Unauthorized methods shown for some resources.
Created by: NotSpecial
In our modified HATEOAS engine, we display all allowed methods.
For e.g. /users
, without a token the response correctly contains only the OPTIONS
method.
However, for the following resources, the API returns unauthorized methods:
- groupmemberships
- studydocumentss
- joboffers
In all cases, only OPTIONS
should be returned, yet the API claims OPTIONS
, GET
, and POST
are allowed. (A quick GET
to studydocs without auth shows that this is in fact not allowed.)
There might be an issue how the methods are parsed for the home endpoint (/
), I have to investigate this further.