diff --git a/dist/main/index.js b/dist/main/index.js index 55bb6a2e..cfb0f1f9 100644 --- a/dist/main/index.js +++ b/dist/main/index.js @@ -8001,12 +8001,15 @@ async function isTrustedUser() { // Chech if Nix is installed in single-user mode. let isStoreWritable = await isWritable('/nix/store'); core.debug(`Is store writable: ${isStoreWritable}`); - return isStoreWritable + let isTrustedUser = isStoreWritable || trustedUsers.includes(user) || trustedGroups.some((group) => userGroups.includes(group)); + core.debug(`User ${user} is trusted: ${isTrustedUser}`); + return isTrustedUser; } - catch (error) { + catch (err) { core.warning('Failed to determine if the user is trusted. Assuming untrusted user.'); + core.debug(`error: ${err}`); return false; } } diff --git a/src/main.ts b/src/main.ts index f093d101..0d5f6f18 100644 --- a/src/main.ts +++ b/src/main.ts @@ -311,6 +311,7 @@ async function isTrustedUser(): Promise { try { let user = os.userInfo().username; core.debug(`Checking if user ${user} is trusted`); + let userGroups = await execToVariable('id', ['-Gn', user], { silent: true }).then((str) => str.trim().split(' ')); core.debug(`User ${user} is in groups ${userGroups}`); @@ -322,11 +323,17 @@ async function isTrustedUser(): Promise { let isStoreWritable = await isWritable('/nix/store'); core.debug(`Is store writable: ${isStoreWritable}`); - return isStoreWritable + let isTrustedUser = + isStoreWritable || trustedUsers.includes(user) || trustedGroups.some((group) => userGroups.includes(group)); - } catch (error) { + + core.debug(`User ${user} is trusted: ${isTrustedUser}`); + + return isTrustedUser; + } catch (err) { core.warning('Failed to determine if the user is trusted. Assuming untrusted user.'); + core.debug(`error: ${err}`); return false; } }