endpoint should permanently delete the organization with the provided ID.
• [ ] The endpoint should return a 200 OK status code with a success message in the response body.

Request Example

DELETE /api/v1/organizations/12345/delete Content-Type: application/json Authorization: Bearer

Response Example

On successful deletion of the organization, the API should return a 200 OK status code. The response body should contain a success message:

{
  "status": "success",
  "status_code": 200,
  "message": "Organization deleted successfully."
}

Data Validation

Input Validation:

• Confirm that the organizationId is provided and valid.
• Example: If organizationId is invalid or missing, return a 400 status code with an error message.

{
  "status": "unsuccessful",
  "status_code": 400,
  "message": "Valid organization ID must be provided."
}

Output Validation:

Ensure the response format is correct and includes appropriate status codes and messages. If there is an error in deleting the organization (e.g., invalid organization ID, server issues), the API should return a 500 Internal Server Error status code with an appropriate message:

{
  "status": "unsuccessful",
  "status_code": 500,
  "message": "Failed to delete organization. Please try again later."
}

Authentication and Authorization

Authentication:

• Verify that the user is authenticated before allowing access to the endpoint.
• Example: Use middleware to check for a valid authentication token.

Authorization:

• Ensure that only super admin users can delete organizations.
• Example: Check user roles or permissions to confirm authorization.

Error Handling

Error Responses:

• Define error responses for common failure scenarios.
• Example: If the organization ID is invalid, return a 400 status code with an error message:

{
  "status": "unsuccessful",
  "status_code": 400,
  "message": "Invalid organization ID."
}

Edge Cases:

• Consider edge cases such as non-existent organization ID, and concurrent deletion attempts.
• Example: Handle scenarios where the organization ID does not exist in the system.

Performance and Security

Performance Considerations:

• Review potential performance implications and optimize the API for efficiency.
• Example: Implement rate limiting to prevent abuse.

Security Concerns:

• Address security considerations such as data sanitization.
• Example: Sanitize user inputs to prevent injection attacks.

Documentation

API Documentation:

• Ensure that API documentation is updated to include details about the new endpoint, request/response formats, error handling, and authentication requirements.

Technical Notes:

• Include any additional technical notes or considerations.

Testing Requirements

Unit Tests:

• Write unit tests to validate input data and deletion logic.

Integration Tests:

• Ensure end-to-end functionality is tested with integration tests.

Dependencies and Impact

Dependencies:

• dependencies on other tasks or systems, such as user authentication.

Impact Analysis:

• Assess the potential impact on other features or components, ensuring that existing functionality is not disrupted.

[incredible-phoenix246]

How will u get the user and verify

Yr request body doesn't show that

Update it

[Emeriego]

Thats the work of middleware. The user is expected to be logged in and authenticated.. that does not reflect on the request body. Thats why the Authorization bearer is there. Correct me if i'm wrong.