From 67232aab1521a93d5f9a0ba7a6cbce124bacee13 Mon Sep 17 00:00:00 2001
From: webplusai <smupyknight@outlook.com>
Date: Sat, 14 Dec 2024 11:00:14 +0100
Subject: [PATCH] Feature/#8812 anon access fix (#8815)

* #8812 resolve issue with anonymous access

* #8812 bug fix with anonymous access
---
 .../multiwikiserver/modules/routes/helpers/acl-middleware.js  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js
index 2f66060ea..adbdcff7a 100644
--- a/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js
@@ -47,7 +47,7 @@ exports.middleware = function (request, response, state, entityType, permissionN
 	var decodedEntityName = decodeURIComponent(partiallyDecoded);
 	var aclRecord = sqlTiddlerDatabase.getACLByName(entityType, decodedEntityName);
 	var isGetRequest = request.method === "GET";
-	var hasAnonymousAccess = state.allowAnon && (isGetRequest ? state.allowAnonReads : state.allowAnonWrites);
+	var hasAnonymousAccess = state.allowAnon ? (isGetRequest ? state.allowAnonReads : state.allowAnonWrites) : false;
 	var entity = sqlTiddlerDatabase.getEntityByName(entityType, decodedEntityName);
 	if(entity?.owner_id) {
 		if(state.authenticatedUser?.user_id && (state.authenticatedUser?.user_id !== entity.owner_id) || !state.authenticatedUser?.user_id && !hasAnonymousAccess) {
@@ -59,7 +59,7 @@ exports.middleware = function (request, response, state, entityType, permissionN
 		}
 	} else {
 		// First, we need to check if anonymous access is allowed
-		if(!state.authenticatedUser?.user_id && !hasAnonymousAccess && (isGetRequest && entity?.owner_id)) {
+		if(!state.authenticatedUser?.user_id && !hasAnonymousAccess) {
 			if(!response.headersSent) {
 				response.writeHead(401, "Unauthorized");
 				response.end();