tests/security/test_access_control.py

import requests


def test_unauthorized_access():
    url = "http://127.0.0.1:8000/api/v1/admin/dashboard"
    headers = {"Authorization": "Bearer user_token"}  # Simulate a regular user's token
    response = requests.get(url, headers=headers)
    assert response.status_code == 403, "Access control vulnerability detected!"