From f75ac951b518b04fb6b5f425950cfb2a8c8bb67b Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 18 Aug 2022 10:37:59 +0100
Subject: mod_authz_internal: Expose convenience method to test if user can
 assume role

---
 plugins/mod_authz_internal.lua | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'plugins')

diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua
index af402d3e..4f88b176 100644
--- a/plugins/mod_authz_internal.lua
+++ b/plugins/mod_authz_internal.lua
@@ -181,6 +181,18 @@ function get_user_secondary_roles(user)
 	return stored_roles;
 end
 
+function user_can_assume_role(user, role_name)
+	local primary_role = get_user_role(user);
+	if primary_role and primary_role.role_name == role_name then
+		return true;
+	end
+	local secondary_roles = get_user_secondary_roles(user);
+	if secondary_roles and secondary_roles[role_name] then
+		return true;
+	end
+	return false;
+end
+
 -- This function is *expensive*
 function get_users_with_role(role_name)
 	local function role_filter(username, default_role) --luacheck: ignore 212/username
-- 
cgit v1.2.3