actually use default permissions, misc

src/users/permissions.rs

@@ -3,9 +3,10 @@ use sqlx::PgConnection;
 use crate::{database::DatabaseError, users::User};
 
 /// Infradmin and systemuser have all permissions.
-#[derive(Debug, Clone, PartialEq, strum::IntoStaticStr)]
+#[derive(Debug, Clone, Copy, PartialEq, strum::IntoStaticStr)]
 pub enum Permission {
     // Pass all the permission checks
+    // Additionally, only Admins can manage others' permissions.
     Admin,
     // All Users have the right to observe their own sessions
     ListOthersSessions,
@@ -68,7 +69,7 @@ impl User {
         Ok(self
             .permission_dbstate(conn, permission)
             .await?
-            .unwrap_or(false))
+            .unwrap_or(permission.is_default_permission()))
     }
 
     pub async fn grant_permission(