From 5a6cb5737b524dc063e7a30921f8f847313690b0 Mon Sep 17 00:00:00 2001
From: vlad <vlad@driver.xyz>
Date: Fri, 3 Nov 2017 13:26:38 -0700
Subject: Allowing AdministratorRole to do everything

---
 src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

(limited to 'src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala')

diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
index c1907cd..1a1a933 100644
--- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
+++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala
@@ -258,25 +258,21 @@ object ACL extends PhiLogging {
                          update: AclCheck = Forbid,
                          delete: AclCheck = Forbid) {
 
-    def isCreateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isCreateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("create", create)(requestContext.authenticatedUser.roles)
-    }
 
-    def isReadAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isReadAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("read", read)(requestContext.authenticatedUser.roles)
-    }
 
-    def isUpdateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isUpdateAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("update", update)(requestContext.authenticatedUser.roles)
-    }
 
-    def isDeleteAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean = {
+    def isDeleteAllow()(implicit requestContext: AuthorizedServiceRequestContext[AuthUserInfo]): Boolean =
       check("delete", delete)(requestContext.authenticatedUser.roles)
-    }
 
     private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = {
       loggedError(
-        executorRoles.exists(isAllowed),
+        executorRoles.exists(isAllowed) || executorRoles.contains(AdministratorRole),
         phi"${Unsafe(executorRoles.mkString(", "))} has no access to ${Unsafe(action)} a ${Unsafe(label)}"
       )
     }
-- 
cgit v1.2.3