Blog Web App
Level: Intermediate 30–60 minConcepts: Business LogicMockingBoundariesValidation
Build the backend logic for a simple blogging application. No UI — focus on the domain rules, authorization, and using test doubles to fake persistence.
Requirements
Posts
- A user can create a blog post with a title and body
- A user can edit their own posts
- A user can delete their own posts
- A user cannot edit or delete another user’s posts
- Attempting to modify another user’s post returns an error
Comments
- Any user can comment on any post
- Comments belong to the post and the commenting user
- A user can delete their own comments
Tags
- A post author can add tags to their own posts
- A user cannot add tags to another user’s posts
- Tags are visible to all users
Queries
- Recent posts — retrieve the N most recent posts across all users
- Posts by tag — retrieve all posts with a given tag
- All tags — list all tags used in a specific user’s blog
Test Cases
| Scenario | Expected |
|---|---|
| Create post | Post exists with title, body, author |
| Edit own post | Post updated |
| Edit other’s post | Error: unauthorized |
| Delete own post | Post removed |
| Delete other’s post | Error: unauthorized |
| Comment on post | Comment added to post |
| Add tag to own post | Tag added |
| Add tag to other’s post | Error: unauthorized |
| Recent posts (5) | Returns 5 most recent |
| Recent posts, only 3 exist | Returns 3 |
| Posts by tag “TDD” | Returns matching posts |
| Posts by tag, no matches | Returns empty list |
| All tags for user | Returns unique tag list |
Bonus
- Add post publishing — posts start as drafts, only published posts appear in queries
- Add pagination to recent posts and tag queries
- Add a “like” system — users can like posts (once per user per post)
- Add full-text search across post titles and bodies
Hint
Use test doubles (mocks, fakes, or stubs) for the data layer. Define a repository interface (e.g. PostRepository) and fake it in tests. This keeps tests fast and focused on business rules. Start with create and read, then add authorization checks, then tags and comments as separate concerns.