From c6948da3695becf110e9e021891b609aa5e78461 Mon Sep 17 00:00:00 2001
From: Conrad Schloer <cschloer@users.noreply.github.com>
Date: Thu, 14 Sep 2017 15:38:08 -0400
Subject: [PATCH] Check if permissions are required before interacting with
 object (#33)

* Check if permissions are required before interacting with object

* Check if key is in the payload
---
 app/permissions/auth.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/permissions/auth.py b/app/permissions/auth.py
index 360b77c..fb6bfbd 100644
--- a/app/permissions/auth.py
+++ b/app/permissions/auth.py
@@ -63,11 +63,15 @@ class AuthNeed(Permission):
 
             # Check permissions
             # The self.bool_ variable is a boolean if no value is passed in
-            CLAIMS_NAMESPACE = current_app.config['AUTH0_CLAIMS_NAMESPACE']
-            actual_permissions = payload['{}permissions'.format(CLAIMS_NAMESPACE)]
-            for permission in self.required_permissions:
-                if permission not in actual_permissions:
+            if self.required_permissions:
+                CLAIMS_NAMESPACE = current_app.config['AUTH0_CLAIMS_NAMESPACE']
+                permission_key = '{}permissions'.format(CLAIMS_NAMESPACE)
+                if permission_key not in payload:
                     return False
+                actual_permissions = payload[permission_key]
+                for permission in self.required_permissions:
+                    if permission not in actual_permissions:
+                        return False
             return True
         return False
 
-- 
GitLab