Fix auth on comms link and for anon user

The move to honour scope level of token broke the comms link
checking as well as the permissions checking for anon users.

red/api/auth/index.js

@@ -101,7 +101,7 @@ module.exports = {
     errorHandler: function(err,req,res,next) {
         //TODO: standardize json response
         //TODO: audit log statment
-        console.log(err.stack);
+        //console.log(err.stack);
         //log.log({level:"audit",type:"auth",msg:err.toString()});
         return server.errorHandler()(err,req,res,next);
     },

red/api/auth/permissions.js

@@ -38,7 +38,7 @@ function hasPermission(userScope,permission) {
     }
     
     if (util.isArray(permission)) {
-        for (var i=0;i<permission.length;i++) {
+        for (i=0;i<permission.length;i++) {
             if (!hasPermission(userScope,permission[i])) {
                 return false;
             }

red/api/auth/strategies.js

@@ -80,7 +80,7 @@ var passwordTokenExchange = function(client, username, password, scope, done) {
 
     Users.authenticate(username,password).then(function(user) {
         if (user) {
-            if (permissions.hasPermission(user,scope)) {
+            if (permissions.hasPermission(user.permissions,scope)) {
                 loginAttempts = loginAttempts.filter(function(logEntry) {
                     return logEntry.user !== username;
                 });
@@ -107,7 +107,7 @@ AnonymousStrategy.prototype.authenticate = function(req) {
     var self = this;
     Users.default().then(function(anon) {
         if (anon) {
-            self.success(anon);
+            self.success(anon,{scope:anon.permissions});
         } else {
             self.fail(401);
         }