From a735cc35db129276c79b50c714c5d8b90de6048a Mon Sep 17 00:00:00 2001
From: Karchnu <karchnu@karchnu.fr>
Date: Sun, 22 Nov 2020 13:48:19 +0100
Subject: [PATCH] List: bugfix.

---
 src/requests/list.cr | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/requests/list.cr b/src/requests/list.cr
index 423ad76..edd05d1 100644
--- a/src/requests/list.cr
+++ b/src/requests/list.cr
@@ -11,9 +11,21 @@ class AuthD::Request
 			@token.try do |token|
 				user = authd.get_user_from_token token
 
-				return Response::Error.new "unauthorized (user not found from token)"
+				return Response::Error.new "unauthorized (user not found from token)" unless user
 
-				return Response::Error.new "unauthorized (user not in authd group)" unless user.permissions["authd"]?.try(&.["*"].>=(User::PermissionLevel::Read))
+				# Test if the user is a moderator.
+				if permissions = user.permissions["authd"]?
+					if rights = permissions["*"]?
+						if rights >= User::PermissionLevel::Read
+						else
+							raise AdminAuthorizationException.new "unauthorized (insufficient rights on '*')"
+						end
+					else
+						raise AdminAuthorizationException.new "unauthorized (no rights on '*')"
+					end
+				else
+					raise AdminAuthorizationException.new "unauthorized (user not in authd group)"
+				end
 			end
 
 			@key.try do |key|