From ccd2ddc056c3c06e3eb961bdf04130f2140e471a Mon Sep 17 00:00:00 2001
From: Salandora <salandora@gmail.com>
Date: Tue, 15 Dec 2015 18:04:52 +0100
Subject: [PATCH] Fixed a bug with access control during first run

Requests against restricted resources could fail even though the
first run wizard had been completed successfully.
---
 src/octoprint/server/__init__.py   | 2 +-
 src/octoprint/server/util/flask.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/octoprint/server/__init__.py b/src/octoprint/server/__init__.py
index 4506a385..0af327b6 100644
--- a/src/octoprint/server/__init__.py
+++ b/src/octoprint/server/__init__.py
@@ -101,7 +101,7 @@ def load_user(id):
 	else:
 		sessionid = None
 
-	if userManager is not None:
+	if settings().getBoolean(["accessControl", "enabled"]) and userManager is not None:
 		if sessionid:
 			return userManager.findUser(userid=id, session=sessionid)
 		else:
diff --git a/src/octoprint/server/util/flask.py b/src/octoprint/server/util/flask.py
index d1c64bb2..b17690f6 100644
--- a/src/octoprint/server/util/flask.py
+++ b/src/octoprint/server/util/flask.py
@@ -700,7 +700,7 @@ def restricted_access(func):
 	@functools.wraps(func)
 	def decorated_view(*args, **kwargs):
 		# if OctoPrint hasn't been set up yet, abort
-		if settings().getBoolean(["server", "firstRun"]) and (octoprint.server.userManager is None or not octoprint.server.userManager.hasBeenCustomized()):
+		if settings().getBoolean(["server", "firstRun"]) and settings().getBoolean(["accessControl", "enabled"]) and (octoprint.server.userManager is None or not octoprint.server.userManager.hasBeenCustomized()):
 			return flask.make_response("OctoPrint isn't setup yet", 403)
 
 		apikey = octoprint.server.util.get_api_key(flask.request)