From 61ee91a955f3cfc48681789ad9f4cb728f1a2f79 Mon Sep 17 00:00:00 2001
From: Greyson <greyson@hofers.cloud>
Date: Fri, 19 Apr 2024 15:50:43 +0000
Subject: [PATCH] fix: Adds missing code from permission by token checks.

---
 src/libs/permissions.ts | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/libs/permissions.ts b/src/libs/permissions.ts
index 385d7b7..e14dbb5 100644
--- a/src/libs/permissions.ts
+++ b/src/libs/permissions.ts
@@ -9,7 +9,7 @@ export const permissionListDisabled: Record<string, boolean> = {
   "routes.edit":        false,
   "routes.visible":     false,
 
-  "backends.add":       false,
+  "backends.add":       false,  
   "backends.remove":    false,
   "backends.start":     false,
   "backends.stop":      false,
@@ -48,6 +48,7 @@ export async function hasPermission(permissionList: string[], uid: number, prism
 export async function hasPermissionByToken(permissionList: string[], token: string, tokens: Record<number, SessionToken[]>, prisma: PrismaClient): Promise<boolean> {
   let userID = -1;
 
+  // Look up in our currently authenticated users
   for (const otherTokenKey of Object.keys(tokens)) {
     const otherTokenList = tokens[parseInt(otherTokenKey)];
 
@@ -66,8 +67,18 @@ export async function hasPermissionByToken(permissionList: string[], token: stri
   }
 
   // Fine, we'll look up for global tokens...
+  // FIXME: Could this be more efficient? IDs are sequential in SQL I think
+  if (userID == -1) {
+    const allUsers = await prisma.user.findMany();
+  
+    for (const user of allUsers) {
+      if (user.rootToken == token) userID = user.id;
+    };
+  }
 
+  // If we are STILL -1, we give up.
   if (userID == -1) return false;
 
-  return true;
+  // Now we can test permissions!
+  return await hasPermission(permissionList, userID, prisma);
 }
\ No newline at end of file