login permission fix

src/Auth/Business/LuticateBusiness.php

@@ -35,6 +35,10 @@ class LuticateBusiness
      */
     public static function authFilter($permissions, $request)
     {
+        /**
+         * @var $user LuticateUsersDbo
+         */
+        $user = null;
         $token = $request->header(self::TOKEN_HEADER);
         if ($token != null && $token != "") {
             $data = JwtHelper::decode($token);
@@ -51,7 +55,11 @@ class LuticateBusiness
             self::$_currentUser = LuticateUsersBusiness::getById(0);
         }
 
-        LuController::$parameters["user"] = self::$_currentUser;
+        if (!LuticatePermissionsBusiness::getUserPermission($user->getId(), LuticatePermissions::USER_LOGIN))
+            return false;
+
+        self::$_currentUser = $user;
+        LuController::$parameters["user"] = $user;
 
         foreach ($permissions as $permission) {
             $value = LuticatePermissionsBusiness::getUserPermission(self::$_currentUser->getId(), $permission);

src/Auth/Business/LuticateUsersBusiness.php

@@ -72,9 +72,6 @@ class LuticateUsersBusiness extends LuBusiness {
         if (!self::verifyPassword($password, $user->getPassword()))
             self::badPassword();
 
-        if (!LuticatePermissionsBusiness::getUserPermission($user->getId(), LuticatePermissions::USER_LOGIN))
-            self::unauthorized("User not allowed to login");
-
         $user = LuticateUsersLoginDbo::fromUserDbo($user);
         $user->setToken(self::getToken($user));
         return $user;