Fix bug resolving related groups

Author: Tom Kirkpatrick

lib/utils.js

@@ -272,34 +272,39 @@ module.exports = class AccessUtils {
     const Role = this.app.models[this.options.roleModel];
 
     Role.registerResolver(accessGroup, (role, context, cb) => {
+      const modelClass = context.model;
+      const modelId = context.modelId;
+      const userId = context.getUserId();
+      const roleName = this.extractRoleName(role);
+      const GroupAccess = this.app.models[this.options.groupAccessModel];
+      const scope = { };
+
+      if (userId) {
+        this.app.loopback.getCurrentContext().set('groupAccessApplied', true);
+      }
+
+      debug(`Role resolver for ${role}: evaluate ${modelClass.modelName} with id: ${modelId} for user: ${userId}`);
+
       if (!context || !context.model || !context.modelId) {
         process.nextTick(() => {
           debug('Allow passthrough access (context: %s, context.model: %s, context.modelId: %s)',
             !!context, !!context.model, !!context.modelId);
+          if (cb) cb(null, true);
+        });
+        return;
+      }
 
-          const currentUser = this.getCurrentUser();
-
-          if (currentUser) {
-            this.app.loopback.getCurrentContext().set('groupAccessApplied', true);
-          }
-
+      // No userId is present
+      if (!userId) {
+        process.nextTick(() => {
+          debug('Deny access for anonymous user');
           if (cb) cb(null, false);
         });
         return;
       }
 
-      const modelClass = context.model;
-      const modelId = context.modelId;
-      const userId = context.getUserId();
-      const roleName = this.extractRoleName(role);
-      const GroupAccess = this.app.models[this.options.groupAccessModel];
-      const scope = { };
-
-      debug(`Role resolver for ${role}: evaluate ${modelClass.modelName} with id: ${modelId} for user: ${userId}`);
-
       return this.isGroupMemberWithRole(modelClass, modelId, userId, roleName)
         .then(res => {
-          debug('Resolved to', res);
           cb(null, res);
         })
         .catch(cb);
@@ -369,7 +374,7 @@ module.exports = class AccessUtils {
 
     // Is the modelClass GroupModel or a subclass of GroupModel?
     if (this.isGroupModel(modelClass)) {
-      this.hasRoleInGroup(userId, roleId, modelId, context)
+      this.hasRoleInGroup(userId, roleId, modelId)
         .then(res => cb(null, res));
       return cb.promise;
     }
@@ -385,7 +390,7 @@ module.exports = class AccessUtils {
       // Ensure groupId exists and is not a function/relation
       if (groupId && 'function' !== typeof groupId) {
         if (cb) {
-          return this.hasRoleInGroup(userId, roleId, groupId, context)
+          return this.hasRoleInGroup(userId, roleId, groupId)
             .then(res => cb(null, res));
         }
       } else {
@@ -405,7 +410,7 @@ module.exports = class AccessUtils {
       function processRelatedGroup(err, group) {
         if (!err && group) {
           debug('Group found: %j', group.getId());
-          if (cb) cb(null, this.hasRoleInGroup(userId, roleId, group.getId(), context, cb));
+          if (cb) cb(null, this.hasRoleInGroup(userId, roleId, group.getId()));
         } else {
           if (cb) cb(err, false);
         }
@@ -414,7 +419,7 @@ module.exports = class AccessUtils {
     return cb.promise;
   };
 
-  hasRoleInGroup(userId, role, group, context, cb) {
+  hasRoleInGroup(userId, role, group, cb) {
     debug('hasRoleInGroup: role: %o, group: %o, userId: %o', role, group, userId);
     cb = cb || createPromiseCallback();
     const GroupAccess = this.app.models[this.options.groupAccessModel];