fixed issue troygoode#19

Thieum · Sep 24, 2011 · d6f22ef · d6f22ef
1 parent 1637768
commit d6f22ef
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/MvcMembership/AuthorizeUnlessOnlyUserAttribute.cs b/src/MvcMembership/AuthorizeUnlessOnlyUserAttribute.cs
@@ -35,7 +35,7 @@ protected override bool AuthorizeCore(HttpContextBase httpContext)
 
 			//allow anyone access if there are less than two users, otherwise
 			// - use normal logic (and cache this finding in a static variable)
-			if (!_hasAtLeastTwoUsers && _userService.TotalUsers > 1)
+			if (_hasAtLeastTwoUsers || _userService.TotalUsers > 1)
 				_hasAtLeastTwoUsers = true;
 			else
 				return true;
@@ -51,7 +51,11 @@ protected override bool AuthorizeCore(HttpContextBase httpContext)
 				return false;
 
 			//added the check for whether the role service is enabled or not. if it isn't, don't validate on that
-			return !_rolesService.Enabled || !_rolesSplit.Any() || _rolesSplit.Any(user.IsInRole);
+			if (!_rolesService.Enabled || !_rolesSplit.Any())
+				return true;
+
+			//is this user in one of the necessary roles?
+			return _rolesSplit.Any(user.IsInRole);
 		}
 
 		private static string[] SplitString(string original)