[UBS Order. API Client-Controller] The status code 200 is displayed, when one user sends a request “Make order again if our status of Order is ON_THE_ROUTE, CONFIRMED, DONE” with id number order of another user

Question

[UBS Order. API Client-Controller] The status code 200 is displayed, when one user sends a request “Make order again if our status of Order is ON_THE_ROUTE, CONFIRMED, DONE” with id number order of another user

Closed this issue a month ago · 0 comments

Environment: Windows 11 Home, Opera One (Version 109.0.5097.80 ) .
Reproducible: always.
Build found: 16.05.2024

Preconditions
1.The user is logged in at https://www.pick-up.city/#/ubs.
2.The user has created orders with status ON_THE_ROUTE, CONFIRMED, DONE.
3.Postman is opened and the token is gotten.

Steps to reproduce
1.Create a request with method – POST to URL https://greencity-ubs.pick-up.city/ubs/client/155/make-order-again (in request enter id number of another user’s order e.g.155).'
2. Send the request.

Actual result
The status code 200 is displayed with information about order of another user.

Expected result
The status code 403 or 401 is displayed (forbidden or not found).

User story and test case links
https://greencity-ubs.pick-up.city/swagger-ui.html#/client-controller/makeOrderAgainUsingPOST