Merge pull request #17 from NREL/role-changes

Fixes and changes to how roles get applied
NREL · Jun 14, 2015 · 304cc9e · 304cc9e
2 parents f6ef66f + 94670b0
commit 304cc9e
Show file tree

Hide file tree

Showing 3 changed files with 329 additions and 20 deletions.
diff --git a/lib/gatekeeper/middleware/api_settings.js b/lib/gatekeeper/middleware/api_settings.js
@@ -26,9 +26,24 @@ _.extend(ApiSettings.prototype, {
         var subSettings = api.sub_settings[i];
         if(subSettings.http_method === 'any' || subSettings.http_method === request.method) {
           if(subSettings.regex.test(request.url)) {
+            var originalRequiredRoles;
+            if(!subSettings.settings.required_roles_override) {
+              originalRequiredRoles = settings.required_roles;
+            }
+
             // Merge the matching sub-settings in.
             mergeOverwriteArrays(settings, subSettings.settings);
 
+            if(!subSettings.settings.required_roles_override) {
+              if(originalRequiredRoles) {
+                settings.required_roles = _.uniq((settings.required_roles || []).concat(originalRequiredRoles));
+              }
+            } else {
+              if(!subSettings.settings.required_roles) {
+                settings.required_roles = [];
+              }
+            }
+
             // We've deep-merged the root settings and the sub-settings
             // together, but cached attributes are a special case, where we
             // want to perform a non-deep merge.

diff --git a/lib/gatekeeper/middleware/role_validator.js b/lib/gatekeeper/middleware/role_validator.js
@@ -12,21 +12,20 @@ _.extend(RoleValidator.prototype, {
   },
 
   handleRequest: function(request, response, next) {
-    var requiredRoles = request.apiUmbrellaGatekeeper.settings.required_roles;
-
     var authenticated = true;
+    var requiredRoles = request.apiUmbrellaGatekeeper.settings.required_roles;
     if(requiredRoles && requiredRoles.length > 0) {
       authenticated = false;
 
-      var userRoles = request.apiUmbrellaGatekeeper.user.roles;
-      if(userRoles && userRoles.length > 0) {
-        if(userRoles.indexOf('admin') !== -1) {
-          authenticated = true;
-        } else {
+      if(request.apiUmbrellaGatekeeper.user) {
+        var userRoles = request.apiUmbrellaGatekeeper.user.roles;
+        if(userRoles && userRoles.length > 0) {
           for(var i = 0, len = requiredRoles.length; i < len; i++) {
-            if(userRoles.indexOf(requiredRoles[i]) !== -1) {
-              authenticated = true;
+            if(userRoles.indexOf(requiredRoles[i]) === -1) {
+              authenticated = false;
               break;
+            } else {
+              authenticated = true;
             }
           }
         }