Open
Description
On all non-auth operations:
Ensure all requests to resources which do not belong to the authorised user:
- Return a HTTP 404 error
- Do not return any content
See auth-related API_OPERATION REST API tests in spec/api/40-api-operation-spec.js for test cases for desired functionality.