{% extends 'scenario-basic.html' %} {% block title-text %} Tiredful API: Access Control {% endblock %} {% block content %}

Challenge: Access Control

A blog application allows user to create,edit and view articles.
Developer decided to implement web services, so for testing purpose developers provides access to two API end points
1) Article Viewing - 

    GET method http://{{ request.get_host }}/api/v1/articles/<article-id>/
2) Article Approving (Admin only)- 
     GET method  http://{{ request.get_host }}/api/v1/approve-article/<article-id>/
Following are available blogs
ID
Title
{% for art in articles%}
{{ art.id }}
{{ art.title }}
{% endfor %}

Aim: Try to execute operation which should be allowed only to admin users. {% endblock %}