Skip to content

Commit

Permalink
fix: do not throw permission exception for anonymous user
Browse files Browse the repository at this point in the history
  • Loading branch information
@pnal
pnal committed Dec 4, 2024
1 parent 071f236 commit 1daadce
Showing 1 changed file with 13 additions and 12 deletions.
25 changes: 13 additions & 12 deletions models/classes/routing/ActionEnforcer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,12 +159,14 @@ protected function verifyAuthorization()
$func->hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters()) &&
!$data->hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters())
) {
throw new PermissionException(
$user->getIdentifier(),
$this->getAction(),
$this->getControllerClass(),
$this->getExtensionId()
);
if ($user->getIdentifier()) {
throw new PermissionException(
$user->getIdentifier(),
$this->getAction(),
$this->getControllerClass(),
$this->getExtensionId()
);
}
}

throw new tao_models_classes_AccessDeniedException(
Expand Down Expand Up @@ -198,12 +200,11 @@ public function execute()
} catch (PermissionException $pe) {
// forward the action (yes it's an awful hack, but far better than adding a step in Bootstrap's dispatch
// error).
if (common_session_SessionManager::getSession()->getUser()->getIdentifier()) {
Context::getInstance()->setExtensionName('tao');
$this->action = 'denied';
$this->controllerClass = 'tao_actions_Permission';
$this->extension = 'tao';
}

Context::getInstance()->setExtensionName('tao');
$this->action = 'denied';
$this->controllerClass = 'tao_actions_Permission';
$this->extension = 'tao';
}

$response = $this->resolve($this->getRequest());
Expand Down

0 comments on commit 1daadce

Please sign in to comment.