Merge pull request #97 from strongloop/bug/check-access

Dont attempt access checking on models without a check access method
2013-12-12 16:01:33 -08:00 · 2013-12-12 16:01:33 -08:00 · 591ed86444
parent 00190227f8 4619a143f5
commit 591ed86444
1 changed files with 20 additions and 16 deletions
--- a/lib/application.js
+++ b/lib/application.js
@ -164,23 +164,27 @@ app.enableAuth = function() {
    var modelInstance = ctx.instance;
    var modelId = modelInstance && modelInstance.id || req.param('id');
-    Model.checkAccess(
+    if(Model.checkAccess) {
-      req.accessToken,
+      Model.checkAccess(
-      modelId,
+        req.accessToken,
-      method.name,
+        modelId,
-      function(err, allowed) {
+        method.name,
-        if(err) {
+        function(err, allowed) {
-          console.log(err);
+          if(err) {
-          next(err);
+            console.log(err);
-        } else if(allowed) {
+            next(err);
-          next();
+          } else if(allowed) {
-        } else {
+            next();
-          var e = new Error('Access Denied');
+          } else {
-          e.statusCode = 401;
+            var e = new Error('Access Denied');
-          next(e);
+            e.statusCode = 401;
            next(e);
          }
        }
-      }
+      );
-    );
+    } else {
      next();
    }
  });
 }