2 files changed, 10 insertions, 1 deletions

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 8598091d9..375c19529 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -48,7 +48,7 @@ class AdminController < ApplicationController
 	def authenticate
             username = MySociety::Config.get('ADMIN_USERNAME', '')
             password = MySociety::Config.get('ADMIN_PASSWORD', '')
-            if !(username && password).empty?
+            if !username.empty? && !password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
                     user_name == username && password == password
                 end
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index cb622dabd..3a768686d 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -65,6 +65,15 @@ describe AdminPublicBodyController, "when administering public bodies" do
         post :destroy, { :id => 3 }
         PublicBody.count.should == 1
     end
+    it "when no username set, skip admin authorisation" do
+        config = MySociety::Config.load_default()
+        config['ADMIN_USERNAME'] = ''
+        config['ADMIN_PASSWORD'] = 'fuz'
+        @request.env["HTTP_AUTHORIZATION"] = ""
+        PublicBody.count.should == 2
+        post :destroy, { :id => 3 }
+        PublicBody.count.should == 1
+    end
 
 
 end