From 344c74297ce9cfe948aee0dfe9df589b00593a3c Mon Sep 17 00:00:00 2001
From: Raymond Feng <raymond@strongloop.com>
Date: Wed, 20 Nov 2013 13:38:14 -0800
Subject: [PATCH] Add unauthenticated role

---
 lib/models/role.js | 7 +++++++
 test/role.test.js  | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/lib/models/role.js b/lib/models/role.js
index 7306f018..56284e43 100644
--- a/lib/models/role.js
+++ b/lib/models/role.js
@@ -135,6 +135,7 @@ Role.once('dataSourceAttached', function () {
 Role.OWNER = '$owner'; // owner of the object
 Role.RELATED = "$related"; // any User with a relationship to the object
 Role.AUTHENTICATED = "$authenticated"; // authenticated user
+Role.UNAUTHENTICATED = "$unauthenticated"; // authenticated user
 Role.EVERYONE = "$everyone"; // everyone
 
 /**
@@ -203,6 +204,12 @@ function isAuthenticated(userId, callback) {
   });
 }
 
+Role.registerResolver(Role.UNAUTHENTICATED, function(role, context, callback) {
+  process.nextTick(function() {
+    callback && callback(null, !context || !context.principalId);
+  });
+});
+
 Role.registerResolver(Role.EVERYONE, function (role, context, callback) {
   process.nextTick(function () {
     callback && callback(null, true); // Always true
diff --git a/test/role.test.js b/test/role.test.js
index 243603a6..c597c365 100644
--- a/test/role.test.js
+++ b/test/role.test.js
@@ -129,6 +129,13 @@ describe('role model', function () {
         assert(!err && !yes);
       });
 
+      Role.isInRole(Role.UNAUTHENTICATED, {principalType: ACL.USER, principalId: user.id}, function (err, yes) {
+        assert(!err && !yes);
+      });
+      Role.isInRole(Role.UNAUTHENTICATED, {principalType: ACL.USER, principalId: null}, function (err, yes) {
+        assert(!err && yes);
+      });
+
       Role.isInRole(Role.EVERYONE, {principalType: ACL.USER, principalId: user.id}, function (err, yes) {
         assert(!err && yes);
       });