From 35d575e7ac19e18903e6a9bb36ad435b0a4d59ba Mon Sep 17 00:00:00 2001
From: Lenin Alevski <alevsk.8772@gmail.com>
Date: Tue, 19 May 2020 13:26:53 -0700
Subject: [PATCH] Allow sign-in users without policy (#129)

---
 restapi/user_login.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/restapi/user_login.go b/restapi/user_login.go
index 67908b4b9..7bbdcfcef 100644
--- a/restapi/user_login.go
+++ b/restapi/user_login.go
@@ -123,14 +123,15 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, error) {
 		log.Println("error login:", err)
 		return nil, errInvalidCredentials
 	}
-	policy, err := adminClient.getPolicy(ctx, userInfo.PolicyName)
-	if err != nil {
-		log.Println("error login:", err)
-		return nil, errInvalidCredentials
+	policy, _ := adminClient.getPolicy(ctx, userInfo.PolicyName)
+	// by default every user starts with an empty array of available actions
+	// therefore we would have access only to pages that doesn't require any privilege
+	// ie: service-account page
+	actions := []string{}
+	// if a policy is assigned to this user we parse the actions from there
+	if policy != nil {
+		actions = acl.GetActionsStringFromPolicy(policy)
 	}
-
-	actions := acl.GetActionsStringFromPolicy(policy)
-
 	sessionID, err := login(credentials, actions)
 	if err != nil {
 		return nil, err