nil actions authenticate always as t

2026-04-27 15:40:51 -07:00 · 2022-05-03 10:01:05 -04:00 · 2022-05-03 10:01:05 -04:00 · fae0485b5b
commit fae0485b5b
parent f09a2f6ce0
2 changed files with 8 additions and 5 deletions
--- a/source/clog-auth.lisp
+++ b/source/clog-auth.lisp
@ -102,7 +102,9 @@ for CLOG")
 ;;;;;;;;;;;;;;;;;;;;;

 (defun is-authorized-p (role-list action)
-  "Given ROLE-LIST is action authorized"
-  (dolist (role role-list nil)
-    (when (member action (gethash role *authorization-hash*))
-      (return t))))
+  "Given ROLE-LIST is action authorized. If action is nil returns t."
+  (if action
+      (dolist (role role-list nil)
+	(when (member action (gethash role *authorization-hash*))
+	  (return t)))
+      t))
--- a/source/clog-web-dbi.lisp
+++ b/source/clog-web-dbi.lisp
@ -202,7 +202,8 @@ optional WHERE and ORDER-BY sql."
 value where key=PAGE or if FOLLOW-URL-PAGE is true PAGE is default
 page if no second on path otherwise page is the second on path (first
 must be base-url). If comment-table is nil no comments are shown. User
-must authorize on CAN-COMMENT, CAN-SHOW-COMMENTS and if CAN-EDIT."
+must authorize on action set by CAN-COMMENT, CAN-SHOW-COMMENTS and if
+CAN-EDIT unless they are set to nil."
  (lambda (obj)
    (let* ((body    (connection-body obj))
 	   (prof    (profile (get-web-site body)))