From a648e634f34bf27012a423f942f64356b11b30fd Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@chec.io>
Date: Sun, 22 Mar 2020 18:43:20 -0700
Subject: [PATCH] FIX Members minimal CMS access were previously stuck in a
 login loop, now redirects to MFA

---
 src/Service/EnforcementManager.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/Service/EnforcementManager.php b/src/Service/EnforcementManager.php
index a442f690..214a059e 100644
--- a/src/Service/EnforcementManager.php
+++ b/src/Service/EnforcementManager.php
@@ -98,8 +98,13 @@ public function shouldRedirectToMFA(Member $member): bool
             return false;
         }
 
-        if ($this->config()->get('requires_admin_access') && !$this->hasAdminAccess($member)) {
-            return false;
+        if ($this->config()->get('requires_admin_access')) {
+            $hasAdminAccess = Member::actAs($member, function () use ($member) {
+                return $this->hasAdminAccess($member);
+            });
+            if (!$hasAdminAccess) {
+                return false;
+            }
         }
 
         $methodRegistry = MethodRegistry::singleton();
@@ -229,7 +234,7 @@ protected function hasAdminAccess(Member $member): bool
         }
 
         // Look through all LeftAndMain subclasses to find if one permits the member to view
-        $menu = $leftAndMain->MainMenu();
+        $menu = $leftAndMain->MainMenu(false);
         foreach ($menu as $candidate) {
             if (
                 $candidate->Link