Some Tips and Tricks:

• See what happens if you login with one of the created users and then change server url 127.0.0.1 to localhost and then press 'check' on isAuthenticated. and again when you change it back to 127.0.0.1?. Good stuff eh?
• if you login and then wait more then 10 minutes and press 'isAuthenticated' you should not be logged in anymore. (session timeout)
• Try out the developer tools of your browser to see what happens behind the scenes.
• Look at the _design document in your test database and look at the field 'validate_doc_update'. This piece of javascript enables you to control write access. This script you can change any way you like.
• Try to save a document while not logged in...
• If you try to save a document with the second test user (not a role blogger) you won't be able to.
• Try to change the ID of a document you E(dit). You won't be able to. ID's can't change. You can Edit the document then press delete and then press save...