Bug: Elements can be created without auth even if anonymous user does not exist #415
Description
If Ember Nexus is installed normally and the anonymous user id is set to an element which does not exist, e.g. 00000000-0000-0000-0000-000000000000, write-requests still work. Read requests will not return anything, as the user is missing and therefore no security check will succeed, but the data is still being written.
Acceptance criteria:
- If anonymous user is not found, e.g. because the id is missing, is not a valid UUID or the id is not present in the database, then simply return 301 not authorized or similar.
-
Add relevant tests.not easily doable; test manually.