From d05e65e7f58c750f6d7db1b208aa9f5ea9a60dca Mon Sep 17 00:00:00 2001
From: David Luecke <daff@neyeon.com>
Date: Thu, 13 Apr 2017 19:31:29 -0700
Subject: [PATCH] Add an error message when id is null

---
 src/restrict-to-roles.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/restrict-to-roles.js b/src/restrict-to-roles.js
index 2d54f7c..ff39398 100644
--- a/src/restrict-to-roles.js
+++ b/src/restrict-to-roles.js
@@ -59,6 +59,10 @@ export default function (options = {}) {
     // If we should allow users that own the resource and they don't already have
     // the permitted roles check to see if they are the owner of the requested resource
     if (options.owner && !authorized) {
+      if (hook.id === null) {
+        throw new errors.BadRequest('Can not verify roles when changing many resources.');
+      }
+
       if (!hook.id) {
         throw new errors.MethodNotAllowed(`The 'restrictToRoles' hook should only be used on the 'get', 'update', 'patch' and 'remove' service methods if you are using the 'owner' field.`);
       }