JwtPermissionHandler should return true if no permissions are required (

#29)
moia-oss · Jul 25, 2019 · 229543d · 229543d
1 parent 16720d7
commit 229543d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/router/src/main/kotlin/io/moia/router/PermissionHandler.kt b/router/src/main/kotlin/io/moia/router/PermissionHandler.kt
@@ -52,7 +52,8 @@ open class JwtPermissionHandler(
     ) : this(JwtAccessor(request), permissionsClaim, permissionSeparator)
 
     override fun hasAnyRequiredPermission(requiredPermissions: Set<String>): Boolean =
-        extractPermissions().any { requiredPermissions.contains(it) }
+        if (requiredPermissions.isEmpty()) true
+        else extractPermissions().any { requiredPermissions.contains(it) }
 
     internal open fun extractPermissions(): Set<String> =
         accessor.extractJwtClaims()

diff --git a/router/src/test/kotlin/io/moia/router/JwtPermissionHandlerTest.kt b/router/src/test/kotlin/io/moia/router/JwtPermissionHandlerTest.kt
@@ -51,6 +51,15 @@ class JwtPermissionHandlerTest {
         thenRecognizesRequiredPermissions(handler)
     }
 
+    @Test
+    fun `should return true when no permissions are required`() {
+        val handler = permissionHandler(jwtWithScopeClaimSpace)
+
+        val result = handler.hasAnyRequiredPermission(emptySet())
+
+        then(result).isTrue()
+    }
+
     @Test
     fun `should work for missing header`() {
         val handler = JwtPermissionHandler(JwtAccessor(APIGatewayProxyRequestEvent()))