From the course: Secure Coding in Python
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Permissions
- [Instructor] We're going to continue talking about sensitive data exposure in APIs, this time as it pertains to permissions. Now often you'll hear the words, permission and authentication used interchangeably in software and this often leads to the absence of permissions. So authentication deals with who the user is, authenticating who they are with credentials while permissions refers to what the user can see and do. Now, let's look at a test that demonstrates this. So here I am at 04/04_02_begin/feed/post/tests/tests.py and at line eight, you'll see that I import some test utilities that I created for this. And one of them is an author. This is a user who should have access to posts. There is a non-author who should not have access to posts, and there's a post factory that will let us easily generate posts for testing purposes. So in line 12, there's a test for author permissions. On line 14, we create a post with the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.