From: Michael M Slusarz <slusarz@curecanti.org>
Date: Wed, 19 Aug 2009 18:08:08 +0000 (-0600)
Subject: Bug #8475: Fix SHOW permissions if not authenticated to app
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=6a47d38e221f8551ef9019cb2dc99d004cb30ffe;p=horde.git

Bug #8475: Fix SHOW permissions if not authenticated to app
---

diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php
index 0493247a6..59b764193 100644
--- a/framework/Core/lib/Horde/Registry.php
+++ b/framework/Core/lib/Horde/Registry.php
@@ -969,9 +969,17 @@ class Horde_Registry
         /* Always do isAuthenticated() check first. You can be an admin, but
          * application auth != Horde admin auth. */
         if (!Horde_Auth::isAuthenticated(array('app' => $app))) {
-            /* There can *never* be guest access to an application that
-             * requires authentication. */
-            return false;
+            /* There can *never* be non-SHOW guest access to an application
+             * that requires authentication. */
+            if ($perms != PERMS_SHOW) {
+                return false;
+            }
+
+            /* Otherwise, allow SHOW access for admins, for apps that do not
+             * have any explicit permissions, or for apps that allow SHOW. */
+            return Horde_Auth::isAdmin() ||
+                !$GLOBALS['perms']->exists($app) ||
+                $GLOBALS['perms']->hasPermission($app, Horde_Auth::getAuth(), $perms);
         }
 
         /* Admins always are authorized. */