1 files changed, 36 insertions, 0 deletions

diff --git a/BackEnd/Timeline.Tests/IntegratedTests2/TimelineBookmarkTest.cs b/BackEnd/Timeline.Tests/IntegratedTests2/TimelineBookmarkTest.cs
index f708381f..903175c3 100644
--- a/BackEnd/Timeline.Tests/IntegratedTests2/TimelineBookmarkTest.cs
+++ b/BackEnd/Timeline.Tests/IntegratedTests2/TimelineBookmarkTest.cs
@@ -106,6 +106,42 @@ namespace Timeline.Tests.IntegratedTests2
                 TimelineName = "hello"
             }, expectedStatusCode: HttpStatusCode.UnprocessableEntity);
         }
+
+        [Fact]
+        public async Task AnonymousCreateUnauthorized()
+        {
+            using var client = CreateDefaultClient();
+
+            await client.TestJsonSendAsync(HttpMethod.Post, "v2/users/user/bookmarks", new HttpTimelineBookmarkCreateRequest
+            {
+                TimelineOwner = "user",
+                TimelineName = "hello"
+            }, expectedStatusCode: HttpStatusCode.Unauthorized);
+        }
+
+        [Fact]
+        public async Task OtherCreateForbid()
+        {
+            using var client = CreateClientAsUser();
+
+            await client.TestJsonSendAsync(HttpMethod.Post, "v2/users/admin/bookmarks", new HttpTimelineBookmarkCreateRequest
+            {
+                TimelineOwner = "user",
+                TimelineName = "hello"
+            }, expectedStatusCode: HttpStatusCode.Forbidden);
+        }
+
+        [Fact]
+        public async Task AdminCanCreate()
+        {
+            using var client = CreateClientAsAdmin();
+
+            await client.TestJsonSendAsync(HttpMethod.Post, "v2/users/user/bookmarks", new HttpTimelineBookmarkCreateRequest
+            {
+                TimelineOwner = "user",
+                TimelineName = "hello"
+            });
+        }
     }
 }