From 755a443c965922f60e953a2f0bd1ff841b3e43aa Mon Sep 17 00:00:00 2001
From: Philipp Rothmann <philipprothmann@posteo.de>
Date: Tue, 8 Nov 2022 16:30:59 +0100
Subject: [PATCH] admin guard

---
 backend/areas/users/users.py  | 2 +-
 backend/helpers/auth_guard.py | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/areas/users/users.py b/backend/areas/users/users.py
index 7e3cd81..290dcb3 100644
--- a/backend/areas/users/users.py
+++ b/backend/areas/users/users.py
@@ -14,7 +14,7 @@ from .lit_user_service import UserService
 @api_v1.route("/users", methods=["GET"])
 @jwt_required()
 @cross_origin()
-@admin_required()
+# @admin_required() TODO: not needed as authentik checks permissions?
 def get_users():
     return  jsonify(UserService.get_users())
 
diff --git a/backend/helpers/auth_guard.py b/backend/helpers/auth_guard.py
index fdab7df..90ea5fc 100644
--- a/backend/helpers/auth_guard.py
+++ b/backend/helpers/auth_guard.py
@@ -11,10 +11,10 @@ def admin_required():
         @wraps(fn)
         def decorator(*args, **kwargs):
             verify_jwt_in_request()
-            # claims = get_jwt()
-            # user_id = claims["user_id"]
-            is_admin = True #  RoleService.is_user_admin(user_id)
-            # TODO: actually check if admin
+            claims = get_jwt()
+
+            user_id = claims["user_id"]
+            is_admin = RoleService.is_user_admin(user_id)
             if is_admin:
                 return fn(*args, **kwargs)
             else: