fix: make sure all users have $everyone in their roles, even if they …

…have nothing else affects: tymly
wmfs · May 25, 2018 · 77f1a03 · 77f1a03
1 parent c970e94
commit 77f1a03
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/lib/plugin/components/services/rbac/find-user-roles.js b/lib/plugin/components/services/rbac/find-user-roles.js
@@ -3,10 +3,11 @@ async function findUserRoles (userId, roleMembershipModel, rbac) {
 
   const applicableRoles = []
   for (const roleId of roleIds) {
-    const roles = rbac.inherits[roleId] || [roleId, '$everyone']
+    const roles = rbac.inherits[roleId] || [roleId]
 
     applicableRoles.push(...roles)
   }
+  applicableRoles.push('$everyone')
 
   return [...new Set(applicableRoles)] // uniqify
 } // findUserRoles

diff --git a/test/rbac-service-spec.js b/test/rbac-service-spec.js
@@ -380,6 +380,11 @@ describe('RBAC service tests', function () {
         'molly',
         ['tymlyTest_developer'],
         ['tymlyTest_developer', '$everyone']
+      ],
+      [
+        'just-some-dude',
+        null,
+        ['$everyone']
       ]
     ]