fix(core): Client routes guest access bug

Adds a check for the existence of the "guest" role in the state configuration that we're transitioning to, in the core $stateChangeStart event handler. If it exists, then we allow access. Also, added validation of Authentication.user object. While writing tests, I ran into an issue here when the Authentication service wasn't injected into a controller. Probably best to have this check in place. Fixes #1098
meanjs · Dec 30, 2015 · bfcfb55 · bfcfb55
1 parent b12be5f
commit bfcfb55
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/core/client/app/init.js b/modules/core/client/app/init.js
@@ -19,7 +19,7 @@ angular.module(ApplicationConfiguration.applicationModuleName).run(function ($ro
     if (toState.data && toState.data.roles && toState.data.roles.length > 0) {
       var allowed = false;
       toState.data.roles.forEach(function (role) {
-        if (Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1) {
+        if ((role === 'guest') || (Authentication.user && Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1)) {
           allowed = true;
           return true;
         }