From 4570626e9d052966a0416b24a6c1fcd645b28f56 Mon Sep 17 00:00:00 2001
From: Benjamin Schuster-Boeckler <ben@evershelfapp.com>
Date: Sat, 18 Feb 2017 13:23:37 +0000
Subject: [PATCH] Fix context passing in OWNER role resolver

---
 common/models/role.js | 15 +++++++++++----
 test/role.test.js     | 29 +++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/common/models/role.js b/common/models/role.js
index 93a98998..0eabe5af 100644
--- a/common/models/role.js
+++ b/common/models/role.js
@@ -182,7 +182,8 @@ module.exports = function(Role) {
     var user = context.getUser();
     var userId = user && user.id;
     var principalType = user && user.principalType;
-    Role.isOwner(modelClass, modelId, userId, principalType, callback);
+    var opts = {accessToken: context.accessToken};
+    Role.isOwner(modelClass, modelId, userId, principalType, opts, callback);
   });
 
   function isUserClass(modelClass) {
@@ -213,15 +214,21 @@ module.exports = function(Role) {
    * @param {*} modelId The model ID
    * @param {*} userId The user ID
    * @param {String} principalType The user principalType (optional)
+   * @options {Object} options
+   * @property {accessToken} The access token used to authorize the current user.
    * @callback {Function} [callback] The callback function
    * @param {String|Error} err The error string or object
    * @param {Boolean} isOwner True if the user is an owner.
    * @promise
    */
-  Role.isOwner = function isOwner(modelClass, modelId, userId, principalType, callback) {
-    if (!callback && typeof principalType === 'function') {
+  Role.isOwner = function isOwner(modelClass, modelId, userId, principalType, options, callback) {
+    if (!callback && typeof options === 'function') {
+      callback = options;
+      options = {};
+    } else if (!callback && typeof principalType === 'function') {
       callback = principalType;
       principalType = undefined;
+      options = {};
     }
     principalType = principalType || Principal.USER;
 
@@ -251,7 +258,7 @@ module.exports = function(Role) {
       return callback.promise;
     }
 
-    modelClass.findById(modelId, function(err, inst) {
+    modelClass.findById(modelId, options, function(err, inst) {
       if (err || !inst) {
         debug('Model not found for id %j', modelId);
         return callback(err, false);
diff --git a/test/role.test.js b/test/role.test.js
index 8cacaecd..cf8d01fc 100644
--- a/test/role.test.js
+++ b/test/role.test.js
@@ -533,6 +533,35 @@ describe('role model', function() {
       .then(isInRole => expect(isInRole).to.be.true());
   });
 
+  it('passes accessToken to modelClass.findById when resolving OWNER', () => {
+    const Album = app.registry.createModel('Album', {name: String});
+    app.model(Album, {dataSource: 'db'});
+    Album.belongsTo(User);
+
+    let observedOptions = null;
+    Album.observe('access', ctx => {
+      observedOptions = ctx.options;
+      return Promise.resolve();
+    });
+
+    let user, token;
+    return User.create({email: 'test@example.com', password: 'pass'})
+      .then(u => {
+        user = u;
+        return Album.create({name: 'Album 1', userId: user.id});
+      })
+      .then(album => {
+        return Role.isInRole(Role.OWNER, {
+          principalType: ACL.USER, principalId: user.id,
+          model: Album, id: album.id,
+          accessToken: 'test-token',
+        });
+      })
+      .then(isInRole => {
+        expect(observedOptions).to.eql({accessToken: 'test-token'});
+      });
+  });
+
   describe('isMappedToRole', function() {
     var user, app, role;