Skip to content

# [Feat] Restrict Comment Deletion to Owners and Admins #422

New issue
New issue
Open
Open
# [Feat] Restrict Comment Deletion to Owners and Admins#422
@OBE96

Description

@OBE96
OBE96
opened on Feb 27, 2025

[Feat] Restrict Comment Deletion to Owners and Admins

Description

Enhance the comment deletion functionality to ensure that:

  • Users can only delete their own comments.
  • Admins can delete any comment.

This will improve content moderation while maintaining user control over their own contributions.

Acceptance Criteria

  • Authenticated users can delete only comments they have posted.
  • Admins can delete any comment.
  • Returns a 200 OK status with a success message when a comment is successfully deleted.
  • Returns a 403 Forbidden status when a user attempts to delete a comment they did not post (unless they are an admin).
  • Returns a 404 Not Found status when the comment does not exist.
  • Returns a 500 Internal Server Error if an unexpected issue occurs.

Requirements

  • Implement an API endpoint for deleting a single comment.
  • Validate user authentication and authorization.
  • Ensure proper response handling with clear status codes and messages.
  • Implement appropriate error handling for edge cases.

Expected Outcome

  • A user should only be able to delete their own comment.
  • An admin should be able to delete any comment.
  • Users should receive appropriate feedback based on the outcome.

Endpoint

DELETE /api/v1/posts/{blogId}/comments/{commentId}

Responses

✅ Success Response

Status: 200 OK
json

{ 
   "success": true,   
   "message": "Comment deleted successfully",
   "status_code": 200
}

🚫 Unauthorized Response (User not logged in)

Status: 401 Unauthenticated
json

{ 
   "success": false,
   "message": "Not authenticated",
   "status_code": 401
}

❌ Forbidden Response (User trying to delete someone else's comment)

Status: 403 Forbidden
json

{ 
   "success": false,
   "message": "You do not have permission to delete this comment",
   "status_code": 403
}

###🔍 Not Found Response (Comment doesn’t exist)
Status: 404 Not Found
json

{ 
   "success": false,
   "message": "Comment not found",
   "status_code": 404
}

Test Scenarios

  • Successful Deletion
  • Ensure that an authenticated user can delete their own comment.
  • Ensure an admin can delete any comment.
  • Confirm the response includes a 200 OK status and success message.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions