If undefined pass in roles array, it always return true

Meteor-Community-Packages / meteor-roles

Authorization package for Meteor, compatible with built-in accounts packages

http://meteor-community-packages.github.io/meteor-roles/

MIT License

921 stars 166 forks source link

If undefined pass in roles array, it always return true #258

Closed felixhamel closed 4 years ago

felixhamel commented 6 years ago

Hi there,

First, really great plugin 👍

Second, I think that we found a bug. If we pass undefined in the roles array, it already returns true. It makes sense in a way, but in another it's so easy to make a simple mistake and then all the permissions are broken.

Example :

Roles.userIsInRoles(Meteor.userId(), ["Role1", "Role2", undefined], "GroupName); // Always return true

If it's on purpose, then it's ok, but otherwise it might be a good idea to fix it.

mitar commented 4 years ago

I cannot reproduce this in v1 nor in v2.

See fa18a4f46a2cdc96752d4bbf91acd2ac2532c528 and 0978fdb52e8bc7dcadd52f4c5d9c2e48207da389.