remove ROLE_USER

every authenticated user has ROLE_USER. So, this role is superfluous
2020-02-13 21:53:57 -08:00
parent 25d871860d
commit fd8abbe2ab
2 changed files with 23 additions and 26 deletions
--- a/src/accesscontrol.js
+++ b/src/accesscontrol.js
@@ -2,7 +2,6 @@

 exports = module.exports = {
    ROLE_ADMIN: 'admin',
-    ROLE_USER: 'user',

    verifyToken: verifyToken,
    hasRole: hasRole
@@ -17,7 +16,6 @@ function hasRole(user, requiredRole) {
    assert.strictEqual(typeof user, 'object');
    assert.strictEqual(typeof requiredRole, 'string');

-    if (requiredRole === exports.ROLE_USER) return null;
    if (requiredRole === exports.ROLE_ADMIN && user.admin) return null;

    return new BoxError(BoxError.ACCESS_DENIED, 'Not allowed');