From f9e9aaa8ceff4ae27f21839a6b3faad26f51fbe6 Mon Sep 17 00:00:00 2001
From: mcitdev <mcitdev@users.noreply.github.com>
Date: Tue, 3 Jul 2018 08:59:13 +0200
Subject: [PATCH] Make verifyUserRelations() more robust

The fix introduced in previous commit was relying on the default
merge algorighm applied when a child model inherits relation config
from the parent.

This commit changes the check to use a more reliable approach
based on the relation metadata configured by the child model.
---
 lib/application.js | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/application.js b/lib/application.js
index 33239fa3..b79bce41 100644
--- a/lib/application.js
+++ b/lib/application.js
@@ -497,19 +497,19 @@ app._verifyAuthModelRelations = function() {
   function verifyUserRelations(Model) {
     const hasManyTokens = Model.relations && Model.relations.accessTokens;
 
-    const relationsConfig = Model.settings.relations || {};
-    const hasPolyMorphicTokens = (relationsConfig.accessTokens || {}).polymorphic;
-    // display a temp warning message for users using multiple users config
-    if (hasPolyMorphicTokens) {
-      console.warn(
-        'The app configuration follows the multiple user models setup ' +
-          'as described in http://ibm.biz/setup-loopback-auth',
-        'The built-in role resolver $owner is not currently compatible ' +
-          'with this configuration and should not be used in production.');
+    if (hasManyTokens) {
+      // display a temp warning message for users using multiple users config
+      if (hasManyTokens.polymorphic) {
+        console.warn(
+          'The app configuration follows the multiple user models setup ' +
+            'as described in http://ibm.biz/setup-loopback-auth',
+          'The built-in role resolver $owner is not currently compatible ' +
+            'with this configuration and should not be used in production.');
+      }
+      return;
     }
 
-    if (hasManyTokens) return;
-
+    const relationsConfig = Model.settings.relations || {};
     const accessTokenName = (relationsConfig.accessTokens || {}).model;
     if (accessTokenName) {
       console.warn(