From 4d2de923cda221d3c1af0cfa3bb5e151dabf1d3e Mon Sep 17 00:00:00 2001
From: Ben Toogood <bentoogood@gmail.com>
Date: Fri, 15 May 2020 10:24:30 +0100
Subject: [PATCH] Auth: setup a public rule

---
 auth/service/service.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/auth/service/service.go b/auth/service/service.go
index 482b488f..733244a6 100644
--- a/auth/service/service.go
+++ b/auth/service/service.go
@@ -203,7 +203,13 @@ var ruleJoinKey = ":"
 // accessForRule returns a rule status, indicating if a rule permits access to a
 // resource for a given account
 func accessForRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) pb.Access {
-	if rule.Role == "*" {
+	// a blank role permits access to the public
+	if rule.Role == "" {
+		return rule.Access
+	}
+
+	// a * role permits access to any user
+	if rule.Role == "*" && acc != nil {
 		return rule.Access
 	}