There is a simpler solution!!
If you call permission_p to create an admin button etc.
And you don't want to require login
use the -nologin switch to permission_p.
Its been there for awhile.
This seems much safer.
One could propose making nologin the default, but like noquote, I feel better if permission procs are paranoid.