From e991bcd39420ac5db1cd331b83302e7cc3f31c33 Mon Sep 17 00:00:00 2001
From: Manuel <30572287+manuel-rw@users.noreply.github.com>
Date: Tue, 31 Oct 2023 19:04:59 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Access=20callback=20conditions?=
 =?UTF-8?q?=20(#1536)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/pages/board/[slug].tsx       |  2 +-
 src/tools/server/loginBuilder.ts | 27 ++++++++++++++++-----------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/src/pages/board/[slug].tsx b/src/pages/board/[slug].tsx
index f8974e394..c121d93cb 100644
--- a/src/pages/board/[slug].tsx
+++ b/src/pages/board/[slug].tsx
@@ -62,7 +62,7 @@ export const getServerSideProps: GetServerSideProps<BoardGetServerSideProps> = a
   const result = checkForSessionOrAskForLogin(
     ctx,
     session,
-    () => config.settings.access.allowGuests || !!session?.user
+    () => config.settings.access.allowGuests || session?.user != undefined
   );
   if (result) {
     return result;
diff --git a/src/tools/server/loginBuilder.ts b/src/tools/server/loginBuilder.ts
index 297076c47..9f9a3a2cd 100644
--- a/src/tools/server/loginBuilder.ts
+++ b/src/tools/server/loginBuilder.ts
@@ -14,17 +14,10 @@ export const checkForSessionOrAskForLogin = (
   session: Session | null,
   accessCallback: () => boolean
 ): GetServerSidePropsResult<any> | undefined => {
-  if (!session?.user) {
-    return {
-      props: {},
-      redirect: {
-        destination: `/auth/login?redirectAfterLogin=${context.resolvedUrl}`,
-        permanent: false,
-      },
-    };
-  }
+  const permitted = accessCallback();
 
-  if (!accessCallback()) {
+  // user is logged in but does not have the required access
+  if (session?.user && !permitted) {
     return {
       props: {},
       redirect: {
@@ -34,5 +27,17 @@ export const checkForSessionOrAskForLogin = (
     };
   }
 
-  return undefined;
+  // user *may* be logged in and permitted
+  if (permitted) {
+    return undefined;
+  }
+
+  // user is logged out and needs to sign in
+  return {
+    props: {},
+    redirect: {
+      destination: `/auth/login?redirectAfterLogin=${context.resolvedUrl}`,
+      permanent: false,
+    },
+  };
 };