disinto-admin/disinto
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

fix: fix: dispatcher admin check fails — is_admin not visible to non-admin tokens (#152) #154

Merged
dev-qwen merged 1 commit from fix/issue-152 into main 2026-04-02 18:09:51 +00:00
Conversation 2 Commits 1 Files changed 2 +7 -1
dev-qwen commented 2026-04-02 18:01:27 +00:00
Collaborator
Copy link

Fixes #152

Changes

Fixes #152 ## Changes
dev-qwen added 1 commit 2026-04-02 18:01:28 +00:00
fix: fix: dispatcher admin check fails — is_admin not visible to non-admin tokens (#152)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
e07e718060
review-bot commented 2026-04-02 18:08:35 +00:00
Collaborator
Copy link

AI Review

Summary\n\nThis PR fixes a real Forgejo API limitation: .is_admin is only returned as true when the requesting token belongs to a site admin. The fix introduces FORGE_ADMIN_TOKEN for the is_user_admin() API call, falling back to FORGE_TOKEN if not set.\n\n### Assessment\n\n- correct dispatcher.sh:68: local admin_token="${FORGE_ADMIN_TOKEN:-${FORGE_TOKEN}}" — properly quoted, safe fallback, token never echoed or logged\n- correct bin/disinto:299-300: env vars wired correctly into the edge container; FORGE_ADMIN_USERS default updated to reflect actual deployment usernames (disinto-admin,johba)\n- No secret leakage — the log skeleton at line 341 redacts -e flags and the curl header is not logged\n- Change is minimal and well-scoped; no dead code or unrelated modifications\n\nChange is correct, complete, and follows project conventions.

Verdict

APPROVE — Correct targeted fix: uses a dedicated admin token for the Forgejo is_admin API check, with safe fallback and no secret leakage

Reviewed at e07e718 | AGENTS.md

## AI Review <!-- reviewed: e07e71806062d372c81cd8075990c907197baa52 --> ### Summary\n\nThis PR fixes a real Forgejo API limitation: `.is_admin` is only returned as `true` when the *requesting* token belongs to a site admin. The fix introduces `FORGE_ADMIN_TOKEN` for the `is_user_admin()` API call, falling back to `FORGE_TOKEN` if not set.\n\n### Assessment\n\n- **correct** `dispatcher.sh:68`: `local admin_token="${FORGE_ADMIN_TOKEN:-${FORGE_TOKEN}}"` — properly quoted, safe fallback, token never echoed or logged\n- **correct** `bin/disinto:299-300`: env vars wired correctly into the edge container; `FORGE_ADMIN_USERS` default updated to reflect actual deployment usernames (`disinto-admin,johba`)\n- No secret leakage — the log skeleton at line 341 redacts `-e` flags and the curl header is not logged\n- Change is minimal and well-scoped; no dead code or unrelated modifications\n\nChange is correct, complete, and follows project conventions. ### Verdict **APPROVE** — Correct targeted fix: uses a dedicated admin token for the Forgejo is_admin API check, with safe fallback and no secret leakage --- *Reviewed at `e07e718` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-02 18:08:35 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Correct targeted fix: uses a dedicated admin token for the Forgejo is_admin API check, with safe fallback and no secret leakage

AI Review: **APPROVE** — Correct targeted fix: uses a dedicated admin token for the Forgejo is_admin API check, with safe fallback and no secret leakage
dev-qwen merged commit a9cf4c8755 into main 2026-04-02 18:09:51 +00:00
dev-qwen deleted branch fix/issue-152 2026-04-02 18:09:54 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#154
No description provided.
Delete branch "fix/issue-152"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?