User Roles not added to create or update calls

[mtalma]

I have my _User class level permissions set up such an "Administrator" role can update any user's info. However when an "Administrator" attempts to update another user's info, I get a permissions error.

In RestWrite.js (line 649), we assign * and the user id to the acl array. Since we never assign Roles to the acl array, create and update queries fail with a permissions error for the "Administrator".

var options = {};
  if (!this.auth.isMaster) {
    options.acl = ['*'];
    if (this.auth.user) {
      options.acl.push(this.auth.user.id);
    }
  }

I propose the following edit to add the user roles to the acl:

var options = {};
  if (!this.auth.isMaster) {
    options.acl = ['*'];
    if (this.auth.user) {
        options.acl = options.acl.concat(this.auth.userRoles);
     }
  }

this.auth.userRoles seems to have all Roles associated with the current user plus their user id. Therefore this results in an array that looks like this: [ '*', 'role:Administrator', 'ZI7jszHWuI' ]

[gfosco]

Should be fixed by the changes in #374 which will be in 2.1.3.