Whether or not a user can interact with a project depends on a number of rules.
- Public projects can be seen by anyone
- Unauthenticated users
- Authenticated users
- Private projects can only be accessed by (authenticated) collaborators
At the HTTP level, we translate "permission denied errors" into "404 Not Found" so that people cannot discover private projects through brute- force.
- Given the following projects have been created:
creator projectName visibility Jane janes-private-project private Bob bobs-public-project public
- When AnonymousCoward tries to view janes-private-project
- Then AnonymousCoward should be denied access to the project