mod_authz_internal: Expose convenience method to test if user can assume role

author: Matthew Wild <mwild1@gmail.com> 2022-08-18 10:37:59 +0100
committer: Matthew Wild <mwild1@gmail.com> 2022-08-18 10:37:59 +0100
commit: f75ac951b518b04fb6b5f425950cfb2a8c8bb67b (patch)
tree: e145d2b2fd4f51c7e3cc6c887ea279c8f2a615ab /plugins/mod_authz_internal.lua
parent: f5768f63c993cee9f7f8e3c89db7e4e3080beab5 (diff)
download: prosody-f75ac951b518b04fb6b5f425950cfb2a8c8bb67b.tar.gz
prosody-f75ac951b518b04fb6b5f425950cfb2a8c8bb67b.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua
index af402d3e..4f88b176 100644
--- a/plugins/mod_authz_internal.lua
+++ b/plugins/mod_authz_internal.lua
@@ -181,6 +181,18 @@ function get_user_secondary_roles(user)
 	return stored_roles;
 end
 
+function user_can_assume_role(user, role_name)
+	local primary_role = get_user_role(user);
+	if primary_role and primary_role.role_name == role_name then
+		return true;
+	end
+	local secondary_roles = get_user_secondary_roles(user);
+	if secondary_roles and secondary_roles[role_name] then
+		return true;
+	end
+	return false;
+end
+
 -- This function is *expensive*
 function get_users_with_role(role_name)
 	local function role_filter(username, default_role) --luacheck: ignore 212/username
author	Matthew Wild <mwild1@gmail.com>	2022-08-18 10:37:59 +0100
committer	Matthew Wild <mwild1@gmail.com>	2022-08-18 10:37:59 +0100
commit	f75ac951b518b04fb6b5f425950cfb2a8c8bb67b (patch)
tree	e145d2b2fd4f51c7e3cc6c887ea279c8f2a615ab /plugins/mod_authz_internal.lua
parent	f5768f63c993cee9f7f8e3c89db7e4e3080beab5 (diff)
download	prosody-f75ac951b518b04fb6b5f425950cfb2a8c8bb67b.tar.gz prosody-f75ac951b518b04fb6b5f425950cfb2a8c8bb67b.zip