From f0be2618f3e8c697a7a2e4fc1ac37f3944ce4ac5 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas@fitzek.eu>
Date: Thu, 10 Aug 2017 13:39:57 +0200
Subject: [PATCH] Allow filtering of roles during permission fetching

This adds an optional external whitelist of roles available to a user.

Change-Type: minor
Connects-To: #60
Signed-off-by: Andreas Fitzek <andreas@resin.io>
---
 src/sbvr-api/permissions.coffee | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/sbvr-api/permissions.coffee b/src/sbvr-api/permissions.coffee
index 270b6b49e..cf178dd04 100644
--- a/src/sbvr-api/permissions.coffee
+++ b/src/sbvr-api/permissions.coffee
@@ -180,7 +180,10 @@ exports.setup = (app, sbvrUtils) ->
 			throw err
 		.nodeify(callback)
 
-	exports.getUserPermissions = getUserPermissions = (userId, callback) ->
+	exports.getUserPermissions = getUserPermissions = (userId, roles, callback) ->
+		if typeof roles is 'function'
+			callback = roles
+			roles = null
 		if _.isString(userId)
 			userId = _.parseInt(userId)
 		if !_.isFinite(userId)
@@ -206,6 +209,14 @@ exports.setup = (app, sbvrUtils) ->
 								uhr: expiry_date: null
 							,	uhr: expiry_date: $gt: $now: null
 							]
+		if roles?
+			innerFilter = _.get(permsFilter, '$or.is_of__role.$any.$expr.rhp.role.$any.$expr')
+			newFilter =
+				$and: [
+					innerFilter,
+					r: name: $in: roles
+			]
+			_.set(permsFilter, '$or.is_of__role.$any.$expr.rhp.role.$any.$expr', newFilter)
 		return getPermissions(permsFilter, callback)
 
 	exports.getApiKeyPermissions = getApiKeyPermissions = do ->