Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT] API EndPoint to Allow Super Admin Delete a User's Account Permanently #160

Open
NICANORKYAMBA opened this issue Jul 23, 2024 · 0 comments
Open

[FEAT] API EndPoint to Allow Super Admin Delete a User's Account Permanently #160

NICANORKYAMBA opened this issue Jul 23, 2024 · 0 comments
Labels
Approved

Comments

@NICANORKYAMBA
Copy link

NICANORKYAMBA commented Jul 23, 2024
edited
Loading

Description

Implement functionality that allows a super admin to permanently delete a user's account from the system. This feature should ensure that user data is completely removed and cannot be recovered.

Acceptance Criteria

API Endpoint Implementation

  • The endpoint should be accessible at /api/v1/users/:id.
  • The endpoint should accept HTTP DELETE requests.
  • The endpoint should be protected with authentication and authorization middleware to ensure only super admins can delete a user.

Authorization

  • Only users with the super admin role should have permission to use this endpoint.
  • The endpoint should validate the requesting user's role and reject requests if the user is not a super admin.

Data Deletion

  • The user's account, including associated data (e.g., user profile, related records), should be permanently deleted from the database.
  • Ensure that all related data is also removed to prevent orphaned records.

Response

  • On success: The API should return a 200 OK status code with a success message.
  • On failure: The API should return a 403 Forbidden status code if the user is not authorized, or a 500 Internal Server Error status code for unexpected errors.

Request Example

DELETE /api/v1/users/123
Content-Type: application/json
Authorization: Bearer <token>

Successful Response Example

{
  "message": "User account deleted successfully",
  "status": 200
}

Error Response Example

{
  "message": "Forbidden: Super admin access required",
  "status": 403
}

or

{
  "message": "Internal server error",
  "status": 500
}

Purpose

Enable super admins to permanently delete user accounts, ensuring that all associated data is also removed from the system.

Requirements

  • Develop server-side logic to handle the deletion of user accounts.
  • Implement authorization checks to ensure only super admins can perform the deletion.
  • Ensure all related data is properly removed.

Expected Outcome

Super admins can permanently delete user accounts through the API, with all associated data being completely removed.

Status Codes

  • 200: User account was successfully deleted.
  • 403: Forbidden access for non-super admin users.
  • 404: User not found.
  • 500: Internal server error.

Testing

  • Write unit tests to verify that the endpoint correctly deletes user accounts and associated data.
  • Test authorization to ensure only super admins can perform the deletion.
  • Perform integration testing to confirm that related data is removed and no orphaned records remain.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Approved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AdeGneus @PreciousIfeaka @NICANORKYAMBA