Update quality-on-demand-deleteSession.feature

camaraproject · Jan 14, 2025 · da4d45d · da4d45d
1 parent 28edd70
commit da4d45d
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/code/Test_definitions/quality-on-demand-deleteSession.feature b/code/Test_definitions/quality-on-demand-deleteSession.feature
@@ -97,10 +97,20 @@ Feature: CAMARA Quality On Demand API, vwip - Operation deleteSession
         And the response property "$.code" is "UNAUTHENTICATED"
         And the response property "$.message" contains a user friendly text
 
-    # Errors 403
+    # Generic 403 errors
 
-    # TBD which code is more appropriate for this scenario
-    @quality_on_demand_deleteSession_403.1_session_token_mismatch
+    @quality_on_demand_deleteSession_403.1_missing_access_token_scope
+    Scenario: Missing access token scope
+        Given the header "Authorization" is set to an access token that does not include scope quality-on-demand:sessions:delete
+        When the request "deleteSession" is sent
+        Then the response status code is 403
+        And the response header "x-correlator" has same value as the request header "x-correlator"
+        And the response header "Content-Type" is "application/json"
+        And the response property "$.status" is 403
+        And the response property "$.code" is "PERMISSION_DENIED"
+        And the response property "$.message" contains a user friendly text
+
+    @quality_on_demand_deleteSession_403.2_session_token_mismatch
     Scenario: QoS session not created by the API client given in the access token
         # To test this, a token have to be obtained for a different client
         Given the header "Authorization" is set to a valid access token emitted to a client which did not created the QoS session