[FEAT]: Allow Super Admin to Update a Single User

[max-out-oluwadara]

Description

Implement an API endpoint that allows authenticated super admins to update a single user's details. This endpoint ensures that only users with super admin privileges can modify user information, maintaining system security.

Endpoint Feature

• This endpoint enables authenticated super admins to update specific user details.
• Access is restricted to users with super admin privileges to ensure system security.

Acceptance Criteria

• [x] The endpoint should be accessible at PATCH /api/v1/admin/users/fa9adebacde...
• [x] The endpoint should accept HTTP PATCH requests.
• [x] The endpoint should require user details to be updated in the request body.
• [x] The endpoint should return the updated user details upon success.
• [x] The endpoint should return a 200 OK status code with the updated user details.

Request Example:

METHOD: PATCH /api/v1/admin/users/fa9adebacde...

Header

Authorization: Bearer <access-token>
Content-Type: application/json

Body

{
"firstName": "New",
"lastName": "Name",
"email": "existinguser@example.com",
"role": "admin",
"password": "newPassword",
"isverified": true
}

Response Example:

• On successful update of the user, the API should return a 200 OK status code. The response body should contain the updated user details:

json

{
"status": "success",
"status_code": 200,
"data": {
"user": {
"id": 1,
"name": "New Name",
"email": "existinguser@example.com",
"role": "admin",
"created_at": "2024-07-22T10:00:00Z",
"updated_at": "2024-07-23T12:00:00Z"
}
}
}

Data Validation

Input Validation:

• Validate that the user ID exists and the user details in the request body are valid.
• Example: If any detail is invalid, return a 422 status code with an error message:

  json

  {
  "status": "unsuccessful",
  "status-code": 422,
  "message": "Invalid user details provided."
  }

  Output Validation:

• Ensure the response format is correct and includes appropriate status codes and messages.
• Ensure the updated user details are accurately reflected in the response.

Authentication and Authorization

Authentication:

• Verify that the user is authenticated before allowing access to the endpoint.
• Example: Use middleware to check for a valid authentication token.

Authorization:

• Ensure that only super admin users can access this endpoint.
• Example: Check user roles or permissions to confirm super admin authorization.

Error Handling

Error Responses:

• Define error responses for common failure scenarios.

• Example: If the user is not authorized, return a 403 Forbidden status code with an error message:

  json

  {
  "status": "unsuccessful",
  "status-code": 403,
  "message": "Access denied. Super admin privileges required."
  }

• Handle scenarios where the user ID does not exist, returning a 404 Not Found status code:

json

{
"status": "unsuccessful",
"status-code": 404,
"message": "User not found."
}

Edge Cases

• Consider edge cases such as database connection issues or corrupted user data.
• Example: Handle scenarios where the provided user details are invalid or incomplete.

Documentation

API Documentation:

• Document the endpoint in the API documentation with request and response examples using the standard OpenAPI 3.1.0 standard.
• Include details on the authentication mechanism.

Testing Requirements

Unit Tests:

• Write unit tests to validate the update logic and authorization checks.
• Write tests for all error cases.

Integration Tests:

• Ensure end-to-end functionality is tested with integration tests, including various authentication and authorization flows.

Dependencies and Impact

Dependencies:

• Ensure the user authentication middleware and super-admin middleware are operational.

Impact Analysis:

• Assess the potential impact on other features or components, ensuring that existing functionality is not disrupted.
• Consider the impact on API consumers who may need to update their integration to handle updated user details.

[AdeGneus]

1. Use kebab case for the request param
2. The user-id is a UUID, not an integer.
3. Input validation error should return a 422 status code

Format the issue nicely and you are good to go

[max-out-oluwadara]

@AdeGneus done pls recheck

[AdeGneus]

The endpoint should be something like this /api/v1/users/fa9adebacde. The UUID reference is its data type

[max-out-oluwadara]

@AdeGneus done