From 9aa80ff0326dfe05292a67c4ab50426176a2cabc Mon Sep 17 00:00:00 2001
From: 1000TurquoisePogs <sgrady@rocketsoftware.com>
Date: Thu, 21 Dec 2023 05:04:39 -0500
Subject: [PATCH] parameter fix for semi auth

Signed-off-by: 1000TurquoisePogs <sgrady@rocketsoftware.com>
---
 CHANGELOG.md   | 6 +++++-
 lib/webauth.js | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a52b7e6..62d1c804 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,11 @@
 
 All notable changes to the Zlux Server Framework package will be documented in this file..
 This repo is part of the app-server Zowe Component, and the change logs here may appear on Zowe.org in that section.
-    
+
+## 2.14.0
+- Bugfix: A call to GET /plugins would trigger an authorization check regardless of if rbac was set on or off
+
+
 ## 2.13.0
 - Added support for using zowe.network and components.app-server.zowe.network to set listener IP and TLS properties including max and min version, ciphers, and ECDH curves. (#511)
 - Enhanced cipher customization to allow for ciphers to be specified in IANA format in addition to the existing OpenSSL format. (#511)
diff --git a/lib/webauth.js b/lib/webauth.js
index e49c76b2..b5cc8315 100644
--- a/lib/webauth.js
+++ b/lib/webauth.js
@@ -500,7 +500,7 @@ module.exports = function(authManager, cookieIdentifier, isSecurePort) {
         authLogger.debug(`${req.session.id}: Initiating isAuthorized check with ${handler.pluginID}`);        
         result = yield handler.authorized(req, authPluginSession, {
           syncOnly: isWebsocket,
-          bypassAuthorizatonCheck: !authManager.isRbacEnabled
+          bypassAuthorizatonCheck: !authManager.isRbacEnabled()
         });
         next();
         return;