[DS-4411] Create Integration Tests to prove newly created users have no special rights - LYRASIS JIRA

XML

Word

Printable

Details

Type: Code Task
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0
Fix Version/s: 7.0
Component/s: REST API v7
Labels:
- 7.0beta2

Attachments:
0
Comments:
1
Documentation Status:
Not Required

Description

REST API should have basic Integration Tests that prove that a new user account (or one without any group memberships) has no special access rights. Put another way, they have the same permissions as Anonymous users except they can manage their account information.

Some basic tests should prove:

A newly created account has no groups
A newly created account has access to no features (see new "/authz/features" endpoint)
However, a newly created account can manage their own EPerson/Profile

Some of these tests may already exist under EPersonRestRepositoryIT. A closer analysis should be done.

Attachments

Issue Links

depends on

DS-4413 Implement Authorization Endpoints in REST API

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Tim Donohue

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 03/Jan/20 2:33 PM

Updated:: 26/Mar/20 12:08 PM

Resolved:: 26/Mar/20 12:08 PM