issue#7 fix applyClaimsSelect when empty conditions

When audience and subject are both empty, don't apply a subquery

internal/account/account.go

@@ -143,10 +143,12 @@ func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilde
 	if claims.Subject != "" {
 		or = append(or, subQuery.Equal("user_id", claims.Subject))
 	}
-	subQuery.Where(subQuery.Or(or...))
 
 	// Append sub query
+	if len(or) > 0 {
+		subQuery.Where(subQuery.Or(or...))
 		query.Where(query.In("id", subQuery))
+	}
 
 	return nil
 }

internal/project/project.go

@@ -95,9 +95,7 @@ func CanModifyProject(ctx context.Context, claims auth.Claims, dbConn *sqlx.DB,
 
 // applyClaimsSelect applies a sub-query to the provided query to enforce ACL based on the claims provided.
 // 	1. No claims, request is internal, no ACL applied
-
 // 	2. All role types can access their user ID
-
 func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilder.SelectBuilder) error {
 	// Claims are empty, don't apply any ACL
 	if claims.Audience == "" {

internal/user/user.go

@@ -160,10 +160,12 @@ func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilde
 	if claims.Subject != "" {
 		or = append(or, subQuery.Equal("user_id", claims.Subject))
 	}
-	subQuery.Where(subQuery.Or(or...))
 
 	// Append sub query
+	if len(or) > 0 {
+		subQuery.Where(subQuery.Or(or...))
 		query.Where(query.In("id", subQuery))
+	}
 
 	return nil
 }

internal/user_account/user_account.go

@@ -87,10 +87,12 @@ func applyClaimsSelect(ctx context.Context, claims auth.Claims, query *sqlbuilde
 	if claims.Subject != "" {
 		or = append(or, subQuery.Equal("user_id", claims.Subject))
 	}
-	subQuery.Where(subQuery.Or(or...))
 
 	// Append sub query
+	if len(or) > 0 {
+		subQuery.Where(subQuery.Or(or...))
 		query.Where(query.In("id", subQuery))
+	}
 
 	return nil
 }