auth: Changed token checking to ignore disallowed permissions instead of invalidate the key

internal/auth/token.go

@@ -105,6 +105,7 @@ func CheckToken(tokenString string) (token models.Token, err error) {
 		return models.Token{}, ErrDeletedUser
 	}
 
+	acceptedPermissions := make([]string, 0, 8)
 	for _, permission := range permissions {
 		found := false
 
@@ -115,12 +116,12 @@ func CheckToken(tokenString string) (token models.Token, err error) {
 			}
 		}
 
-		if !found {
-			return models.Token{}, ErrWrongPermissions
+		if found {
+			acceptedPermissions = append(acceptedPermissions, permission)
 		}
 	}
 
-	return models.Token{UserID: user.ID, Permissions: permissions}, nil
+	return models.Token{UserID: user.ID, Permissions: acceptedPermissions}, nil
 }
 
 func parseClaims(jwtClaims jwt.Claims) (userid string, permissions []string, err error) {