fix(admin): allow fetching current user without elevated ACL (#3)

2026-01-03 00:47:06 +01:00 · 2026-01-03 00:47:06 +01:00 · 275126d61b
commit 275126d61b
parent b997d3b263
2 changed files with 47 additions and 1 deletions
--- a/fluxer_admin/src/fluxer_admin/api/users.gleam
+++ b/fluxer_admin/src/fluxer_admin/api/users.gleam
@ -486,7 +486,44 @@ pub fn get_current_admin(
  ctx: web.Context,
  session: web.Session,
 ) -> Result(Option(UserLookupResult), ApiError) {
-  lookup_user(ctx, session, session.user_id)
+  let url = ctx.api_endpoint <> "/admin/users/me"
+
+  let assert Ok(req) = request.to(url)
+  let req =
+    req
+    |> request.set_method(http.Get)
+    |> request.set_header("authorization", "Bearer " <> session.access_token)
+  case httpc.send(req) {
+    Ok(resp) if resp.status == 200 -> {
+      let decoder = {
+        use user <- decode.field("user", decode.optional(user_lookup_decoder()))
+        decode.success(user)
+      }
+
+      case json.parse(resp.body, decoder) {
+        Ok(result) -> Ok(result)
+        Error(_) -> Error(ServerError)
+      }
+    }
+    Ok(resp) if resp.status == 401 -> Error(Unauthorized)
+    Ok(resp) if resp.status == 403 -> {
+      let message_decoder = {
+        use message <- decode.field("message", decode.string)
+        decode.success(message)
+      }
+
+      let message = case json.parse(resp.body, message_decoder) {
+        Ok(msg) -> msg
+        Error(_) ->
+          "Missing required permissions. Contact an administrator to request access."
+      }
+
+      Error(Forbidden(message))
+    }
+    Ok(resp) if resp.status == 404 -> Error(NotFound)
+    Ok(_resp) -> Error(ServerError)
+    Error(_) -> Error(NetworkError)
+  }
 }

 pub fn set_user_acls(
--- a/fluxer_api/src/admin/controllers/UserAdminController.ts
+++ b/fluxer_api/src/admin/controllers/UserAdminController.ts
@ -36,6 +36,7 @@ import {
 	ListUserGuildsRequest,
 	ListUserSessionsRequest,
 	LookupUserRequest,
+	mapUserToAdminResponse,
 	ScheduleAccountDeletionRequest,
 	SendPasswordResetRequest,
 	SetUserAclsRequest,
@ -50,6 +51,14 @@ import {
 } from '../AdminModel';

 export const UserAdminController = (app: HonoApp) => {
+	app.get('/admin/users/me', requireAdminACL(AdminACLs.AUTHENTICATE), async (ctx) => {
+		const adminUser = ctx.get('user');
+		const cacheService = ctx.get('cacheService');
+		return ctx.json({
+			user: await mapUserToAdminResponse(adminUser, cacheService),
+		});
+	});
+
 	app.post(
 		'/admin/users/lookup',
 		RateLimitMiddleware(RateLimitConfigs.ADMIN_LOOKUP),