From c0ba319d16e49c9b0277fb11d10288ea3c5419e6 Mon Sep 17 00:00:00 2001
From: Thomas Churchman <thomas@kepow.org>
Date: Fri, 19 Jan 2024 17:19:38 +0100
Subject: [PATCH] fix: correctly calculate user permissions for logged-in users

---
 astroplant-api/src/authorization/mod.rs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/astroplant-api/src/authorization/mod.rs b/astroplant-api/src/authorization/mod.rs
index b253d22..5f29ee5 100644
--- a/astroplant-api/src/authorization/mod.rs
+++ b/astroplant-api/src/authorization/mod.rs
@@ -98,12 +98,12 @@ impl Permission for UserAction {
 
     fn permitted(self, acting_user: &Option<User>, object_user: &User) -> bool {
         use UserAction::*;
-        match acting_user {
-            Some(acting_user) => acting_user == object_user,
-            None => match self {
-                View | ListKitMemberships => true,
-                EditDetails => false,
-            },
+        match self {
+            View | ListKitMemberships => true,
+            EditDetails => acting_user
+                .as_ref()
+                .map(|acting_user| acting_user == object_user)
+                .unwrap_or(false),
         }
     }
 }