clicepfl
diff --git a/‎.sqlx/query-5b090e1e68c28c448b51811b0f4d5160ac09ce56db5c7082865448411dc47cd0.json
-12 b/‎.sqlx/query-5b090e1e68c28c448b51811b0f4d5160ac09ce56db5c7082865448411dc47cd0.json
-12
diff --git a/‎.sqlx/query-6f0ad1b206a91ecc03afc952e82abda876d7b70212da0fdf9d9331a621578f5a.json
-20 b/‎.sqlx/query-6f0ad1b206a91ecc03afc952e82abda876d7b70212da0fdf9d9331a621578f5a.json
-20
diff --git a/‎.sqlx/query-af4ddce9ab335303494ad6a0f7f9efbd66b1754ffd957a23610b1323dbaa6f0d.json
-12 b/‎.sqlx/query-af4ddce9ab335303494ad6a0f7f9efbd66b1754ffd957a23610b1323dbaa6f0d.json
-12
diff --git a/‎.sqlx/query-d0c6ad43c92be65d1c600aee4fecc30ce14f1ecfc988e92e837f778d0a67df03.json
-26 b/‎.sqlx/query-d0c6ad43c92be65d1c600aee4fecc30ce14f1ecfc988e92e837f778d0a67df03.json
-26
diff --git a/‎.sqlx/query-d32dd5b9da3258a0f3d45565c7f6550b1fdbd9f32fb0e313964e5058dc1a10b8.json
-12 b/‎.sqlx/query-d32dd5b9da3258a0f3d45565c7f6550b1fdbd9f32fb0e313964e5058dc1a10b8.json
-12
diff --git a/‎src/cmd_authentication.rs
+34-16 b/‎src/cmd_authentication.rs
+34-16
diff --git a/‎src/cmd_bureau.rs
+1-1 b/‎src/cmd_bureau.rs
+1-1
diff --git a/‎src/cmd_poll.rs
+3-8 b/‎src/cmd_poll.rs
+3-8
diff --git a/‎src/commands.rs
+10-6 b/‎src/commands.rs
+10-6
diff --git a/‎src/main.rs
+6-5 b/‎src/main.rs
+6-5
@@ -1,11 +1,8 @@
-use std::sync::Arc;
-
+use crate::{commands::RESTRICTED_COMMANDS, config::config, HandlerResult};
 use sqlx::SqlitePool;
+use std::sync::Arc;
 use teloxide::{requests::Requester, types::Message, Bot};
 
-use crate::{config::config, HandlerResult};
-
-
 pub async fn authenticate(
     bot: Bot,
     msg: Message,
@@ -52,7 +49,12 @@ pub async fn admin_list(bot: Bot, msg: Message, db: Arc<SqlitePool>) -> HandlerR
     Ok(())
 }
 
-pub async fn admin_remove(bot: Bot, msg: Message, name: String, db: Arc<SqlitePool>) -> HandlerResult {
+pub async fn admin_remove(
+    bot: Bot,
+    msg: Message,
+    name: String,
+    db: Arc<SqlitePool>,
+) -> HandlerResult {
     let mut tx = db.begin().await?;
 
     if sqlx::query!("SELECT COUNT(*) AS count FROM admins WHERE name = $1", name)
@@ -77,10 +79,22 @@ pub async fn admin_remove(bot: Bot, msg: Message, name: String, db: Arc<SqlitePo
     Ok(())
 }
 
-pub async fn authorize(bot: Bot, msg: Message, command: String, db: Arc<SqlitePool>) -> HandlerResult {
+pub async fn authorize(
+    bot: Bot,
+    msg: Message,
+    command: String,
+    db: Arc<SqlitePool>,
+) -> HandlerResult {
     let mut tx = db.begin().await?;
 
     let chat_id_str = msg.chat.id.to_string();
+
+    if !RESTRICTED_COMMANDS.iter().any(|c| c.shortand() == command) {
+        bot.send_message(msg.chat.id, "Cette commande n'existe pas")
+            .await?;
+        return Ok(());
+    }
+
     let already_authorized = sqlx::query!(
         r#"SELECT COUNT(*) AS count FROM authorizations WHERE chat_id = $1 AND command = $2"#,
         chat_id_str,
@@ -89,7 +103,7 @@ pub async fn authorize(bot: Bot, msg: Message, command: String, db: Arc<SqlitePo
     .fetch_one(tx.as_mut())
     .await?;
 
-    if already_authorized.count == 0 {
+    if already_authorized.count > 0 {
         sqlx::query!(
             r#"INSERT INTO authorizations(command, chat_id) VALUES($1, $2)"#,
             command,
@@ -160,14 +174,18 @@ pub async fn authorizations(bot: Bot, msg: Message, db: Arc<SqlitePool>) -> Hand
 
     bot.send_message(
         msg.chat.id,
-        format!(
-            "Ce groupe peut utiliser les commandes suivantes:\n{}",
-            authorizations
-                .into_iter()
-                .map(|s| format!(" - {}", s.command))
-                .collect::<Vec<_>>()
-                .join("\n")
-        ),
+        if authorizations.is_empty() {
+            "Ce groupe ne peut utiliser aucune commande".to_owned()
+        } else {
+            format!(
+                "Ce groupe peut utiliser les commandes suivantes:\n{}",
+                authorizations
+                    .into_iter()
+                    .map(|s| format!(" - {}", s.command))
+                    .collect::<Vec<_>>()
+                    .join("\n")
+            )
+        },
     )
     .await?;
 
 
@@ -18,4 +18,4 @@ pub async fn bureau(bot: Bot, msg: Message) -> HandlerResult {
     .is_anonymous(false)
     .await?;
     Ok(())
-}
+}
@@ -9,8 +9,7 @@ use teloxide::{
     prelude::Dialogue,
     requests::Requester,
     types::{
-        CallbackQuery, InlineKeyboardButton, InlineKeyboardMarkup, Message, MessageId,
-        ReplyMarkup,
+        CallbackQuery, InlineKeyboardButton, InlineKeyboardMarkup, Message, MessageId, ReplyMarkup,
     },
     Bot,
 };
@@ -36,11 +35,7 @@ pub enum PollState {
 pub type PollDialogue = Dialogue<PollState, InMemStorage<PollState>>;
 
 /// Starts the /poll dialogue by sending a message with an inline keyboard to select the target of the /poll.
-pub async fn start_poll_dialogue(
-    bot: Bot,
-    msg: Message,
-    dialogue: PollDialogue,
-) -> HandlerResult {
+pub async fn start_poll_dialogue(bot: Bot, msg: Message, dialogue: PollDialogue) -> HandlerResult {
     log::info!("Starting /poll dialogue");
 
     log::debug!("Removing /poll message");
@@ -207,4 +202,4 @@ pub async fn stats(bot: Bot, msg: Message) -> HandlerResult {
     .await?;
 
     Ok(())
-}
+}
@@ -2,11 +2,7 @@ use std::sync::Arc;
 
 use sqlx::SqlitePool;
 use teloxide::{
-    dispatching::DpHandlerDescription,
-    prelude::*,
-    types::{Message, MessageCommon, MessageKind},
-    utils::command::BotCommands,
-    Bot,
+    dispatching::DpHandlerDescription, prelude::*, types::Message, utils::command::BotCommands, Bot,
 };
 
 use crate::{
@@ -68,7 +64,7 @@ fn require_authorization() -> Endpoint<'static, DependencyMap, HandlerResult, Dp
         |command: Command, msg: Message, pool: Arc<SqlitePool>| async move {
             let chat_id = msg.chat.id.to_string();
             let shortand = command.shortand();
-            match sqlx::query!(
+            let authorized =  match sqlx::query!(
                 r#"SELECT COUNT(*) AS count FROM authorizations WHERE chat_id = $1 AND command = $2"#,
                 chat_id,
                 shortand
@@ -80,7 +76,13 @@ fn require_authorization() -> Endpoint<'static, DependencyMap, HandlerResult, Dp
                     log::error!("Could not check authorization in database: {:?}", e);
                     false
                 },
+            };
+
+            if !authorized {
+                log::warn!("Chat {} tried to use the commmand {}", msg.chat.id, command.shortand())
             }
+
+            authorized
         },
     )
 }
@@ -141,6 +143,8 @@ pub enum Command {
     Stats,
 }
 
+pub const RESTRICTED_COMMANDS: [Command; 3] = [Command::Bureau, Command::Poll, Command::Stats];
+
 impl Command {
     // Used as key for the access control map
     pub fn shortand(&self) -> &str {
 
@@ -9,17 +9,17 @@ use teloxide::{
 };
 
 use crate::{
+    cmd_poll::PollState,
     commands::{command_callback_query_handler, command_message_handler, Command},
     directus::{update_committee, Committee},
-    cmd_poll::PollState
 };
 
+mod cmd_authentication;
+mod cmd_bureau;
+mod cmd_poll;
 mod commands;
 mod config;
 mod directus;
-mod cmd_poll;
-mod cmd_bureau;
-mod cmd_authentication;
 
 pub type HandlerResult = Result<(), Box<dyn std::error::Error + Send + Sync>>;
 
@@ -47,7 +47,8 @@ async fn main() {
         id: 1,
         name: "".into(),
         poll_count: 15,
-    }]).await;
+    }])
+    .await;
 
     log::info!("Loading config files");
     config::config();