From 9b69a0a5ee17873343704387b8bdbf279dbfd7f7 Mon Sep 17 00:00:00 2001
From: jmanczak <jakub@manczak.net>
Date: Tue, 12 May 2026 00:08:20 +0200
Subject: [PATCH] actually use default permissions, misc

---
 src/users/permissions.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/users/permissions.rs b/src/users/permissions.rs
index 1ba9810..571eaea 100644
--- a/src/users/permissions.rs
+++ b/src/users/permissions.rs
@@ -3,9 +3,10 @@ use sqlx::PgConnection;
 use crate::{database::DatabaseError, users::User};
 
 /// Infradmin and systemuser have all permissions.
-#[derive(Debug, Clone, PartialEq, strum::IntoStaticStr)]
+#[derive(Debug, Clone, Copy, PartialEq, strum::IntoStaticStr)]
 pub enum Permission {
     // Pass all the permission checks
+    // Additionally, only Admins can manage others' permissions.
     Admin,
     // All Users have the right to observe their own sessions
     ListOthersSessions,
@@ -68,7 +69,7 @@ impl User {
         Ok(self
             .permission_dbstate(conn, permission)
             .await?
-            .unwrap_or(false))
+            .unwrap_or(permission.is_default_permission()))
     }
 
     pub async fn grant_permission(