From 186edd2ca017c55d573861f8b14ab3af409554ef Mon Sep 17 00:00:00 2001
From: Philippe Pittoli <karchnu@karchnu.fr>
Date: Tue, 13 Jun 2023 18:37:58 +0200
Subject: [PATCH] s/UserID | Nil/UserID?/ and allow simple users to read their
 permissions.

---
 src/requests/delete.cr      |  2 +-
 src/requests/moduser.cr     |  2 +-
 src/requests/permissions.cr | 16 ++++++++++++----
 src/requests/profile.cr     |  2 +-
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/requests/delete.cr b/src/requests/delete.cr
index 35314ae..9a4fc7f 100644
--- a/src/requests/delete.cr
+++ b/src/requests/delete.cr
@@ -1,7 +1,7 @@
 class AuthD::Request
 	IPC::JSON.message Delete, 8 do
 		# Deletion can be triggered by either an admin or the related user.
-		property user : UserID | Nil = nil
+		property user : UserID? = nil
 
 		def initialize(@user = nil)
 		end
diff --git a/src/requests/moduser.cr b/src/requests/moduser.cr
index 64f3fa2..7a0d88d 100644
--- a/src/requests/moduser.cr
+++ b/src/requests/moduser.cr
@@ -1,6 +1,6 @@
 class AuthD::Request
 	IPC::JSON.message ModUser, 6 do
-		property user       : UserID | Nil = nil
+		property user       : UserID? = nil
 		property admin      : Bool?   = nil
 		property password   : String? = nil
 		property email      : String? = nil
diff --git a/src/requests/permissions.cr b/src/requests/permissions.cr
index 6eee676..d45c52c 100644
--- a/src/requests/permissions.cr
+++ b/src/requests/permissions.cr
@@ -1,6 +1,6 @@
 class AuthD::Request
 	IPC::JSON.message CheckPermission, 10 do
-		property user       : UserID
+		property user       : UserID? = nil
 		property service    : String
 		property resource   : String
 
@@ -10,9 +10,13 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
 			return Response::Error.new "you must be logged" if logged_user.nil?
-			logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
 
-			user = authd.user? @user
+			user = if u = @user
+				logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
+				authd.user? u
+			else
+				logged_user
+			end
 			return Response::Error.new "no such user" if user.nil?
 
 			service_permissions = user.permissions[@service]?
@@ -43,7 +47,11 @@ class AuthD::Request
 			return Response::Error.new "you must be logged" if logged_user.nil?
 			logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
 
-			user = authd.user? @user
+			user = if u = @user
+				authd.user? u
+			else
+				logged_user
+			end
 			return Response::Error.new "no such user" if user.nil?
 
 			service_permissions = user.permissions[@service]?
diff --git a/src/requests/profile.cr b/src/requests/profile.cr
index 599b685..216cfd8 100644
--- a/src/requests/profile.cr
+++ b/src/requests/profile.cr
@@ -1,7 +1,7 @@
 class AuthD::Request
 	# Reset elements for which keys are present in `new_profile_entries`.
 	IPC::JSON.message EditProfileEntries, 7 do
-		property user : UserID | Nil = nil
+		property user : UserID? = nil
 
 		property new_profile_entries : Hash(String, JSON::Any)