search

hngprojects / hng_boilerplate_expressjs

75 stars 83 forks source link

Feature: Allow Super Admin to Get Log Of Activities #155

Open AshadeSamson opened 1 month ago

AshadeSamson commented 1 month ago

Description

Implement an API endpoint that allows authenticated super admins to retrieve logs of activities. This endpoint ensures that only users with super admin privileges can access activity logs, maintaining system security.

Endpoint Feature

Acceptance Criteria

Request Example:

Query Parameters

Response Example:

On successful retrieval of logs, the API should return a 200 OK status code. The response body should contain a paginated list of logs:

{
  "status": "success",
  "status_code": 200,
  "data": {
    "logs": [
      {
        "id": 1,
        "user_id": 1,
        "action": "update",
        "details": "Updated user details",
        "timestamp": "2024-07-23T12:00:00Z"
      },
      {
        "id": 2,
        "user_id": 2,
        "action": "create",
        "details": "Created new user",
        "timestamp": "2024-07-23T12:30:00Z"
      }
    ],
    "pagination": {
      "current_page": 1,
      "total_pages": 5,
      "total_logs": 50
    }
  }
}

Data Validation

Input Validation: Validate that the query parameters (page, limit, sort) are valid. Example: If any query parameter is invalid, return a 422 status code with an error message:

{
  "status": "unsuccessful",
  "status_code": 422,
  "message": "Invalid query parameters provided."
}

Output Validation:

Authentication and Authorization

Authentication: Verify that the user is authenticated before allowing access to the endpoint. Example: Use middleware to check for a valid authentication token.

Authorization: Ensure that only super admin users can access this endpoint. Example: Check user roles or permissions to confirm super admin authorization.

Error Handling

Error Responses: Define error responses for common failure scenarios. Example: If the user is not authorized, return a 403 Forbidden status code with an error message:

{
  "status": "unsuccessful",
  "status_code": 403,
  "message": "Access denied. Super admin privileges required."
}

Handle scenarios where the logs are not found, returning a 404 Not Found status code:

{
  "status": "unsuccessful",
  "status_code": 404,
  "message": "Logs not found."
}

Edge Cases

Consider edge cases such as database connection issues or corrupted log data. Example: Handle scenarios where the provided query parameters are invalid or incomplete.

Documentation

API Documentation: Document the endpoint in the API documentation with request and response examples using the standard OpenAPI 3.1.0 standard. Include details on the authentication mechanism.

Testing Requirements

Unit Tests: Write unit tests to validate the retrieval logic and authorization checks. Write tests for all error cases. Integration Tests: Ensure end-to-end functionality is tested with integration tests, including various pagination, authentication, and authorization flows.

Dependencies and Impact

Dependencies: Ensure the user authentication middleware and super-admin middleware are operational.

Impact Analysis: Assess the potential impact on other features or components, ensuring that existing functionality is not disrupted. Consider the impact on API consumers who may need to update their integration to handle the paginated responses.

PreciousIfeaka commented 1 month ago

Please, present your issue description in markdown format. It's just in plain text here.

AdeGneus commented 1 month ago

You didn't include offset in the query params. Update the response body to use snake_case and not kebab-case. The Kebab case is only for endpoints.

Format the markdown, you are likely missing a ``` to terminate the body

AshadeSamson commented 1 month ago

Corrections implemented. Please Review

@AdeGneus @PreciousIfeaka

PreciousIfeaka commented 1 month ago

You added validation error Response to your success response.

AshadeSamson commented 1 month ago

Corrected @PreciousIfeaka