# HG changeset patch
# User bsw
# Date 1603209758 -7200
# Node ID 1eaea27130bcbe74deb1ed3ef86725006b175306
# Parent  b0b557858fd8192bac751090e513c987fc4c4135
Fixed logic in auth filter

diff -r b0b557858fd8 -r 1eaea27130bc app/main/_filter/21_auth.lua
--- a/app/main/_filter/21_auth.lua	Tue Oct 20 17:58:07 2020 +0200
+++ b/app/main/_filter/21_auth.lua	Tue Oct 20 18:02:38 2020 +0200
@@ -56,7 +56,7 @@
   auth_needed = false
 end
 
-if app.session then
+if auth_needed then
 
   if app.session:has_access("anonymous") then
 
@@ -127,7 +127,7 @@
 --   app.session.user_id = 1
 -- end
 
-if auth_needed and not app.session or not app.session.member then
+if auth_needed and not app.session.member then
   trace.debug("Not authenticated yet.")
   local params = json.object()
   for key, val in pairs(request.get_param_strings()) do
@@ -149,8 +149,8 @@
 elseif auth_needed and app.session.member.locked then
   trace.debug("Member locked.")
   request.redirect{ module = 'index', view = 'login' }
-elseif app.session then
-  if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check 
+else
+  if app.session and config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check 
     and not (module == "admin" or (module == "index" and (
       view == "check_delegations" 
       or action == "check_delegations"