Enumerates all of the endpoints in our app, along with the expected access permissions.
We don't care about the results of hitting these endpoints, just whether or
not a FORBIDDEN response is returned, based on the expected permissions.
This means we can get away with using dummy ids and not sending body data,
Enumerates all of the endpoints in our app, along with the expected access permissions. We don't care about the results of hitting these endpoints, just whether or not a FORBIDDEN response is returned, based on the expected permissions. This means we can get away with using dummy ids and not sending body data,