Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-4411

Create Integration Tests to prove newly created users have no special rights

    XMLWordPrintable

    Details

    • Attachments:
      0
    • Comments:
      1
    • Documentation Status:
      Not Required

      Description

      REST API should have basic Integration Tests that prove that a new user account (or one without any group memberships) has no special access rights.  Put another way, they have the same permissions as Anonymous users except they can manage their account information.

      Some basic tests should prove:

      • A newly created account has no groups
      • A newly created account has access to no features (see new "/authz/features" endpoint)
      • However, a newly created account can manage their own EPerson/Profile

      Some of these tests may already exist under EPersonRestRepositoryIT. A closer analysis should be done.

        Attachments

          Issue Links

          depends on

          New Feature - A new feature of the product, which has yet to be developed. DS-4413 Implement Authorization Endpoints in REST API

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              tdonohue Tim Donohue
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support