Allowing AdministratorRole to do everythingv0.13.2

author: vlad <vlad@driver.xyz> 2017-11-03 13:26:38 -0700
committer: vlad <vlad@driver.xyz> 2017-11-03 13:26:38 -0700
commit: 5a6cb5737b524dc063e7a30921f8f847313690b0 (patch)
tree: 90ed6ddf37dc85460e8957b92448c09b49e1c206
parent: aedb5274932db81a32f9d89938636df114dc9a44 (diff)
download: rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.tar.gz
rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.tar.bz2
rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.zip
1 files changed, 5 insertions, 9 deletions
diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
index c1907cd..1a1a933 100644
--- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
+++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
@@ -258,25 +258,21 @@ object ACL extends PhiLogging {
                          update: AclCheck = Forbid,
                          delete: AclCheck = Forbid) {
 
-    def isCreateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isCreateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("create", create)(requestContext.authenticatedUser.roles)
-    }
 
-    def isReadAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isReadAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("read", read)(requestContext.authenticatedUser.roles)
-    }
 
-    def isUpdateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isUpdateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("update", update)(requestContext.authenticatedUser.roles)
-    }
 
-    def isDeleteAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isDeleteAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("delete", delete)(requestContext.authenticatedUser.roles)
-    }
 
     private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = {
       loggedError(
-        executorRoles.exists(isAllowed),
+        executorRoles.exists(isAllowed) || executorRoles.contains(AdministratorRole),
         phi"${Unsafe(executorRoles.mkString(", "))} has no access to ${Unsafe(action)} a ${Unsafe(label)}"
       )
     }
author	vlad <vlad@driver.xyz>	2017-11-03 13:26:38 -0700
committer	vlad <vlad@driver.xyz>	2017-11-03 13:26:38 -0700
commit	5a6cb5737b524dc063e7a30921f8f847313690b0 (patch)
tree	90ed6ddf37dc85460e8957b92448c09b49e1c206
parent	aedb5274932db81a32f9d89938636df114dc9a44 (diff)
download	rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.tar.gz rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.tar.bz2 rest-query-5a6cb5737b524dc063e7a30921f8f847313690b0.zip