From 363b491b8991f93bd4a78c457be684498613e8a5 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 10 Apr 2023 16:31:02 +0100
Subject: [PATCH] Add support for specifying multiple superusers

This not only makes running commands manually much simpler, but removes some confusion around "dokku" / "default" user as the superuser (some places need both).

Fixes #22
Fixes #36
---
 README.md          | 8 +++++++-
 internal-functions | 8 +++++---
 pre-build          | 5 +++--
 user-auth          | 2 +-
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 1573e8f..b264e4a 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,13 @@ user by defining `$DOKKU_SUPER_USER` env in `~dokku/.dokkurc/acl`:
 export DOKKU_SUPER_USER=puck
 ```
 
-If defined, this user is always allowed to push, and no other users are allowed to push to apps with empty ACLs.
+If defined, this user (or users) is always allowed to push, and no other users are allowed to push to apps with empty ACLs.
+
+You can also specify multiple users:
+
+```shell
+export DOKKU_SUPER_USER="dokku puck"
+```
 
 ### command restrictions
 
diff --git a/internal-functions b/internal-functions
index c2ef0bb..a5d38e5 100755
--- a/internal-functions
+++ b/internal-functions
@@ -126,9 +126,11 @@ fn-acl-is-super-user() {
   declare desc="check if the specified user is a super user"
   declare USERNAME="$1"
 
-  if [[ "$USERNAME" == "$DOKKU_SUPER_USER" ]]; then
-    return
-  fi
+  for super_user in $DOKKU_SUPER_USER; do
+    if [[ "$USERNAME" == "$super_user" ]]; then
+      return
+    fi
+  done
 
   return 1
 }
diff --git a/pre-build b/pre-build
index 35c9517..cfe0bf5 100755
--- a/pre-build
+++ b/pre-build
@@ -2,6 +2,7 @@
 set -eo pipefail
 [[ $DOKKU_TRACE ]] && set -x
 source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
+source "$(dirname "${BASH_SOURCE[0]}")/internal-functions"
 
 APP="$1"
 ACL="$DOKKU_ROOT/$APP/acl"
@@ -26,7 +27,7 @@ if [[ -z "$NAME" ]]; then
 fi
 
 if [[ ! -d "$ACL" ]]; then
-  if [[ -n "$DOKKU_SUPER_USER" ]] && [[ "$NAME" != "$DOKKU_SUPER_USER" ]]; then
+  if [[ -n "$DOKKU_SUPER_USER" ]] && ! fn-acl-is-super-user "$NAME"; then
     dokku_log_fail "Only $DOKKU_SUPER_USER can modify a repository if the ACL is empty"
   fi
 
@@ -35,7 +36,7 @@ fi
 
 ACL_FILE="$ACL/$NAME"
 
-if [[ ! -f "$ACL_FILE" ]] && [[ "$NAME" != "$DOKKU_SUPER_USER" ]]; then
+if [[ ! -f "$ACL_FILE" ]] && ! fn-acl-is-super-user "$NAME"; then
   echo "User $NAME does not have permissions to modify this repository" >&2
   exit 2
 fi
diff --git a/user-auth b/user-auth
index e6ea680..897d572 100755
--- a/user-auth
+++ b/user-auth
@@ -20,7 +20,7 @@ shift 2
 
 [[ -z "$DOKKU_ACL_USER_COMMANDS" && -z "$DOKKU_ACL_PER_APP_COMMANDS" && -z "$DOKKU_ACL_PER_SERVICE_COMMANDS" && -z "$DOKKU_ACL_LINK_COMMANDS" ]] && exit 0
 [[ "$SSH_USER" == "root" ]] && exit 0
-[[ -n "$DOKKU_SUPER_USER" ]] && [[ "$SSH_NAME" == "$DOKKU_SUPER_USER" ]] && exit 0
+[[ -n "$DOKKU_SUPER_USER" ]] && fn-acl-is-super-user "$SSH_NAME" && exit 0
 
 CMD=$1