From: Michael M Slusarz <slusarz@curecanti.org>
Date: Mon, 24 Aug 2009 20:05:32 +0000 (-0600)
Subject: Add Horde_Auth::requireAuth()
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=ac62f8bbf7faa5614a4a55d00dce12007d5a9ef6;p=horde.git

Add Horde_Auth::requireAuth()
---

diff --git a/framework/Auth/lib/Horde/Auth.php b/framework/Auth/lib/Horde/Auth.php
index 62dda895f..a09cc8e39 100644
--- a/framework/Auth/lib/Horde/Auth.php
+++ b/framework/Auth/lib/Horde/Auth.php
@@ -370,6 +370,7 @@ class Horde_Auth
      * </pre>
      *
      * @return boolean  Whether or not the user is authenticated.
+     * @throws Horde_Auth_Exception
      */
     static public function isAuthenticated($options = array())
     {
@@ -394,6 +395,26 @@ class Horde_Auth
     }
 
     /**
+     * Checks if an application requires additional authentication above and
+     * beyond Horde authentication.
+     *
+     * @params string $app  The application to check.
+     *
+     * @return boolean  Whether or not the application required additional
+     *                  authentication.
+     * @throws Horde_Auth_Exception
+     */
+    static public function requireAuth($app)
+    {
+        if ($app == 'horde') {
+            return false;
+        }
+
+        $app_auth = self::singleton('application', array('app' => $app));
+        return $app_auth->requireAuth();
+    }
+
+    /**
      * Check existing auth for triggers that might invalidate it.
      *
      * @return boolean  Is existing auth valid?
diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php
index 992a1f84e..007105ffc 100644
--- a/framework/Core/lib/Horde/Registry.php
+++ b/framework/Core/lib/Horde/Registry.php
@@ -975,14 +975,12 @@ class Horde_Registry
     public function hasPermission($app, $perms = PERMS_READ)
     {
         /* Always do isAuthenticated() check first. You can be an admin, but
-         * application auth != Horde admin auth. */
-        if (!Horde_Auth::isAuthenticated(array('app' => $app))) {
-            /* There can *never* be non-SHOW access to an application that
-             * requires authentication. */
-            $app_auth = Horde_Auth::singleton('application', array('app' => $app));
-            if ($app_auth->requireAuth() && ($perms != PERMS_SHOW)) {
-                return false;
-            }
+         * application auth != Horde admin auth. And there can *never* be
+         * non-SHOW access to an application that requires authentication. */
+        if (!Horde_Auth::isAuthenticated(array('app' => $app)) &&
+            Horde_Auth::requireAuth($app) &&
+            ($perms != PERMS_SHOW)) {
+            return false;
         }
 
         /* Otherwise, allow access for admins, for apps that do not have any