[MarkLogic Dev General] Simple way to decide if a user has a role
Danny Sokolsky
Danny.Sokolsky at marklogic.com
Tue Sep 6 13:51:16 PDT 2011
Yes, that is reasonable.
As Geert points out, xdmp:get-current-roles() will get you part way there. It will get you the role IDs.
-Danny
-----Original Message-----
From: general-bounces at developer.marklogic.com [mailto:general-bounces at developer.marklogic.com] On Behalf Of Tim Finney
Sent: Tuesday, September 06, 2011 1:45 PM
To: General MarkLogic Developer Discussion
Subject: Re: [MarkLogic Dev General] Simple way to decide if a user has a role
Hi Danny,
I can create an amp but I was hoping that there might be a built in that
already does the job. Such a function would be a Good Thing. (Hint,
hint.) There are no security issues with being able to discover whether
the current user has a role, are there?
As for why I don't want to make an amp, it's an aesthetic thing.
Best,
Tim Finney
On Tue, 2011-09-06 at 13:34 -0700, Danny Sokolsky wrote:
> Hi Tim,
>
> Why don't you want to create an amp for this? I suspect any solution you come up with will require privileged operations, and will need an amp. This is what amps are for: to allow a privileged operation in the context of your application, where you the application developer knows it is safe for people to use this privilege in this context.
>
> -Danny
>
> -----Original Message-----
> From: general-bounces at developer.marklogic.com [mailto:general-bounces at developer.marklogic.com] On Behalf Of Tim Finney
> Sent: Tuesday, September 06, 2011 1:19 PM
> To: general at developer.marklogic.com
> Subject: [MarkLogic Dev General] Simple way to decide if a user has a role
>
> Hi Everyone,
>
> Is there a simple way to determine whether a user has a particular role
> name? I would like to have a function that I give a role name and which
> returns true if the current user has the role and false otherwise. I
> want this function so that I can make a user interface change available
> options depending on the current user's roles.
>
> I would like the function to work even if the current user doesn't have
> the xdmp-user-roles privilege. I would prefer not to have to create an
> amped function to do this.
>
> My current hack looks like this:
>
> declare function s:user-has-role(
> $role as xs:string
> ) as xs:boolean {
> try {
> xdmp:role($role) = xdmp:user-roles(xdmp:get-current-user())
> }
> catch ($e) {
> fn:false()
> }
> };
>
> This works fine if the current user has the xdmp-user-roles privilege.
> However, if the user doesn't have this privilege then the function
> always returns false regardless of whether the user has the specified
> role name.
>
> Best,
>
> Tim Finney
>
>
>
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> http://developer.marklogic.com/mailman/listinfo/general
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________
General mailing list
General at developer.marklogic.com
http://developer.marklogic.com/mailman/listinfo/general
More information about the General
mailing list