Fix access permission bug where request would not complete if the

a non-logged in user checked ADMIN access to an entity.
vircadia · May 31, 2021 · 6d064b7 · 6d064b7
1 parent 24e561e
commit 6d064b7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/route-tools/Permissions.ts b/src/route-tools/Permissions.ts
@@ -114,7 +114,7 @@ export async function checkAccessToEntity(pAuthToken: AuthToken,  // token being
           }
           else {
             // If the authToken is an account, has access if admin
-            if (SArray.has(pAuthToken.scope, TokenScope.OWNER)) {
+            if (pAuthToken && SArray.has(pAuthToken.scope, TokenScope.OWNER)) {
               Logger.cdebug('field-setting', `checkAccessToEntity: admin. auth.AccountId=${pAuthToken.accountId}`);
               requestingAccount = requestingAccount ?? await Accounts.getAccountWithId(pAuthToken.accountId);
               canAccess = Accounts.isAdmin(requestingAccount);