fix acl check for api service

05832f25 · A. Koch · ff9850e3 · 05832f25
Commit 05832f25 authored Sep 14, 2018 by A. Koch
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

src/lib/service.js src/lib/service.js +4 -2

No files found.
--- a/src/lib/service.js
+++ b/src/lib/service.js
@@ -32,10 +32,11 @@ class Service extends TinyEmitter {
    const items = []
    for (let entry of results) {
      let allowed = false
+      const roles = req.user ? req.user.profile.roles : ['public']
      if (entry.author && entry.author.id === user) allowed = true
      else {
        try {
-          allowed = await this._acl.isAllowed(user, entry.uuid, 'get')
+          allowed = await this._acl.areAnyRolesAllowed(roles, entry.uuid, ['get'])
        }
        catch (err) {
          api.captureException(err)
@@ -49,12 +50,13 @@ class Service extends TinyEmitter {
  async getHandler (req, res) {
    const result = await this.client.get(req.params.id, req.params)
    const user = req.user ? req.user.uuid : 'anon'
+    const roles = req.user ? req.user.profile.roles : ['public']
    if (result) {
      let allowed = false
      if (result.author && result.author.id === user) allowed = true
      else {
        try {
-          allowed = await this._acl.isAllowed(user, result.uuid, 'get')
+          allowed = await this._acl.areAnyRolesAllowed(roles, entry.uuid, ['get'])
        }
        catch (err) {
          api.captureException(err)