fixes delete calls breaking for non-authorize calls

index.js

@@ -46,6 +46,8 @@ module.exports = (acl, library = 'role-acl', opts) => {
 
       // wrappers around acl, querybuilder, and model
       _checkAccess (action, body) {
+        if (!this._shouldCheckAccess) return body
+
         const {
           _user: user,
           _resource: resource,

lib/role-acl@3.js

@@ -5,7 +5,7 @@
 // and M: the number of rules to match.
 exports.getAccess = (acl, user, resource, action, body, opts) =>
   acl
-    .can(opts.roleFromUser(user)) // role
+    .can(opts.roleFromUser(user))
     .execute(action)
     .context(
       Object.assign(

lib/role-acl@4.js

@@ -1,8 +1,11 @@
 // With role-acl v4.3.2, they brought back synchronous acl checks.
 // This is basically the same as role-acl@3 except we now have to append .sync()
-exports.getAccess = (acl, user, resource, action, body, opts) =>
+// to get the same behaviour of v<4.
+const roleAcl3 = require('./role-acl@3')
+
+roleAcl3.getAccess = (acl, user, resource, action, body, opts) =>
   acl
-    .can(opts.roleFromUser(user)) // role
+    .can(opts.roleFromUser(user))
     .execute(action)
     .context(
       Object.assign(
@@ -15,13 +18,4 @@ exports.getAccess = (acl, user, resource, action, body, opts) =>
     .sync()
     .on(resource.constructor.name)
 
-exports.isAuthorized = access => access.granted
-
-exports.pickFields = access =>
-  access.attributes.filter(field => field !== '*' && !field.startsWith('!')) ||
-  []
-
-exports.omitFields = access =>
-  access.attributes
-    .filter(field => field.startsWith('!'))
-    .map(field => field.substr(1)) || []
+module.exports = roleAcl3

test/utils/plugin-test.js

@@ -146,6 +146,10 @@ module.exports = (acl, library) => {
               .authorize(testUser)
               .delete()
           })
+
+          test("doesn't break non-authorize calls", async () => {
+            await User.query().deleteById(5)
+          })
         })
       })
     })