New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'404 not found' on admin changing the course created by another admin #54

Open

LarisaTerenteva opened this issue Jun 29, 2022 · 2 comments

Labels

bug

LarisaTerenteva commented Jun 29, 2022

Description:
When admin user tries to change the course, created by another admin, unexpected code 404 not found and error message ('Unable to find course record(s)') are shown.

Pre-conditions:

There is at least two active users with admin role (here admin1 and admin2);

Steps to reproduce:

Login to admin1;
Save access token for admin1;
Create a new category by POST request (http://qa-school-test.quantori.academy/api/v1/categories) using saved admin1 access token, input in request body is:
{"title": "string"}, with 'title' being a string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits);
Save the newly created category id to use in following request;
Login to admin2 account;
Save access token for admin2;
Create a new course by POST request (http://qa-school-test.quantori.academy/api/v1/courses) using saved admin2 access token, input in request body is:
{"title": "string",
"description": "string",
"visible": true,
"categoryId": 0},
with 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'visible' being boolean, 'categoryId' being the id of the category created on the step 3;
Save the newly created course id to use in following request;
Try making PATCH request (http://qa-school-test.quantori.academy/api/v1/courses), using saved admin1 access token, input in request body is:
{ "id": 0,
"title": "string",
"description": "string",
"categoryId": 0},
with 'id' being the id of the course created on the step 7, 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'categoryId' being the id of the category created on the step 3

Post-conditions:

Delete the course created on step 7 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}) using admin2 access token;
Make sure, course is deleted;
Delete the category created on step 3 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{categoryId}) using admin1 access token;
Make sure, category is deleted

Actual behavior:

Response code is 404 Not found
Error message 'Unable to find course record(s)' is shown
Course is not changed

Expected behavior:

Code 403 Unauthorized
Error message is shown: 'You're not owner of this course, you can't change/remove it'
No changes applied to the course

Screenshots

Author

LarisaTerenteva commented Jun 29, 2022

It seems like there are four cases sharing the same unexpected behavior (404 code and 'Unable to find course record(s)'):

Teacher tries to change a course created by another teacher #40 ;
Teacher tries to change a course created by admin #26 , #46
Admin tries to change a course created by teacher #32
Admin tries to change a course created by another admin (this one, couldn't find a duplicate for this).

Tatyana-Kravchenko mentioned this issue

Admin tries to change the teacher's material - Unexpected error message #67

Open

Owner

viraxslot commented Jul 14, 2022 •

edited

Loading

Code 403 Unauthorized -> Forbidden

viraxslot added the bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment