afb-auth: improve afb_auth_check_permission

The test was previously done in the caller but because
afb_auth_check_permission can now be called by other
callers, the test must be relocated.

Change-Id: I08a3a92afbe0b4dcfb223335b1e76b2d4aff005f
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

1 files changed, 12 insertions, 6 deletions

diff --git a/src/afb-auth.c b/src/afb-auth.c
index 17d355b0..ff4ff9da 100644
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -43,10 +43,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
 		return afb_context_check_loa(&xreq->context, auth->loa);
 
 	case afb_auth_Permission:
-		if (xreq->cred && auth->text)
-			return afb_auth_check_permission(xreq, auth->text);
-		/* TODO: handle case of self permission */
-		return 1;
+		return afb_auth_check_permission(xreq, auth->text);
 
 	case afb_auth_Or:
 		return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next);
@@ -75,6 +72,15 @@ int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
 {
 	int rc;
 
+	if (!xreq->cred) {
+		/* case of permission for self */
+		return 1;
+	}
+	if (!permission) {
+		ERROR("Got a null permission!");
+		return 0;
+	}
+
 	/* cynara isn't reentrant */
 	pthread_mutex_lock(&mutex);
 
@@ -99,8 +105,8 @@ int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
 #else
 int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
 {
-	WARNING("Granting permission %s by default of backend", permission);
-	return 1;
+	WARNING("Granting permission %s by default of backend", permission ?: "(null)");
+	return !!permission;
 }
 #endif