diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-11-05 10:50:17 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-11-05 10:50:17 +0200 |
commit | ccc9b9f17eb08977cee1fba425a2876a004266b5 (patch) | |
tree | d567b1fe2a87156fff1e8fdf5ea5e348bb4ddae2 /yarns | |
parent | 82aa16698668375881e9edcab46965e4be3f5b83 (diff) | |
download | muck-poc-ccc9b9f17eb08977cee1fba425a2876a004266b5.tar.gz |
Change: allow only owner to see, update, delete a resource
Diffstat (limited to 'yarns')
-rw-r--r-- | yarns/100-happy.yarn | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/yarns/100-happy.yarn b/yarns/100-happy.yarn index 5a5ba32..88b29a5 100644 --- a/yarns/100-happy.yarn +++ b/yarns/100-happy.yarn @@ -36,6 +36,19 @@ Retrieve the resource. THEN response has header "Muck-Revision: ${REV1}" THEN response has header "Muck-Owner: tomjon" +Make sure another user can't retreive, update, or delete the resource. + + WHEN user verence makes request GET /res with header "Muck-Id: ${ID}" + THEN status code is 404 + + WHEN user verence makes request PUT /res with header "Muck-Id: ${ID}" and + ... header "Muck-Revision: ${REV1}" and + ... body { "foo": "foobar" } + THEN status code is 404 + + WHEN user verence makes request DELETE /res with header "Muck-Id: ${ID}" + THEN status code is 404 + Update the resource. WHEN user tomjon makes request PUT /res with header "Muck-Id: ${ID}" and |