Logo: Relish

  1. Sign in

Project: Ideas-zone

Authenticated users should have restrictions on what they can do

As a system administrator
In I want to make sure that only administrators can have full access to user details

Background Some users and an administrator exist
Given
some users exist in the database
And
I am logged in as a user
Scenarios
An ordinary user tries to create a new user
When
I go to the new users page
Then
I should be on my details page
And
I should see 'Access Denied'
An ordinary user tries to view the list of users
When
I go to the list of users
Then
I should be on my details page
And
I should see 'Access Denied'
An ordinary user tries to view another user's details
When
I go to another users details
Then
I should be on my details page
And
I should see 'Access Denied'
An ordinary user tries to view their own details
When
I go to my details page
Then
I should be on my details page
And
I should not see 'Access Denied'

Last published about 6 years ago by JohnSmall.