FEAT[auth]: add soft_delete endpoint to the blog app #1013
Description
Description
Currently, the blog api implements a hard delete where a deleted post might not be undeleted.
Soft Delete
By implementing a soft delete, a deleted post can be recalled via the /soft_delete/ endpoint
Acceptance Criteria
API Endpoint Implementation:
The endpoint should be accessible at soft_delete/blog/{id}
The endpoint should accept HTTP PUT requests.
Data Validation and Authorization:
The API should validate the blog ID to ensure it exists in the database.
Only the authenticated poster or admin with appropriate permissions should be allowed to update blog posts.
Response:
- On success, the API will return a 200 OK status code with a success message and updated blog post details.
- If unsuccessful, error 404 will be thrown if blog ID is not Found while code 401 will be raised for attempted unauthorized access.
Request Example:
PUT /api/v1/blog/{id}
Successful Response:
{
"status_code": 200
"message": "Blog post archived successfully",
"data": {
"id": "8j1f89c2-3c24-7c3f-a8e5-9a8a3e6d12",
"title": "Archived Blog",
"content": "Archived Blog's content",
"author_id": "879kj"
}
}If the blog post with the provided ID does not exist:
{
"detail": "Post not Found",
"status_code": 404
}If the authentication token is invalid:
{
"detail": "Invalid authentication credentials",
"status_code": 401
}if user dos not have permission to delete post:
{
"detail": "You don't have permission to perform this action",
"status_code": 403
}Purpose
Provides a backend service to allow authorized users temporarily delete blog posts with a second chance to undo action soonest.
Requirements
- Develop server-side logic to handle temporarily deleting blog post requests.
- Validate the blog ID before attempting to temporarily delete the post.
- Implement authorization to ensure only the author or admin can temporarily delete the blog post.
- Handle success and error responses appropriately.
Expected Outcome
API endpoint allows authenticated users with proper permissions to temporarily delete blog posts, returning appropriate success and error responses.
Status Codes
200: Blog post was successfully updated.
404: Blog post not found.
401: Invalid authentication credentials.
403: Forbidden access due to insufficient permissions.
500: A server error occurred.
Testing
Write unit tests to ensure the endpoint validates input correctly and handles temporarily delete blog
Perform load testing to ensure the endpoint can handle multiple requests.
Test various scenarios for updating blog posts, including invalid data, non-existent blog posts, unauthorized access, and permission issues.