From 234259a9d0a152ae16aacd111e692292d1205c79 Mon Sep 17 00:00:00 2001
From: Philippe PITTOLI <karchnu@karchnu.fr>
Date: Tue, 7 May 2024 12:48:52 +0200
Subject: [PATCH] Check if the user is admin with `is_admin?` function in
 `dnsmanagerd`.

---
 src/main.cr          | 5 +++++
 src/requests/user.cr | 7 +++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/main.cr b/src/main.cr
index 3368198..f8d4669 100644
--- a/src/main.cr
+++ b/src/main.cr
@@ -84,6 +84,11 @@ class DNSManager::Service < IPC
 		@authd.decode_token token
 	end
 
+	def is_admin?(uid : UInt32) : Bool
+		perms = check_permissions uid, "*"
+		(perms == AuthD::User::PermissionLevel::Admin)
+	end
+
 	def check_permissions(uid : UInt32, resource : String) : AuthD::User::PermissionLevel
 		response = @authd.check_permission uid, "dnsmanager", resource
 		case response
diff --git a/src/requests/user.cr b/src/requests/user.cr
index d08b388..ab195a7 100644
--- a/src/requests/user.cr
+++ b/src/requests/user.cr
@@ -21,9 +21,12 @@ class DNSManager::Request
 				# Limit the number of domains in this message.
 				# Pagination will be required beyond a hundred domains.
 				user_domains = dnsmanagerd.storage.user_domains(user_id).[0..100]
-				perms = dnsmanagerd.check_permissions user_id, "*"
+				is_admin = dnsmanagerd.is_admin? user_id
 
-				Response::Logged.new (perms == AuthD::User::PermissionLevel::Admin), accepted_domains, user_domains
+				Response::Logged.new is_admin, accepted_domains, user_domains
+			when AuthD::Response::ErrorUserNotFound
+				Baguette::Log.error "Trying to authenticate an unknown user."
+				Response::ErrorInvalidToken.new
 			else
 				Response::ErrorInvalidToken.new
 			end