Adding a test for a 403 status when lowering authorization.
The Auth mock for check_cookie_auth is not needed here.
Reading back the session after flush either.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Sponsored-by: Rijksmuseum, Netherlands
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>