Storyboard: testing permission behaviour

adsabs / biblib-service

ADS library service

https://ui.adsabs.harvard.edu

MIT License

4 stars 8 forks source link

Storyboard: testing permission behaviour #7

Closed jonnybazookatone closed 9 years ago

jonnybazookatone commented 9 years ago

This storyboard includes (but may evolve):

User tries to access a library he has no read/write access to
User tries to edit a library he has no permission to edit to
Tries to view a list of libraries of a user that are private
User tries to add users to someone else's library without the correct permissions

jonnybazookatone commented 9 years ago

All the user cases above refer to the anonymous user, which has a default number within the API, and so should also in the microservice when a db is created.

jonnybazookatone commented 9 years ago

A lot of these points should be handled by scoping the end points. All of the anonymous users can only access endpoints that do not have any scopes. The only relevant endpoint with such a scope, should be the GET for the /libraries/ endpoint.