[Tickets #8475] Re: Skipping login tasks not working as expected
bugs at horde.org
bugs at horde.org
Wed Aug 5 19:03:39 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8475
------------------------------------------------------------------------------
Ticket | 8475
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Skipping login tasks not working as expected
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
-Owners | Michael Slusarz
+Owners | Jan Schneider, Michael Slusarz
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2009-08-05 15:03) wrote:
> I'm not sure, I'm getting this now:
This has nothing to do with logintasks - it has to do with you being
an admin. In Horde_Registry::pushApp(), if you are an admin the line:
$checkPerms && $this->hasPermission($app, PERMS_READ)
will always return true, and the code in hasPermission() will *never*
call isAuthenticated() to setup the session. The isAuthenticated()
check must occur before the session is created in any application
handling authentication.
I think there are 2 problems with the logic in hasPermission():
1.) Being a horde admin does not automatically give you 'permission'
to access it. You need valid authentication to that auth also.
2.) Applications that require authentication by definition will
*never* allow guest access.
So try my commit to Registry.php in hordegit - it seems to fix things for me.
More information about the bugs
mailing list