From a1c6dd2085efedf5ca3efc6d5f45f652d0fe9ec0 Mon Sep 17 00:00:00 2001
From: binwiederhier <phil@heckel.io>
Date: Thu, 31 Jul 2025 11:28:27 +0200
Subject: [PATCH] Comments

---
 cmd/user.go     | 2 +-
 user/manager.go | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/cmd/user.go b/cmd/user.go
index 666473dd..6bf7030e 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -378,7 +378,7 @@ func createUserManager(c *cli.Context) (*user.Manager, error) {
 		Filename:            authFile,
 		StartupQueries:      authStartupQueries,
 		DefaultAccess:       authDefault,
-		ProvisionEnabled:    false, // Do not re-provision users on manager initialization
+		ProvisionEnabled:    false, // Hack: Do not re-provision users on manager initialization
 		BcryptCost:          user.DefaultUserPasswordBcryptCost,
 		QueueWriterInterval: user.DefaultUserStatsQueueWriterInterval,
 	}
diff --git a/user/manager.go b/user/manager.go
index 9d7219f6..e24eb542 100644
--- a/user/manager.go
+++ b/user/manager.go
@@ -564,7 +564,7 @@ type Config struct {
 	Filename            string              // Database filename, e.g. "/var/lib/ntfy/user.db"
 	StartupQueries      string              // Queries to run on startup, e.g. to create initial users or tiers
 	DefaultAccess       Permission          // Default permission if no ACL matches
-	ProvisionEnabled    bool                // Enable auto-provisioning of users and access grants, disabled for "ntfy user" commands
+	ProvisionEnabled    bool                // Hack: Enable auto-provisioning of users and access grants, disabled for "ntfy user" commands
 	Users               []*User             // Predefined users to create on startup
 	Access              map[string][]*Grant // Predefined access grants to create on startup (username -> []*Grant)
 	Tokens              map[string][]*Token // Predefined users to create on startup (username -> []*Token)
@@ -605,7 +605,7 @@ func NewManager(config *Config) (*Manager, error) {
 		statsQueue: make(map[string]*Stats),
 		tokenQueue: make(map[string]*TokenUpdate),
 	}
-	if err := manager.maybeProvisionUsersAndAccess(); err != nil {
+	if err := manager.maybeProvisionUsersAccessAndTokens(); err != nil {
 		return nil, err
 	}
 	go manager.asyncQueueWriter(config.QueueWriterInterval)
@@ -1736,7 +1736,8 @@ func (a *Manager) Close() error {
 	return a.db.Close()
 }
 
-func (a *Manager) maybeProvisionUsersAndAccess() error {
+// maybeProvisionUsersAccessAndTokens provisions users, access control entries, and tokens based on the config.
+func (a *Manager) maybeProvisionUsersAccessAndTokens() error {
 	if !a.config.ProvisionEnabled {
 		return nil
 	}