With basic authentication requests, user write and read rules are not correctly managed to provide access to resource's data and permission (normal user).
The resource is listed, the canEdit and canRead flags are correctly set in listing queries (e.g. extjs/search) but the resource is not available to the user.

Steps to reproduce

• Create a resource (the default resources are assigned) with a normal user
• Try to access to the resource using token (taken from /login entry point)
• Try to access to the resource's permission (see rest api) using basic auth

Expected result

You can access both using basic or session key

Effective result

You can access the resource only with session key

Notes

This issue has been highlighted by this PR . The correction to the code for retrieving permission (instead of taking the first rule for the user, whatever it is) caused this problem, because now the user is checked.
We could fix is by excluding group rules in another way(i.e. excluding rules with group set), if it's confirmed that the rules returned are only the current user's ones.