From e07e71806062d372c81cd8075990c907197baa52 Mon Sep 17 00:00:00 2001
From: Agent <agent@example.com>
Date: Thu, 2 Apr 2026 18:01:14 +0000
Subject: [PATCH] =?UTF-8?q?fix:=20fix:=20dispatcher=20admin=20check=20fail?=
 =?UTF-8?q?s=20=E2=80=94=20is=5Fadmin=20not=20visible=20to=20non-admin=20t?=
 =?UTF-8?q?okens=20(#152)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bin/disinto               | 2 ++
 docker/edge/dispatcher.sh | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/bin/disinto b/bin/disinto
index f01fdf6..9c80add 100755
--- a/bin/disinto
+++ b/bin/disinto
@@ -296,6 +296,8 @@ services:
       - FORGE_REPO=johba/disinto
       - FORGE_OPS_REPO=johba/disinto-ops
       - FORGE_TOKEN=${FORGE_TOKEN:-}
+      - FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin,johba}
+      - FORGE_ADMIN_TOKEN=${FORGE_ADMIN_TOKEN:-}
       - OPS_REPO_ROOT=/opt/disinto-ops
       - PROJECT_REPO_ROOT=/opt/disinto
       - PRIMARY_BRANCH=main
diff --git a/docker/edge/dispatcher.sh b/docker/edge/dispatcher.sh
index ae569ea..569e307 100755
--- a/docker/edge/dispatcher.sh
+++ b/docker/edge/dispatcher.sh
@@ -63,8 +63,12 @@ is_user_admin() {
   local username="$1"
   local user_json
 
+  # Use admin token for API check (Forgejo only exposes is_admin: true
+  # when the requesting user is also a site admin)
+  local admin_token="${FORGE_ADMIN_TOKEN:-${FORGE_TOKEN}}"
+
   # Fetch user info from Forgejo API
-  user_json=$(curl -sf -H "Authorization: token ${FORGE_TOKEN}" \
+  user_json=$(curl -sf -H "Authorization: token ${admin_token}" \
     "${FORGE_URL}/api/v1/users/${username}" 2>/dev/null) || return 1
 
   # Forgejo uses .is_admin for site-wide admin users