# HG changeset patch # User Matthew Wild # Date 1660815479 -3600 # Node ID cf88f6b039424f2347f996d198445abe92d470f5 # Parent 07424992d7fca169a50deed595814ca630bf2f27 mod_authz_internal: Expose convenience method to test if user can assume role diff -r 07424992d7fc -r cf88f6b03942 core/usermanager.lua --- a/core/usermanager.lua Wed Aug 17 16:38:53 2022 +0100 +++ b/core/usermanager.lua Thu Aug 18 10:37:59 2022 +0100 @@ -164,6 +164,13 @@ return role, err; end +local function user_can_assume_role(user, host, role_name) + if host and not hosts[host] then return false; end + if type(user) ~= "string" then return false; end + + return hosts[host].authz.user_can_assume_role(user, role_name); +end + local function add_user_secondary_role(user, host, role_name) if host and not hosts[host] then return false; end if type(user) ~= "string" then return false; end @@ -260,6 +267,7 @@ get_provider = get_provider; get_user_role = get_user_role; set_user_role = set_user_role; + user_can_assume_role = user_can_assume_role; add_user_secondary_role = add_user_secondary_role; remove_user_secondary_role = remove_user_secondary_role; get_user_secondary_roles = get_user_secondary_roles; diff -r 07424992d7fc -r cf88f6b03942 plugins/mod_authz_internal.lua --- a/plugins/mod_authz_internal.lua Wed Aug 17 16:38:53 2022 +0100 +++ b/plugins/mod_authz_internal.lua Thu Aug 18 10:37:59 2022 +0100 @@ -181,6 +181,18 @@ return stored_roles; end +function user_can_assume_role(user, role_name) + local primary_role = get_user_role(user); + if primary_role and primary_role.role_name == role_name then + return true; + end + local secondary_roles = get_user_secondary_roles(user); + if secondary_roles and secondary_roles[role_name] then + return true; + end + return false; +end + -- This function is *expensive* function get_users_with_role(role_name) local function role_filter(username, default_role) --luacheck: ignore 212/username