From 5b0b3085136a581b14ad1c61d193bf0cf3d91ea2 Mon Sep 17 00:00:00 2001
From: Sebastian Gierlinger <s.gierlinger@me.com>
Date: Wed, 9 Jul 2014 13:34:38 +0200
Subject: [PATCH] Owner has all user permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

closes #3075
- added special treatment for role with name ‚Owner‘
---
 core/server/permissions/effective.js | 10 ++++++++--
 core/server/permissions/index.js     |  8 ++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/core/server/permissions/effective.js b/core/server/permissions/effective.js
index 9042f94fa6..d48a21c39d 100644
--- a/core/server/permissions/effective.js
+++ b/core/server/permissions/effective.js
@@ -6,13 +6,19 @@ var _ = require('lodash'),
 
 var effective = {
     user: function (id) {
-        return User.findOne({id: id}, { include: ['permissions', 'roles.permissions'] })
+        return User.findOne({id: id}, { include: ['permissions', 'roles', 'roles.permissions'] })
             .then(function (foundUser) {
                 var seenPerms = {},
                     rolePerms = _.map(foundUser.related('roles').models, function (role) {
                         return role.related('permissions').models;
                     }),
-                    allPerms = [];
+                    allPerms = [],
+                    user = foundUser.toJSON();
+
+                // TODO: using 'Owner' as return value is a bit hacky.
+                if (user.roles[0] && user.roles[0].name === 'Owner') {
+                    return 'Owner';
+                }
 
                 rolePerms.push(foundUser.related('permissions').models);
 
diff --git a/core/server/permissions/index.js b/core/server/permissions/index.js
index b8998b1b35..9c7c8565a6 100644
--- a/core/server/permissions/index.js
+++ b/core/server/permissions/index.js
@@ -103,10 +103,14 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (obj_types, act_type,
                         // TODO: String vs Int comparison possibility here?
                         return modelId === permObjId;
                     };
-
                 // Check user permissions for matching action, object and id.
                 if (!_.isEmpty(userPermissions)) {
-                    hasUserPermission = _.any(userPermissions, checkPermission);
+                    // TODO: using 'Owner' is a bit hacky.
+                    if (userPermissions === 'Owner') {
+                        hasUserPermission = true;
+                    } else {
+                        hasUserPermission = _.any(userPermissions, checkPermission);
+                    }
                 }
 
                 // Check app permissions if they were passed