Changeset

--- a/core/usermanager.lua	Wed Aug 17 16:38:53 2022 +0100
+++ b/core/usermanager.lua	Thu Aug 18 10:37:59 2022 +0100
@@ -164,6 +164,13 @@
 	return role, err;
 end
 
+local function user_can_assume_role(user, host, role_name)
+	if host and not hosts[host] then return false; end
+	if type(user) ~= "string" then return false; end
+
+	return hosts[host].authz.user_can_assume_role(user, role_name);
+end
+
 local function add_user_secondary_role(user, host, role_name)
 	if host and not hosts[host] then return false; end
 	if type(user) ~= "string" then return false; end
@@ -260,6 +267,7 @@
 	get_provider = get_provider;
 	get_user_role = get_user_role;
 	set_user_role = set_user_role;
+	user_can_assume_role = user_can_assume_role;
 	add_user_secondary_role = add_user_secondary_role;
 	remove_user_secondary_role = remove_user_secondary_role;
 	get_user_secondary_roles = get_user_secondary_roles;

--- a/plugins/mod_authz_internal.lua	Wed Aug 17 16:38:53 2022 +0100
+++ b/plugins/mod_authz_internal.lua	Thu Aug 18 10:37:59 2022 +0100
@@ -181,6 +181,18 @@
 	return stored_roles;
 end
 
+function user_can_assume_role(user, role_name)
+	local primary_role = get_user_role(user);
+	if primary_role and primary_role.role_name == role_name then
+		return true;
+	end
+	local secondary_roles = get_user_secondary_roles(user);
+	if secondary_roles and secondary_roles[role_name] then
+		return true;
+	end
+	return false;
+end
+
 -- This function is *expensive*
 function get_users_with_role(role_name)
 	local function role_filter(username, default_role) --luacheck: ignore 212/username