📋 Description
Create an API endpoint to list adoption requests with proper filtering based on user role. Regular users see only their own requests, shelters see requests for their pets, and admins see all requests.
📝 What You'll Build
GET /adoptions Endpoint
User Perspective:
- Regular USER → See only their own adoption requests
- SHELTER → See requests for their pets
- ADMIN → See all adoption requests
Response Format:
{
"data": [
{
"id": "adoption-123",
"status": "PENDING",
"reason": "I love dogs",
"createdAt": "2026-02-19T10:00:00Z",
"pet": {
"id": "pet-456",
"name": "Buddy",
"species": "Dog"
},
"user": {
"id": "user-789",
"name": "John Doe",
"email": "john@example.com"
}
}
]
}Query Parameters (Optional)
- status - Filter by status (PENDING, APPROVED, etc.)
- petId - Filter by specific pet
- Example:
GET /adoptions?status=PENDING&petId=123
🔧 Implementation Checklist
Files to Create/Modify
What to Build
Create Controller Endpoint:
- GET /adoptions route
- Apply JwtAuthGuard (authentication required)
- Extract user from JWT token
- Pass user info to service
- Return array of adoptions with related data
✅ Acceptance Criteria
🧪 How to Test
Setup:
- Create 3 users (User A, User B, Shelter C)
- Shelter C creates 2 pets
- User A submits adoption for Pet 1
- User B submits adoption for Pet 2
Test Scenarios:
-
User sees own requests:
- Login as User A
- GET /adoptions
- Should see only User A's request for Pet 1 ✅
- Should NOT see User B's request ❌
-
Shelter sees requests for their pets:
- Login as Shelter C
- GET /adoptions
- Should see both requests (Pet 1 and Pet 2) ✅
-
Admin sees all requests:
- Login as Admin
- GET /adoptions
- Should see all adoption requests ✅
-
Filter by status:
- GET /adoptions?status=PENDING
- Should return only PENDING adoptions ✅
-
Filter by petId:
- GET /adoptions?petId=pet-1
- Should return only adoptions for that pet ✅
-
No adoptions:
- New user with no requests
- GET /adoptions
- Should return empty array
[] ✅
-
Unauthorized access:
- GET /adoptions without token
- Should return 401 Unauthorized ❌
Security Reminder:
- Never return all adoptions for regular users
- Always validate user has permission to see the data
- Exclude sensitive information (passwords, secrets)
| Role |
What They See |
Query Filter |
| USER |
Only their requests |
userId: currentUserId |
| SHELTER |
Requests for their pets |
pet.shelterId: currentUserId |
| ADMIN |
All requests |
No filter |
📋 Description
Create an API endpoint to list adoption requests with proper filtering based on user role. Regular users see only their own requests, shelters see requests for their pets, and admins see all requests.
📝 What You'll Build
GET /adoptions Endpoint
User Perspective:
Response Format:
{ "data": [ { "id": "adoption-123", "status": "PENDING", "reason": "I love dogs", "createdAt": "2026-02-19T10:00:00Z", "pet": { "id": "pet-456", "name": "Buddy", "species": "Dog" }, "user": { "id": "user-789", "name": "John Doe", "email": "john@example.com" } } ] }Query Parameters (Optional)
GET /adoptions?status=PENDING&petId=123🔧 Implementation Checklist
Files to Create/Modify
src/adoption/adoption.controller.ts- Add GET endpointsrc/adoption/adoption.service.ts- AddfindAll()methodsrc/adoption/dto/filter-adoptions.dto.ts- Optional filter DTOWhat to Build
Create Controller Endpoint:
✅ Acceptance Criteria
🧪 How to Test
Setup:
Test Scenarios:
User sees own requests:
Shelter sees requests for their pets:
Admin sees all requests:
Filter by status:
Filter by petId:
No adoptions:
[]✅Unauthorized access:
Security Reminder:
userId: currentUserIdpet.shelterId: currentUserId