[FEAT] API endpoint to Retrieve Authenticated User's Organisations - Backend

[ugberaeseac]

Description

Implement a secure API endpoint to list all organizations associated with the authenticated user. Ensure the endpoint only returns the user's organizations and handles unauthorized and forbidden request errors properly.

Acceptance Criteria

Authentication

• The endpoint should be protected and require the user to be authenticated.
• If the user is not authenticated, the endpoint should return a 401 Unauthorized status with an appropriate error message.

Fetch User Organisations

• The endpoint should fetch all organisations the authenticated user belongs to or has created.
• The fetched organisations should only include those associated with the authenticated user.

Successful Response

• If successful, it should return a 200 OK status code.
• The response should include a list of all organisations the user belongs to.

Endpoint:

[GET] /api/v1/organisations/me

Requests

GET /api/v1/organisations/me
Content-Type: application/json
Authorization: Bearer <access_token>

No request body or parameters required.

Successful Response

{
  "status": "success",
  "message": "Organizations retrieved successfully",
  "data": {
    "organisations": [
    {
        "orgId": "123e4567-e89b-12d3-a456-426614174000",
        "name": "Tech Innovators",
        "description": "A company focused on innovative tech solutions."
    },
    {
        "orgId": "123e4567-e89b-12d3-a456-426614174001",
        "name": "Health Solutions",
        "description": "Providing advanced healthcare services and products."
    }
    ]
  }
}

Error Response

401 Unauthorized

{
  "status":  "Unauthorized",
  "message":  "Unauthorized. Please log in."
  “status-code”: 401
}

403 Forbidden

{
  "status":  "Forbidden",
  "message":  "Forbidden. You are not authorized to access these organisations."
  “status-code”: 403
}

Purpose

Allow authenticated users to retrieve a list of organisations they created or belong to, therefore ensuring secure and accurate data retrieval.

Requirements

• [ ] Endpoint is protected and requires user authentication.
• [ ] Endpoint returns only the organizations associated with the authenticated user.
• [ ] Organisation object returned contains necessary fields
• [ ] Endpoint returns proper error messages for unauthorized and forbidden access attempts.

Expected Outcome

• [ ] Authenticated users should receive a list of their organizations with the necessary fields.
• [ ] Unauthenticated users should receive an HTTP 401 Unauthorized error.
• [ ] Proper error handling ensures security and reliability of the endpoint.

Testing:

Unit Tests:

• Write unit tests to ensure the endpoint correctly retrieves organisations for authenticated users.
• Test that the endpoint only returns organisations associated with the authenticated user.
• Test various scenarios, including:
• Valid user with multiple organisations.
• Valid user with no organisations.
• Valid user with organisations they belong to and organisations they have created.
• Invalid user or unauthenticated user.

Authentication Tests:

• Test that the endpoint returns 401 Unauthorized when the request is made by an unauthenticated user.
• Test that the endpoint allows access to authenticated users only.

Authorization Tests:

• Test that the endpoint returns 403 Forbidden when an authenticated user attempts to access organisations they do not belong to.
• Ensure the endpoint only returns organisations the user is a part of or has created.

[markessien]

This is not how it works

[markessien]

I have seen this before, check for duplication

[ugberaeseac]

Its obvious the other was done after ours was done because we are Issue #52 and the other is issue #154

[Hardeezah]

52 is earlier than yours, your last edit was 10 hours ago and mine was 13 hours ago

[ugberaeseac]

Sir, I don't think the features are similar. From my understanding, going by the endpoints

154: URL: /api/users/:user_id/organisations:

Implementing a feature whereas an authenticated user can view organisations any other user is associated with by providing their user id

52: [GET] /api/v1/organisations

implementing a feature where an authenticated user can only view the organisations they are associated with and takes no paramaters. It is similar to the endpoint /api/v1/organisations/me.

The logic is different, we can both start working on them?

[Hardeezah]

okay

[ugberaeseac]

@Hardeezah I advise you restructure your TITLE and also a bit of your description on #154 and i would edit #52 endpoint to " /api/v1/organisations/me"