From 5a38d1e33481297fbd2c677255a7a0658b525270 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Wed, 5 Aug 2009 12:59:47 -0600
Subject: [PATCH] Bug #8475: Fix hasPermission()

---
 framework/Core/lib/Horde/Registry.php | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php
index 585b57df9..9d3f5e978 100644
--- a/framework/Core/lib/Horde/Registry.php
+++ b/framework/Core/lib/Horde/Registry.php
@@ -975,17 +975,18 @@ class Horde_Registry
      */
     public function hasPermission($app, $perms = PERMS_READ)
     {
-        // Admins always are authorized.
-        if (Horde_Auth::isAdmin()) { return true; }
-
-        // If there is no permission for $app, allow access for authenticated
-        // users.
-        if (!$GLOBALS['perms']->exists($app)) {
-            return Horde_Auth::isAuthenticated(array('app' => $app));
+        /* Always do isAuthenticated() check first. You can be an admin, but
+         * application auth != Horde admin auth. */
+        if (!Horde_Auth::isAuthenticated(array('app' => $app))) {
+            /* There can *never* be guest access to an application that
+             * requires authentication. */
+            return false;
         }
 
-        // Use the permission set for $app.
-        return $GLOBALS['perms']->hasPermission($app, Horde_Auth::getAuth(), $perms);
+        /* Admins always are authorized. */
+        return (!Horde_Auth::isAdmin() && $GLOBALS['perms']->exists($app))
+            ? $GLOBALS['perms']->hasPermission($app, Horde_Auth::getAuth(), $perms)
+            : true;
     }
 
     /**
-- 
2.11.0