You might also look at xdmp:has-privilege() as a way to test for a particular execute privilege that you could then assign to the role in question.
On 09/06/2011 01:34 PM, Danny Sokolsky wrote: > Hi Tim, > > Why don't you want to create an amp for this? I suspect any solution you > come up with will require privileged operations, and will need an amp. This > is what amps are for: to allow a privileged operation in the context of your > application, where you the application developer knows it is safe for people > to use this privilege in this context. > > -Danny > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Tim Finney > Sent: Tuesday, September 06, 2011 1:19 PM > To: [email protected] > Subject: [MarkLogic Dev General] Simple way to decide if a user has a role > > Hi Everyone, > > Is there a simple way to determine whether a user has a particular role > name? I would like to have a function that I give a role name and which > returns true if the current user has the role and false otherwise. I > want this function so that I can make a user interface change available > options depending on the current user's roles. > > I would like the function to work even if the current user doesn't have > the xdmp-user-roles privilege. I would prefer not to have to create an > amped function to do this. > > My current hack looks like this: > > declare function s:user-has-role( > $role as xs:string > ) as xs:boolean { > try { > xdmp:role($role) = xdmp:user-roles(xdmp:get-current-user()) > } > catch ($e) { > fn:false() > } > }; > > This works fine if the current user has the xdmp-user-roles privilege. > However, if the user doesn't have this privilege then the function > always returns false regardless of whether the user has the specified > role name. > > Best, > > Tim Finney > > > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general -- Wayne Feick Principal Engineer MarkLogic Corporation [email protected] Phone: +1 650 655 2378 www.marklogic.com This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
