JwtPermissionHandler should return true if no permissions are required (#29)

Author: mduesterhoeft

router/src/main/kotlin/io/moia/router/PermissionHandler.kt

@@ -52,7 +52,8 @@ open class JwtPermissionHandler(
     ) : this(JwtAccessor(request), permissionsClaim, permissionSeparator)
 
     override fun hasAnyRequiredPermission(requiredPermissions: Set<String>): Boolean =
-        extractPermissions().any { requiredPermissions.contains(it) }
+        if (requiredPermissions.isEmpty()) true
+        else extractPermissions().any { requiredPermissions.contains(it) }
 
     internal open fun extractPermissions(): Set<String> =
         accessor.extractJwtClaims()

router/src/test/kotlin/io/moia/router/JwtPermissionHandlerTest.kt

@@ -51,6 +51,15 @@ class JwtPermissionHandlerTest {
         thenRecognizesRequiredPermissions(handler)
     }
 
+    @Test
+    fun `should return true when no permissions are required`() {
+        val handler = permissionHandler(jwtWithScopeClaimSpace)
+
+        val result = handler.hasAnyRequiredPermission(emptySet())
+
+        then(result).isTrue()
+    }
+
     @Test
     fun `should work for missing header`() {
         val handler = JwtPermissionHandler(JwtAccessor(APIGatewayProxyRequestEvent()))