Details
-
Type:
Code Task
-
Status: Closed (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.0
-
Fix Version/s: 7.0
-
Component/s: REST API v7
-
Labels:
-
Attachments:
-
Comments:1
-
Documentation Status:Not Required
Description
REST API should have basic Integration Tests that prove that a new user account (or one without any group memberships) has no special access rights. Put another way, they have the same permissions as Anonymous users except they can manage their account information.
Some basic tests should prove:
- A newly created account has no groups
- A newly created account has access to no features (see new "/authz/features" endpoint)
- However, a newly created account can manage their own EPerson/Profile
Some of these tests may already exist under EPersonRestRepositoryIT. A closer analysis should be done.
Attachments
Issue Links
- depends on
-
DS-4413 Implement Authorization Endpoints in REST API
-
- Closed
-