From 72ef940eb134acd04293169a5ce32ecc896dc0a7 Mon Sep 17 00:00:00 2001
From: Lee Brown <lee@geeksinthewoods.com>
Date: Mon, 15 Jul 2019 16:05:02 -0800
Subject: [PATCH] issue#7 fix applyClaimsSelect when empty conditions

When audience and subject are both empty, don't apply a subquery
---
 internal/account/account.go           | 6 ++++--
 internal/project/project.go           | 2 --
 internal/user/user.go                 | 6 ++++--
 internal/user_account/user_account.go | 6 ++++--
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/internal/account/account.go b/internal/account/account.go
index 2c2dfad..e220649 100644
--- a/internal/account/account.go
+++ b/internal/account/account.go
@@ -143,10 +143,12 @@ func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilde
 	if claims.Subject != "" {
 		or = append(or, subQuery.Equal("user_id", claims.Subject))
 	}
-	subQuery.Where(subQuery.Or(or...))
 
 	// Append sub query
-	query.Where(query.In("id", subQuery))
+	if len(or) > 0 {
+		subQuery.Where(subQuery.Or(or...))
+		query.Where(query.In("id", subQuery))
+	}
 
 	return nil
 }
diff --git a/internal/project/project.go b/internal/project/project.go
index b0f8db3..ecafcc3 100644
--- a/internal/project/project.go
+++ b/internal/project/project.go
@@ -95,9 +95,7 @@ func CanModifyProject(ctx context.Context, claims auth.Claims, dbConn *sqlx.DB,
 
 // applyClaimsSelect applies a sub-query to the provided query to enforce ACL based on the claims provided.
 // 	1. No claims, request is internal, no ACL applied
-
 // 	2. All role types can access their user ID
-
 func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilder.SelectBuilder) error {
 	// Claims are empty, don't apply any ACL
 	if claims.Audience == "" {
diff --git a/internal/user/user.go b/internal/user/user.go
index 736cae6..ed047a7 100644
--- a/internal/user/user.go
+++ b/internal/user/user.go
@@ -160,10 +160,12 @@ func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilde
 	if claims.Subject != "" {
 		or = append(or, subQuery.Equal("user_id", claims.Subject))
 	}
-	subQuery.Where(subQuery.Or(or...))
 
 	// Append sub query
-	query.Where(query.In("id", subQuery))
+	if len(or) > 0 {
+		subQuery.Where(subQuery.Or(or...))
+		query.Where(query.In("id", subQuery))
+	}
 
 	return nil
 }
diff --git a/internal/user_account/user_account.go b/internal/user_account/user_account.go
index 42b12de..09eff8f 100644
--- a/internal/user_account/user_account.go
+++ b/internal/user_account/user_account.go
@@ -87,10 +87,12 @@ func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilde
 	if claims.Subject != "" {
 		or = append(or, subQuery.Equal("user_id", claims.Subject))
 	}
-	subQuery.Where(subQuery.Or(or...))
 
 	// Append sub query
-	query.Where(query.In("id", subQuery))
+	if len(or) > 0 {
+		subQuery.Where(subQuery.Or(or...))
+		query.Where(query.In("id", subQuery))
+	}
 
 	return nil
 }