Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: create feature request api endpoint #1204

Open
wants to merge 15 commits into
base: dev
Choose a base branch
from
Open

feat: create feature request api endpoint #1204

wants to merge 15 commits into from

Conversation

DanielleBadobre
Copy link

@DanielleBadobre DanielleBadobre commented Mar 1, 2025
edited
Loading

FEATURE REQUESTS API

Description

Implemented feature request functionality, including:

  • Feature request API endpoints (Create, Read, Update, Delete)
  • Authorization checks to allow only request owners or superadmins to access and modify requests
  • Pydantic request and response models
  • Database service layer integration
  • Unit tests for API endpoints

Related Issue (Link to issue ticket)

#1191

Motivation and Context

This feature enables users to request new functionalities directly from the application while ensuring that only authorized users can view, update, or delete their own requests. Superadmins have access to all feature requests.

How Has This Been Tested?

  • Postman: Manually tested all API endpoints with valid and invalid requests
  • FastAPI documentation UI: Verified request creation, retrieval, update, and deletion
  • Pytest: Wrote unit tests to cover major service layer functions and API endpoints

Screenshots (Postman, etc):

Pytest Results

pytests

Creating Feature Request

create feature

Getting User's Features Requests

user features

Getting Feature Request by ID

Ifeature by id

Updating Feature Request

updated by id

Deleting Feature Request

deleting feature

Accessing Deleted Feature Request

deleted requests

Types of changes

  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

DanielleBadobre and others added 2 commits March 1, 2025 19:45
@DanielleBadobre
fix(tests): Resolve test failures and improve test coverage for featu…
bcbac2f 
…re request endpoints

- Fixed mock setups for `create_feature_request`, `get_feature_requests`, and related functions to ensure proper calls.
- Reordered authorization checks to prioritize "not found" checks before "forbidden" checks.
- Corrected mock mismatches in `get_feature_request_success_admin` and other tests.
- Improved test assertions and coverage for error cases (404, 403) and success scenarios.
@DanielleBadobre
Merge branch 'dev' into dev
7985237
@DanielleBadobre DanielleBadobre changed the title **Feat: Create Feature Request API Endpoint** Feat: Create Feature Request API Endpoint Mar 1, 2025
@DanielleBadobre DanielleBadobre changed the title Feat: Create Feature Request API Endpoint feat: create feature request api endpoint Mar 1, 2025
joboy-dev
joboy-dev reviewed Mar 1, 2025
View reviewed changes
joboy-dev
joboy-dev requested changes Mar 1, 2025
View reviewed changes
Copy link
Contributor

@joboy-dev joboy-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove all these pictures i am seeing here
There are other ways to upload a picture into your PR

@DanielleBadobre
Copy link
Author

Remove all these pictures i am seeing here There are other ways to upload a picture into your PR

done ✅

samuelogboye
samuelogboye requested changes Mar 2, 2025
View reviewed changes
@DanielleBadobre
Merge branch 'hngprojects:dev' into dev
e3e944a
@DanielleBadobre
refactor: remove status from FeatureRequestCreate schema
bb9a8f7 
Signed-off-by: DanielleBadobre <[email protected]>
@DanielleBadobre
feat: restrict feature request status updates to admin users only
9a5c9a6 
Signed-off-by: DanielleBadobre <[email protected]>
@DanielleBadobre
feat: Set feature request status to "Pending" and remove duplicate sc…
0dfa0ea 
…hemas

Signed-off-by: DanielleBadobre <[email protected]>
@DanielleBadobre
test: update feature request tests for status restriction
ae32b53 
- Modify fixtures to remove status from feature request creation data
- Add tests to verify status is always set to "Pending" on creation
- Add test cases covering admin-only status update restriction
- Ensure non-admin users can still update other fields
- Fix capitalization of priority values to match model defaults

Signed-off-by: DanielleBadobre <[email protected]>
@DanielleBadobre
Merge branch 'hngprojects:dev' into dev
e1426b2
samuelogboye
samuelogboye approved these changes Mar 2, 2025
View reviewed changes
Copy link
Contributor

@samuelogboye samuelogboye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolve that change and we are GTG

api/v1/routes/feature_request.py
Comment on lines +98 to +102
if not current_user.is_superadmin and "status" in update_data:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Only admins can update the status field"
)
Copy link
Contributor

@samuelogboye samuelogboye Mar 2, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Youve already made a check to verify admin access in line 89
these lines of code will never be reached.

You can remove it

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok sir, but actually the two checks serve different purposes.

  • The first check (line 89) verifies if the user has permission to update the feature request at all. It checks if the user is either a superadmin OR the owner of the feature request.

  • The second check (lines 98-102) only applies when a user is trying to update the "status" field. Even if a user passes the first check (because they're the owner of the request), they'll still hit this second check if they're trying to update the status field.

should i still remove the lines ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joboy-dev joboy-dev Awaiting requested review from joboy-dev

@samuelogboye samuelogboye Awaiting requested review from samuelogboye

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DanielleBadobre @samuelogboye @joboy-dev