Implement an endpoint for superadmins to retrieve all contact messages from the database. This endpoint must be protected to ensure only superadmins can access it.
Requirements
Access is restricted to all users except those with the superadmin role.
The endpoint retrieves all contact messages using the provided organization ID.
Proper error handling and validation must be implemented.
Comprehensive tests should cover all scenarios
Acceptance Criteria
Authorization:
Only superadmins can access the endpoint.
Unauthorized users should receive a 403 Forbidden error response.
Validation:
The organization ID must be a valid UUID.
Invalid or missing organization IDs should return a 400 Bad Request error response.
Invalid Organization ID - 400 Bad Request
Scenario: The provided organization ID is not a valid UUID
{
"detail": "Invalid organization ID"
}
Unauthorized Access - 403 Forbidden
Scenario: User without superadmin role tries to access the endpoint
{
"detail": "You do not have the permission to perform this action"
}
Organization Not Found - 404 Not Found
Scenario: No contact message found with the provided organization ID
{
"detail": "Contact messages not found"
}
Testing
Unit Tests:
Unauthorized Access (403):
Verify that a user without the superadmin role cannot access the endpoint.
Expected Result: 403 Forbidden response.
Invalid Organization ID (400):
Verify that the endpoint returns a 400 Bad Request for an invalid organization ID.
Expected Result: 400 Bad Request response.
Non-existent Organization ID (404):
Verify that the endpoint returns a 404 Not Found when the organization ID does not exist.
Expected Result: 404 Not Found response.
Successful Retrieval:
Verify that a superadmin can successfully retrieve all contact messages.
Expected Result: 200 OK response with the contact messages details.
Integration Tests:
User Perspective:
Test the entire process from the user's perspective, including making a request to the endpoint and receiving all contact messages.
Expected Result: Correct message details returned for valid requests.
Edge Cases:
Test edge cases such as database connection issues and ensure proper error handling.
Expected Result: Appropriate error messages and status codes (e.g., 500 Internal Server Error) for database issues.
Description
Implement an endpoint for superadmins to retrieve all contact messages from the database. This endpoint must be protected to ensure only superadmins can access it.
Requirements
Acceptance Criteria
403 Forbidden
error response.400 Bad Request
error response.Method:
GET
URL:
api/v1/dashboard/organizations/{org_id}/messages
Response:
Success: Returns the contact message details.
Failure: Returns appropriate error messages and HTTP status codes.
Expected Outcomes
403 Forbidden
responses.400 Bad Request
responses.Endpoints
GET
api/v1/dashboard/organizations/{org_id}/messages
Request Parameters:
Headers:
Authorization: Bearer <token>
Responses:
200 OK
Error validation
Invalid Organization ID -
400 Bad Request
Scenario: The provided organization ID is not a valid UUIDUnauthorized Access -
403 Forbidden
Scenario: User without superadmin role tries to access the endpointOrganization Not Found -
404 Not Found
Scenario: No contact message found with the provided organization IDTesting
Unit Tests:
Unauthorized Access (403): Verify that a user without the superadmin role cannot access the endpoint. Expected Result: 403 Forbidden response.
Invalid Organization ID (400): Verify that the endpoint returns a 400 Bad Request for an invalid organization ID. Expected Result: 400 Bad Request response.
Non-existent Organization ID (404): Verify that the endpoint returns a 404 Not Found when the organization ID does not exist. Expected Result: 404 Not Found response.
Successful Retrieval: Verify that a superadmin can successfully retrieve all contact messages. Expected Result: 200 OK response with the contact messages details.
Integration Tests:
User Perspective: Test the entire process from the user's perspective, including making a request to the endpoint and receiving all contact messages. Expected Result: Correct message details returned for valid requests.
Edge Cases: Test edge cases such as database connection issues and ensure proper error handling. Expected Result: Appropriate error messages and status codes (e.g., 500 Internal Server Error) for database issues.