From 260c2e7f7610010b1acfad3881c1235f575f786b Mon Sep 17 00:00:00 2001
From: Gisle Aune <dev@gisle.me>
Date: Tue, 18 Sep 2018 20:24:04 +0200
Subject: [PATCH] auth: Changed token checking to ignore disallowed permissions
 instead of invalidate the key

---
 internal/auth/token.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/internal/auth/token.go b/internal/auth/token.go
index 212d2c3..f42e421 100644
--- a/internal/auth/token.go
+++ b/internal/auth/token.go
@@ -105,6 +105,7 @@ func CheckToken(tokenString string) (token models.Token, err error) {
 		return models.Token{}, ErrDeletedUser
 	}
 
+	acceptedPermissions := make([]string, 0, 8)
 	for _, permission := range permissions {
 		found := false
 
@@ -115,12 +116,12 @@ func CheckToken(tokenString string) (token models.Token, err error) {
 			}
 		}
 
-		if !found {
-			return models.Token{}, ErrWrongPermissions
+		if found {
+			acceptedPermissions = append(acceptedPermissions, permission)
 		}
 	}
 
-	return models.Token{UserID: user.ID, Permissions: permissions}, nil
+	return models.Token{UserID: user.ID, Permissions: acceptedPermissions}, nil
 }
 
 func parseClaims(jwtClaims jwt.Claims) (userid string, permissions []string, err error) {