[FEAT] Update Comment in the Blog section by the User(Creator of comment)

githukueliud commented 1 month ago

Description

An API endpoint to enable users to update their comments in the Blog comment section. The endpoint ensures a user can update their comment in the blog section at will. The endpoint should at first ensure that the comment exists. The endpoint should also be protected, and ensure that the user that is logged in is the owner of the said comment.

Models Involved

Comment: Represents the comments made by users on blog posts.
Blog: Represents the blog posts to which comments are made.

Acceptance Criteria

The endpoint should be accessible at PUT /api/v1/user/blog/comment/{comment-id}
The endpoint should accept HTTP POST requests.
The endpoint should be secured to ensure that only authenticated users can update their comments.
Requests to the endpoint must include a valid authentication token in the Authorization header. Authorization: Bearer
The comment should be tied to the blog it is meant to comment on.

Endpoint

Description: Update the content of the About page.
Endpoint: PUT /api/v1/about
Authentication: Required
Authorization: Creators of resource(comment) only
Request Body:

{
  "comment_body": "string"
}

Response

On a successful update of the comment, the API should return a 200 Ok status code.

The response body should contain status and a message Response (Success):

{
"message": "Comment updated successfully.",
"status": "success",
"status_code": 200
}

If the comment body field is missing or invalid, the API should return a 400 Bad Request status code with appropriate validation error messages.

{
  "message": "comment field must be provided",
  "status": "unsuccessful",
  "status_code": 400
}

If the comment is not found, the API should return a 404 Not Found status code with appropriate validation error messages.

{
  "message": "comment not found",
  "status": "unsuccessful",
  "status_code": 404
 }

If a user tries to edit a comment that does not belong to them, the API should return a 400 Bad Request status code with appropriate validation error messages.
```
{
"message": "You do not have permission to edit this comment.",
"status": "unsuccessful",
"status_code": 400
}
```

Purpose

Provides a secure backend service that allows users to update their comments in the blog section.

Requirements

Develop server-side logic to update the user’s comments in the blog section.
Securely handle comments updates and comply with security standards.
Ensure that the user owns or originally wrote the comment they want to update.

Expected Outcome

API endpoint allows users to update their comments in the blog section with appropriate validation and security measures.

Tasks

[ ] Define the server-side application's PUT /api/v1/user/blog/comment/{comment-id} route.
[ ] Ensure requests include a valid token in the Authorization header.
[ ] Validate that user owns the comment they want to update.
[ ] Update the comment body if it is valid and meets security requirements.
[ ] Handle cases where the current user is not the comment owner.

Testing

Write unit tests to validate user can only update a comment they have written.
Write integration tests to ensure end-to-end functionality.
Perform security testing to ensure data protection and compliance.

markessien commented 1 month ago

Comments are not tied to any model

markessien commented 1 month ago

issue not fixed

hngprojects / hng_boilerplate_nestjs