Refactor CheckAccessPermission().

controllers/auth.go

@@ -51,7 +51,7 @@ func tokenToResponse(token *object.Token) *Response {
 func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *RequestForm) (resp *Response) {
 	userId := user.GetId()
 
-	allowed, err := object.CheckPermission(userId, application)
+	allowed, err := object.CheckAccessPermission(userId, application)
 	if err != nil {
 		c.ResponseError(err.Error(), nil)
 		return

object/check.go

@@ -231,19 +231,28 @@ func CheckUserPermission(requestUserId, userId string, strict bool) (bool, error
 	return hasPermission, fmt.Errorf("you don't have the permission to do this")
 }
 
-func CheckPermission(userId string, application *Application) (bool, error) {
+func CheckAccessPermission(userId string, application *Application) (bool, error) {
 	permissions := GetPermissions(application.Organization)
-	allow := true
+	allowed := true
 	var err error
 	for _, permission := range permissions {
-		if permission.IsEnabled {
-			for _, resource := range permission.Resources {
-				if resource == application.Name {
-					enforcer := getEnforcer(permission)
-					allow, err = enforcer.Enforce(userId, application.Name, "read")
-				}
+		if !permission.IsEnabled {
+			continue
+		}
+
+		isHit := false
+		for _, resource := range permission.Resources {
+			if application.Name == resource {
+				isHit = true
+				break
 			}
 		}
+
+		if isHit {
+			enforcer := getEnforcer(permission)
+			allowed, err = enforcer.Enforce(userId, application.Name, "read")
+			break
+		}
 	}
-	return allow, err
-}
+	return allowed, err
+}