fix: fix: dispatcher admin check fails — is_admin not visible to non-admin tokens (#152)

bin/disinto

@@ -296,6 +296,8 @@ services:
       - FORGE_REPO=johba/disinto
       - FORGE_OPS_REPO=johba/disinto-ops
       - FORGE_TOKEN=${FORGE_TOKEN:-}
+      - FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin,johba}
+      - FORGE_ADMIN_TOKEN=${FORGE_ADMIN_TOKEN:-}
       - OPS_REPO_ROOT=/opt/disinto-ops
       - PROJECT_REPO_ROOT=/opt/disinto
       - PRIMARY_BRANCH=main

docker/edge/dispatcher.sh

@@ -63,8 +63,12 @@ is_user_admin() {
   local username="$1"
   local user_json
 
+  # Use admin token for API check (Forgejo only exposes is_admin: true
+  # when the requesting user is also a site admin)
+  local admin_token="${FORGE_ADMIN_TOKEN:-${FORGE_TOKEN}}"
+
   # Fetch user info from Forgejo API
-  user_json=$(curl -sf -H "Authorization: token ${FORGE_TOKEN}" \
+  user_json=$(curl -sf -H "Authorization: token ${admin_token}" \
     "${FORGE_URL}/api/v1/users/${username}" 2>/dev/null) || return 1
 
   # Forgejo uses .is_admin for site-wide admin users