From bfcfb555ffcda9120d83ebcf2a73045f3c1e4c05 Mon Sep 17 00:00:00 2001
From: mleanos <michael.leanos@gmail.com>
Date: Fri, 11 Dec 2015 04:07:34 -0800
Subject: [PATCH] fix(core): Client routes guest access bug

Adds a check for the existence of the "guest" role in the state configuration
that we're transitioning to, in the core $stateChangeStart event handler. If
it exists, then we allow access.

Also, added validation of Authentication.user object. While writing
tests, I ran into an issue here when the Authentication service wasn't injected
into a controller. Probably best to have this check in place.

Fixes https://github.com/meanjs/mean/issues/1098
---
 modules/core/client/app/init.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/core/client/app/init.js b/modules/core/client/app/init.js
index e2200743..e06e7f65 100644
--- a/modules/core/client/app/init.js
+++ b/modules/core/client/app/init.js
@@ -19,7 +19,7 @@ angular.module(ApplicationConfiguration.applicationModuleName).run(function ($ro
     if (toState.data && toState.data.roles && toState.data.roles.length > 0) {
       var allowed = false;
       toState.data.roles.forEach(function (role) {
-        if (Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1) {
+        if ((role === 'guest') || (Authentication.user && Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1)) {
           allowed = true;
           return true;
         }