From: Michael M Slusarz <slusarz@curecanti.org>
Date: Mon, 24 Aug 2009 15:32:18 +0000 (-0600)
Subject: Add Horde_Auth_Application::requireAuth()
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=b7632d958b2e57d66d41c71e9f2772aa31714672;p=horde.git

Add Horde_Auth_Application::requireAuth()

This reverts commit 5df37f9934afeee9f4741d41f92c06cfc4b39ca9.
---

diff --git a/framework/Auth/lib/Horde/Auth/Application.php b/framework/Auth/lib/Horde/Auth/Application.php
index bac41c5e4..00e56e2bf 100644
--- a/framework/Auth/lib/Horde/Auth/Application.php
+++ b/framework/Auth/lib/Horde/Auth/Application.php
@@ -331,4 +331,14 @@ class Horde_Auth_Application extends Horde_Auth_Base
         }
     }
 
+    /**
+     * Indicate whether the application requires authentication.
+     *
+     * @return boolean  True if application requires authentication.
+     */
+    public function requireAuth()
+    {
+        return $this->hasCapability('authenticate') || $this->hasCapability('transparent');
+    }
+
 }
diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php
index 7bcdf63fe..992a1f84e 100644
--- a/framework/Core/lib/Horde/Registry.php
+++ b/framework/Core/lib/Horde/Registry.php
@@ -977,17 +977,20 @@ class Horde_Registry
         /* Always do isAuthenticated() check first. You can be an admin, but
          * application auth != Horde admin auth. */
         if (!Horde_Auth::isAuthenticated(array('app' => $app))) {
-            /* Allow SHOW access for admins, for apps that do not have any
-             * explicit permissions, or for apps that allow SHOW. */
-            return Horde_Auth::isAdmin() ||
-                !$GLOBALS['perms']->exists($app) ||
-                $GLOBALS['perms']->hasPermission($app, Horde_Auth::getAuth(), $perms);
+            /* There can *never* be non-SHOW access to an application that
+             * requires authentication. */
+            $app_auth = Horde_Auth::singleton('application', array('app' => $app));
+            if ($app_auth->requireAuth() && ($perms != PERMS_SHOW)) {
+                return false;
+            }
         }
 
-        /* Admins always are authorized. */
-        return (!Horde_Auth::isAdmin() && $GLOBALS['perms']->exists($app))
-            ? $GLOBALS['perms']->hasPermission($app, Horde_Auth::getAuth(), $perms)
-            : true;
+        /* Otherwise, allow access for admins, for apps that do not have any
+         * have any explicit permissions, or for apps that allow the given
+         * permission. */
+        return Horde_Auth::isAdmin() ||
+            !$GLOBALS['perms']->exists($app) ||
+            $GLOBALS['perms']->hasPermission($app, Horde_Auth::getAuth(), $perms);
     }
 
     /**