Yes, that is reasonable. As Geert points out, xdmp:get-current-roles() will get you part way there. It will get you the role IDs.
-Danny -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tim Finney Sent: Tuesday, September 06, 2011 1:45 PM To: General MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] Simple way to decide if a user has a role Hi Danny, I can create an amp but I was hoping that there might be a built in that already does the job. Such a function would be a Good Thing. (Hint, hint.) There are no security issues with being able to discover whether the current user has a role, are there? As for why I don't want to make an amp, it's an aesthetic thing. Best, Tim Finney On Tue, 2011-09-06 at 13:34 -0700, Danny Sokolsky wrote: > Hi Tim, > > Why don't you want to create an amp for this? I suspect any solution you > come up with will require privileged operations, and will need an amp. This > is what amps are for: to allow a privileged operation in the context of your > application, where you the application developer knows it is safe for people > to use this privilege in this context. > > -Danny > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Tim Finney > Sent: Tuesday, September 06, 2011 1:19 PM > To: [email protected] > Subject: [MarkLogic Dev General] Simple way to decide if a user has a role > > Hi Everyone, > > Is there a simple way to determine whether a user has a particular role > name? I would like to have a function that I give a role name and which > returns true if the current user has the role and false otherwise. I > want this function so that I can make a user interface change available > options depending on the current user's roles. > > I would like the function to work even if the current user doesn't have > the xdmp-user-roles privilege. I would prefer not to have to create an > amped function to do this. > > My current hack looks like this: > > declare function s:user-has-role( > $role as xs:string > ) as xs:boolean { > try { > xdmp:role($role) = xdmp:user-roles(xdmp:get-current-user()) > } > catch ($e) { > fn:false() > } > }; > > This works fine if the current user has the xdmp-user-roles privilege. > However, if the user doesn't have this privilege then the function > always returns false regardless of whether the user has the specified > role name. > > Best, > > Tim Finney > > > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
