DiamondLightSource · ZohebShaikh · Nov 19, 2025 · Nov 19, 2025 · Nov 19, 2025
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/rust:1.84.1-bookworm
+FROM docker.io/library/rust:1.91.1-bookworm
 
 RUN rustup component add rustfmt clippy 
 

diff --git a/bundler/Dockerfile b/bundler/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/rust:1.84.1-bookworm AS build
+FROM docker.io/library/rust:1.91.1-bookworm AS build
 
 ARG DATABASE_URL
 

diff --git a/policy/diamond/policy/admin/admin.rego b/policy/diamond/policy/admin/admin.rego
@@ -3,7 +3,11 @@ package diamond.policy.admin
 import data.diamond.policy.token
 import rego.v1
 
-is_admin[subject] := "super_admin" in data.diamond.data.subjects[subject].permissions
+default is_admin(_) := false
+
+is_admin(subject) if {
+	"super_admin" in data.diamond.data.subjects[subject].permissions
+}
 
 beamline_admin_for_subject[subject_name] contains beamline if {
 	some subject_name, subject in data.diamond.data.subjects
@@ -13,7 +17,7 @@ beamline_admin_for_subject[subject_name] contains beamline if {
 	some beamline in role_beamlines
 }
 
-admin := is_admin[token.claims.fedid] # regal ignore:rule-name-repeats-package
+admin := is_admin(token.claims.fedid) # regal ignore:rule-name-repeats-package
 
 beamline_admin := input.beamline in object.get(beamline_admin_for_subject, token.claims.fedid, [])
 

diff --git a/policy/diamond/policy/admin/admin_test.rego b/policy/diamond/policy/admin/admin_test.rego
@@ -33,7 +33,7 @@ diamond_data := {
 }
 
 test_is_admin_for_admin if {
-	admin.is_admin.carol with data.diamond.data as diamond_data
+	admin.is_admin("carol") with data.diamond.data as diamond_data
 }
 
 test_beamline_admin_for_subject_for_beamline_admin if {
@@ -45,11 +45,11 @@ test_beamlines_admin_for_subject_for_group_admin if {
 }
 
 test_is_admin_for_non_admin if {
-	not admin.is_admin.alice with data.diamond.data as diamond_data
+	not admin.is_admin("alice") with data.diamond.data as diamond_data
 }
 
 test_is_admin_for_beamline_admin_not_admin if {
-	not admin.is_admin.bob with data.diamond.data as diamond_data
+	not admin.is_admin("bob") with data.diamond.data as diamond_data
 }
 
 test_beamline_admin_for_subject_for_non_beamline_admin if {

diff --git a/policy/diamond/policy/proposal/proposal.rego b/policy/diamond/policy/proposal/proposal.rego
@@ -13,7 +13,7 @@ on_proposal(subject, proposal_number) if {
 default access_proposal(_, _) := false
 
 # Allow if subject has super_admin permission
-access_proposal(subject, proposal_number) if admin.is_admin[subject] # regal ignore:external-reference
+access_proposal(subject, proposal_number) if admin.is_admin(subject) # regal ignore:external-reference
 
 # Allow if subject is on proposal
 access_proposal(subject, proposal_number) if on_proposal(subject, proposal_number)

diff --git a/policy/diamond/policy/session/session.rego b/policy/diamond/policy/session/session.rego
@@ -24,7 +24,7 @@ on_session(subject, proposal_number, visit_number) if {
 default access_session(_, _, _) := false
 
 # Allow if subject has super_admin permission
-access_session(subject, proposal_number, visit_number) if admin.is_admin[subject] # regal ignore:external-reference
+access_session(subject, proposal_number, visit_number) if admin.is_admin(subject) # regal ignore:external-reference
 
 # Allow if subject is admin for beamline containing session
 access_session(subject, proposal_number, visit_number) if {