Persist Review Objects and Enable History View

# Ticket: Persist Review Objects and Enable History View

## Description
Currently, Review Objects are deleted upon approval. This prevents organization admins from viewing a history of their past change requests and approvals.
Refactor the workflow to **persist** Review Objects after approval, marking them as 'approved', and provide an endpoint for Organization Admins to view this history.

## Acceptance Criteria / TODOs

### Backend Logic (Repository)
- [ ] **Modify Approval Logic ([src/repositories/reviewObjectRepository.js](cci:7://file:///Users/drocca/development/cve/cve-services/src/repositories/reviewObjectRepository.js:0:0-0:0))**:
    - [ ] In [approveReviewOrgObject](cci:1://file:///Users/drocca/development/cve/cve-services/src/repositories/reviewObjectRepository.js:118:2-146:3):
        - [ ] **Remove** the call to [deleteReviewObjectByUUID](cci:1://file:///Users/drocca/development/cve/cve-services/src/repositories/reviewObjectRepository.js:42:2-45:3).
        - [ ] Instead, update the `status` field to `'approved'`.
        - [ ] Ensure the object is saved with the new status.

- [ ] **Add History Retrieval Method**:
    - [ ] Add a new method (e.g., `getReviewHistoryByOrgShortName`) to [ReviewObjectRepository](cci:2://file:///Users/drocca/development/cve/cve-services/src/repositories/reviewObjectRepository.js:6:0-147:1).
    - [ ] Logic: Find all ReviewObjects where `target_object_uuid` matches the Org's UUID.
    - [ ] Support pagination if possible (using existing pagination plugins).
    - [ ] Sort by `create_date` (descending) by default.

### Backend API (Controller & Routes)
- [ ] **Create History Endpoint**:
    - [ ] **New Route**: `GET /api/registryOrg/:shortname/reviews`
    - [ ] **Controller Method**: Implement `getReviewHistory` in [review-object.controller.js](cci:7://file:///Users/drocca/development/cve/cve-services/src/controller/review-object.controller/review-object.controller.js:0:0-0:0).
    - [ ] **Security Middleware**:
        - [ ] `mw.validateUser` - User must be logged in.
        - [ ] `mw.onlySameOrgOrSecretariat` - Only Admins of the target Org (or Secretariat) can view the history.
        - [ ] **Role Check**: Ensure the user has the 'ADMIN' role (if regular users shouldn't see this) or strictly follow the "Org Admin" requirement.

### Testing
- [ ] **Unit Tests**:
    - [ ] Verify that [approveReviewOrgObject](cci:1://file:///Users/drocca/development/cve/cve-services/src/repositories/reviewObjectRepository.js:118:2-146:3) does NOT delete the document.
    - [ ] Verify that [approveReviewOrgObject](cci:1://file:///Users/drocca/development/cve/cve-services/src/repositories/reviewObjectRepository.js:118:2-146:3) sets status to 'approved'.
    - [ ] Verify retrieving history returns multiple past review objects for an organization.
- [ ] **Integration Tests**:
    - [ ] Test the new endpoint `GET /api/registryOrg/:shortname/reviews` with:
        - [ ] A Secretariat user (should succeed).
        - [ ] An Org Admin of the same org (should succeed).
        - [ ] A User of a different org (should fail/403).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Persist Review Objects and Enable History View #1606

Ticket: Persist Review Objects and Enable History View

Description

Acceptance Criteria / TODOs

Backend Logic (Repository)

Backend API (Controller & Routes)

Testing

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Persist Review Objects and Enable History View #1606

Description

Ticket: Persist Review Objects and Enable History View

Description

Acceptance Criteria / TODOs

Backend Logic (Repository)

Backend API (Controller & Routes)

Testing

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions