From: Jan Schneider <jan@horde.org>
Date: Mon, 17 May 2010 12:42:49 +0000 (+0200)
Subject: If we have to check for permissions, and if the user is supposed to be logged
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=fa09484302a1c29c1b44d0cb34e348a909fc2081;p=horde.git

If we have to check for permissions, and if the user is supposed to be logged
in, call checkExistingAuth() to make sure that the authentication really
hasn't expired yet.
---

diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php
index edff34325..30c363954 100644
--- a/framework/Core/lib/Horde/Registry.php
+++ b/framework/Core/lib/Horde/Registry.php
@@ -1074,13 +1074,18 @@ class Horde_Registry
          *  - To all admins.
          *  - To all authenticated users if no permission is set on $app.
          *  - To anyone who is allowed by an explicit ACL on $app. */
-        if ($checkPerms && !$this->hasPermission($app, Horde_Perms::READ)) {
-            if (!Horde_Auth::isAuthenticated(array('app' => $app))) {
+        if ($checkPerms) {
+            if (Horde_Auth::getAuth() && !Horde_Auth::checkExistingAuth()) {
                 throw new Horde_Exception('User is not authorized', self::AUTH_FAILURE);
             }
+            if (!$this->hasPermission($app, Horde_Perms::READ)) {
+                if (!Horde_Auth::isAuthenticated(array('app' => $app))) {
+                    throw new Horde_Exception('User is not authorized', self::AUTH_FAILURE);
+                }
 
-            Horde::logMessage(sprintf('%s does not have READ permission for %s', Horde_Auth::getAuth() ? 'User ' . Horde_Auth::getAuth() : 'Guest user', $app), 'DEBUG');
-            throw new Horde_Exception(sprintf(_('%s is not authorized for %s.'), Horde_Auth::getAuth() ? 'User ' . Horde_Auth::getAuth() : 'Guest user', $this->applications[$app]['name']), self::PERMISSION_DENIED);
+                Horde::logMessage(sprintf('%s does not have READ permission for %s', Horde_Auth::getAuth() ? 'User ' . Horde_Auth::getAuth() : 'Guest user', $app), 'DEBUG');
+                throw new Horde_Exception(sprintf(_('%s is not authorized for %s.'), Horde_Auth::getAuth() ? 'User ' . Horde_Auth::getAuth() : 'Guest user', $this->applications[$app]['name']), self::PERMISSION_DENIED);
+            }
         }
 
         /* Push application on the stack. */