Bug #8475: Fix SHOW permissions if not authenticated to app

diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php
index 0493247..59b7641 100644 (file)
--- a/framework/Core/lib/Horde/Registry.php
+++ b/framework/Core/lib/Horde/Registry.php
@@ -969,9 +969,17 @@ class Horde_Registry
         /* Always do isAuthenticated() check first. You can be an admin, but
          * application auth != Horde admin auth. */
         if (!Horde_Auth::isAuthenticated(array('app' => $app))) {
-            /* There can *never* be guest access to an application that
-             * requires authentication. */
-            return false;
+            /* There can *never* be non-SHOW guest access to an application
+             * that requires authentication. */
+            if ($perms != PERMS_SHOW) {
+                return false;
+            }
+
+            /* Otherwise, allow SHOW access for admins, for apps that do not
+             * have any explicit permissions, or for apps that allow SHOW. */
+            return Horde_Auth::isAdmin() ||
+                !$GLOBALS['perms']->exists($app) ||
+                $GLOBALS['perms']->hasPermission($app, Horde_Auth::getAuth(), $perms);
         }
 
         /* Admins always are authorized. */