From ad9a468b11eadc541e8d4dc2a24dcc2cb1e09b0a Mon Sep 17 00:00:00 2001
From: Ardit Domi <32884230+arditdomi@users.noreply.github.com>
Date: Thu, 30 Jun 2022 09:38:48 +0100
Subject: [PATCH] [AAE-9365] - Auth guards should return true when no roles to
 check are passed (#7695)

---
 lib/core/services/user-access.service.spec.ts | 16 ++++++++++++++++
 lib/core/services/user-access.service.ts      | 12 +++++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/lib/core/services/user-access.service.spec.ts b/lib/core/services/user-access.service.spec.ts
index f955a9abc1..59f82ac46e 100644
--- a/lib/core/services/user-access.service.spec.ts
+++ b/lib/core/services/user-access.service.spec.ts
@@ -51,6 +51,22 @@ describe('UserAccessService', () => {
         });
     }
 
+    it('should return true when no roles to check are passed in global access', async () => {
+        spyUserAccess(['MOCK_USER_ROLE'], {});
+        await userAccessService.fetchUserAccess();
+        const hasGlobalAccess = userAccessService.hasGlobalAccess([]);
+
+        expect(hasGlobalAccess).toBe(true);
+    });
+
+    it('should return true when no roles to check are passed in application access', async () => {
+        spyUserAccess([], { mockApp: { roles: ['MOCK_APP_ROLE'] } });
+        await userAccessService.fetchUserAccess();
+        const hasApplicationAccess = userAccessService.hasApplicationAccess('mockApp', []);
+
+        expect(hasApplicationAccess).toBe(true);
+    });
+
     describe('Access from JWT token', () => {
 
         it('should return true when the user has one of the global roles', async () => {
diff --git a/lib/core/services/user-access.service.ts b/lib/core/services/user-access.service.ts
index bd719a01a0..a65403ec40 100644
--- a/lib/core/services/user-access.service.ts
+++ b/lib/core/services/user-access.service.ts
@@ -84,7 +84,10 @@ export class UserAccessService {
      * @returns True if it contains at least one of the given roles, false otherwise
      */
     hasGlobalAccess(rolesToCheck: string[]): boolean {
-        return this.globalAccess ? this.globalAccess.some((role: string) => rolesToCheck.includes(role)) : false;
+        if (rolesToCheck?.length > 0) {
+            return this.globalAccess ? this.globalAccess.some((role: string) => rolesToCheck.includes(role)) : false;
+        }
+        return true;
     }
 
     /**
@@ -95,8 +98,11 @@ export class UserAccessService {
      * @returns True if it contains at least one of the given roles, false otherwise
      */
     hasApplicationAccess(appName: string, rolesToCheck: string[]): boolean {
-        const appAccess = this.hasRolesInJwt() ? this.applicationAccess[appName] : this.applicationAccess.find((app: ApplicationAccessModel) => app.name === appName);
-        return appAccess ? appAccess.roles.some(appRole => rolesToCheck.includes(appRole)) : false;
+        if (rolesToCheck?.length > 0) {
+            const appAccess = this.hasRolesInJwt() ? this.applicationAccess[appName] : this.applicationAccess.find((app: ApplicationAccessModel) => app.name === appName);
+            return appAccess ? appAccess.roles.some(appRole => rolesToCheck.includes(appRole)) : false;
+        }
+        return true;
     }
 
     /**