[FEAT] Retrieve all Contact us Messages

[jubriltayo]

Description

Implement an endpoint for superadmins to retrieve all contact messages from the database. This endpoint must be protected to ensure only superadmins can access it.

Requirements

• Access is restricted to all users except those with the superadmin role.
• The endpoint retrieves all contact messages using the provided organization ID.
• Proper error handling and validation must be implemented.
• Comprehensive tests should cover all scenarios

Acceptance Criteria

1. Authorization:

• Only superadmins can access the endpoint.
• Unauthorized users should receive a 403 Forbidden error response.

2. Validation:

• The organization ID must be a valid UUID.
• Invalid or missing organization IDs should return a 400 Bad Request error response.

3. Endpoint:

• Method: GET

• URL: api/v1/dashboard/organizations/{org_id}/messages

• Response:

• Success: Returns the contact message details.

• Failure: Returns appropriate error messages and HTTP status codes.

Expected Outcomes

• Superadmins can retrieve all contact messages using the provided organization ID.
• Unauthorized access attempts result in 403 Forbidden responses.
• Validation errors result in 400 Bad Request responses.

Endpoints

• GET api/v1/dashboard/organizations/{org_id}/messages

• Request Parameters:

  • org_id (UUID): The ID of the contact message to retrieve.

• Headers:

  • Authorization: Bearer <token>

• Responses:

  • Success - 200 OK

    [{
    "id": "UUID",
    "sender": "string",
    "email": "string",
    "message": "string",
    "created_at": "datetime",
    "updated_at": "datetime"
    },
    {
    "id": "UUID",
    "sender": "string",
    "email": "string",
    "message": "string",
    "created_at": "datetime",
    "updated_at": "datetime"
    },
    ...,
    ]

    Error validation

• Invalid Organization ID - 400 Bad Request Scenario: The provided organization ID is not a valid UUID

  {
  "detail": "Invalid organization ID"
  }

• Unauthorized Access - 403 Forbidden Scenario: User without superadmin role tries to access the endpoint

  {
  "detail": "You do not have the permission to perform this action"
  }

• Organization Not Found - 404 Not Found Scenario: No contact message found with the provided organization ID

  {
  "detail": "Contact messages not found"
  }

  Testing

  Unit Tests:

• Unauthorized Access (403): Verify that a user without the superadmin role cannot access the endpoint. Expected Result: 403 Forbidden response.

• Invalid Organization ID (400): Verify that the endpoint returns a 400 Bad Request for an invalid organization ID. Expected Result: 400 Bad Request response.

• Non-existent Organization ID (404): Verify that the endpoint returns a 404 Not Found when the organization ID does not exist. Expected Result: 404 Not Found response.

• Successful Retrieval: Verify that a superadmin can successfully retrieve all contact messages. Expected Result: 200 OK response with the contact messages details.

• Integration Tests:

User Perspective: Test the entire process from the user's perspective, including making a request to the endpoint and receiving all contact messages. Expected Result: Correct message details returned for valid requests.

Edge Cases: Test edge cases such as database connection issues and ensure proper error handling. Expected Result: Appropriate error messages and status codes (e.g., 500 Internal Server Error) for database issues.

[onlyoneuche]

This is a duplicate of this issue