johba/disinto
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fix: fix: dispatcher admin check fails — is_admin not visible to non-admin tokens (#152)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details

Browse source
This commit is contained in:
Agent 2026-04-02 18:01:14 +00:00
parent 17c415c27b
commit e07e718060
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
bin/disinto
View file

@ -296,6 +296,8 @@ services:
- FORGE_REPO=johba/disinto - FORGE_REPO=johba/disinto
- FORGE_OPS_REPO=johba/disinto-ops - FORGE_OPS_REPO=johba/disinto-ops
- FORGE_TOKEN=${FORGE_TOKEN:-} - FORGE_TOKEN=${FORGE_TOKEN:-}
- FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin,johba}
- FORGE_ADMIN_TOKEN=${FORGE_ADMIN_TOKEN:-}
- OPS_REPO_ROOT=/opt/disinto-ops - OPS_REPO_ROOT=/opt/disinto-ops
- PROJECT_REPO_ROOT=/opt/disinto - PROJECT_REPO_ROOT=/opt/disinto
- PRIMARY_BRANCH=main - PRIMARY_BRANCH=main

6
docker/edge/dispatcher.sh
View file

@ -63,8 +63,12 @@ is_user_admin() {
local username="$1" local username="$1"
local user_json local user_json
# Use admin token for API check (Forgejo only exposes is_admin: true
# when the requesting user is also a site admin)
local admin_token="${FORGE_ADMIN_TOKEN:-${FORGE_TOKEN}}"
# Fetch user info from Forgejo API # Fetch user info from Forgejo API
user_json=$(curl -sf -H "Authorization: token ${FORGE_TOKEN}" \ user_json=$(curl -sf -H "Authorization: token ${admin_token}" \
"${FORGE_URL}/api/v1/users/${username}" 2>/dev/null) || return 1 "${FORGE_URL}/api/v1/users/${username}" 2>/dev/null) || return 1
# Forgejo uses .is_admin for site-wide admin users # Forgejo uses .is_admin for site-wide admin users