Fix nil account bug

auth/auth.go

@@ -4,6 +4,7 @@ package auth
 import (
 	"context"
 	"errors"
+	"strings"
 	"time"
 )
 
@@ -60,13 +61,13 @@ type Account struct {
 }
 
 // HasScope returns a boolean indicating if the account has the given scope
-func (a *Account) HasScope(scope string) bool {
+func (a *Account) HasScope(scopes ...string) bool {
 	if a.Scopes == nil {
 		return false
 	}
 
 	for _, s := range a.Scopes {
-		if s == scope {
+		if s == strings.Join(scopes, ".") {
 			return true
 		}
 	}

auth/auth_test.go

@@ -3,15 +3,15 @@ package auth
 import "testing"
 
 func TestHasScope(t *testing.T) {
-	if new(Account).HasScope("namespace.foo") {
+	if new(Account).HasScope("namespace", "foo") {
 		t.Errorf("Expected the blank account to not have a role")
 	}
 
 	acc := Account{Scopes: []string{"namespace.foo"}}
-	if !acc.HasScope("namespace.foo") {
+	if !acc.HasScope("namespace", "foo") {
 		t.Errorf("Expected the account to have the namespace.foo role")
 	}
-	if acc.HasScope("namespace.bar") {
+	if acc.HasScope("namespace", "bar") {
 		t.Errorf("Expected the account to not have the namespace.bar role")
 	}
 }

util/wrapper/wrapper.go

@@ -208,14 +208,14 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 
 			// Verify the caller has access to the resource
 			err := a.Verify(account, res)
-			if err != nil && len(account.ID) > 0 {
+			if err != nil && account != nil {
 				return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
 			} else if err != nil {
 				return errors.Unauthorized(req.Service(), "Unauthorised call made to %v:%v", req.Service(), req.Endpoint())
 			}
 
 			// There is an account, set it in the context
-			if len(account.ID) > 0 {
+			if account != nil {
 				ctx = auth.ContextWithAccount(ctx, account)
 			}