Inbox permissions doesn't work as expected
For the sib-notifications component, we should have the following permission:
- Anonymous users & logged in users: can create notifications but can't read
- Inbox owners: can read + update all notifications
Today, we still have these issues:
- Anonymous users & logged in users: can read all notifications (
/notifications/
and/users/2/inbox/
) - Inbox owners: can't read own notifications (
/notifications/1/
)
Related issue: startinblox/djangoldp-packages/djangoldp-notifications#2