Testing that the policy blocks Youngstown users from viewing age 13+ memes
You can test the newly created rule with cURL or Postman.
Steps
-
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/2
asuser.0
. The following cURL command makes such a request.curl --insecure -X GET \ https://localhost:7443/meme-game/api/v1/users/user.0/answers/2 \ -H 'Authorization: Bearer {"active": true, "sub": "user.0"}'
Result:
When requesting answer 2 as
user.0
, expect a200 OK
response with the following body.{ "data": { "id": "2", "type": "answers", "attributes": { "url": "https://i.imgflip.com/23ls.jpg", "captions": [ "There was a spider", "it's gone now" ], "rating": 13, "created_at": "2020-05-06T22:25:06+00:00" } }, "meta": {} }
-
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/2
asuser.660
. The following cURL command makes such a request.curl --insecure -X GET \ https://localhost:7443/meme-game/api/v1/users/user.0/answers/2 \ -H 'Authorization: Bearer {"active": true, "sub": "user.660"}'
Result:
When requesting answer 2, which is rated age 13, as
user.660
, who is from Youngstown, OH, expect a403 Forbidden
response with the following body.{ "errorMessage": "Access Denied", "status": 403 }
-
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/1
asuser.0
. The following cURL command makes such a request.curl --insecure -X GET \ https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \ -H 'Authorization: Bearer {"active": true, "sub": "user.0"}'
Result:
When requesting answer 1 as
user.0
, expect a200 OK
response with the following body.{ "data": { "id": "1", "type": "answers", "attributes": { "url": "https://i.imgflip.com/2fm6x.jpg", "captions": [ "Still waiting for the bus to Jennie’s" ], "rating": null, "created_at": "2020-05-06T22:25:06+00:00" } }, "meta": {} }
-
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/1
asuser.660
. The following cURL command makes such a request.curl --insecure -X GET \ https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \ -H 'Authorization: Bearer {"active": true, "sub": "user.660"}'
Result:
When requesting answer 1, which is unrated, as
user.660
, who is from Youngstown, OH, expect a403 Forbidden
response with the following body. Be aware that this is not the correct behavior; however, to resolve it, we would need to change our attribute definitions.{ "errorMessage": "Access Denied", "status": 403 }