From f75ac951b518b04fb6b5f425950cfb2a8c8bb67b Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 18 Aug 2022 10:37:59 +0100
Subject: mod_authz_internal: Expose convenience method to test if user can
 assume role

---
 core/usermanager.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'core/usermanager.lua')

diff --git a/core/usermanager.lua b/core/usermanager.lua
index cf54fc31..4f15c302 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -164,6 +164,13 @@ local function set_user_role(user, host, role_name)
 	return role, err;
 end
 
+local function user_can_assume_role(user, host, role_name)
+	if host and not hosts[host] then return false; end
+	if type(user) ~= "string" then return false; end
+
+	return hosts[host].authz.user_can_assume_role(user, role_name);
+end
+
 local function add_user_secondary_role(user, host, role_name)
 	if host and not hosts[host] then return false; end
 	if type(user) ~= "string" then return false; end
@@ -260,6 +267,7 @@ return {
 	get_provider = get_provider;
 	get_user_role = get_user_role;
 	set_user_role = set_user_role;
+	user_can_assume_role = user_can_assume_role;
 	add_user_secondary_role = add_user_secondary_role;
 	remove_user_secondary_role = remove_user_secondary_role;
 	get_user_secondary_roles = get_user_secondary_roles;
-- 
cgit v1.2.3